Research Pod Archives | Page 5 of 10

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

‘Orca Watch’ Series

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux...

Bar Kaduri

Mar 30, 2024

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

‘Orca Watch’ Series

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

With 84% of vulnerable and exposed TeamCity servers likely already compromised, the recent issue in JetBrains’ TeamCity illustrates how a...

Ofir Yakobi Neil Carpenter

Mar 20, 2024

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

‘Orca Watch’ Series

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

Recently, the US National Security Agency (NSA) joined United Kingdom’s National Cyber Security Center (NCSC) in releasing an advisory detailing...

Shir Sadon Neil Carpenter

Mar 14, 2024

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

‘Orca Watch’ Series

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

Orca Security has released the 2024 State of Cloud Security Report, which leverages unique insights into cloud risks captured by...

Shir Sadon Deborah Galea

Feb 27, 2024

Detecting Malicious Actors By Observing Commands in Shell History

Technical Deep Dives

Detecting Malicious Actors By Observing Commands in Shell History

Among the myriad techniques and tools at the disposal of cybersecurity experts, one subtle yet powerful method often goes unnoticed:...

Shir Sadon

Feb 21, 2024

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

‘Orca Watch’ Series

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within...

Roi Nisimi

Feb 07, 2024

Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service

Research

Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service

Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services...

Lidor Ben Shitrit

Feb 06, 2024

Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments

‘Orca Watch’ Series

Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments

On January 24th, Jenkins, a widely used open source CI/CD automation tool, released a security advisory regarding a new critical...

Bar Kaduri Deborah Galea

Feb 01, 2024

Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management

Technical Deep Dives

Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management

Publicly disclosed computer vulnerabilities are compiled into a list called Common Vulnerabilities and Exposures (CVE). To understand the severity of...

Bar Kaduri

Feb 01, 2024

Research Pod

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

Detecting Malicious Actors By Observing Commands in Shell History

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service

Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments

Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons