Research Pod Archives | Page 6 of 10

Detecting Malicious Actors By Observing Commands in Shell History

Technical Deep Dives

Detecting Malicious Actors By Observing Commands in Shell History

Among the myriad techniques and tools at the disposal of cybersecurity experts, one subtle yet powerful method often goes unnoticed:...

Shir Sadon

Feb 21, 2024

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

‘Orca Watch’ Series

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within...

Roi Nisimi

Feb 07, 2024

Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service

Research

Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service

Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services...

Lidor Ben Shitrit

Feb 06, 2024

Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments

‘Orca Watch’ Series

Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments

On January 24th, Jenkins, a widely used open source CI/CD automation tool, released a security advisory regarding a new critical...

Bar Kaduri Deborah Galea

Feb 01, 2024

Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management

Technical Deep Dives

Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management

Publicly disclosed computer vulnerabilities are compiled into a list called Common Vulnerabilities and Exposures (CVE). To understand the severity of...

Bar Kaduri

Feb 01, 2024

How to Protect Against Midnight Blizzard-Style Kill Chains

‘Orca Watch’ Series

How to Protect Against Midnight Blizzard-Style Kill Chains

Last week, Microsoft revealed that the Russia-based threat actor group known as Midnight Blizzard, Cozy Bear, and APT29 had compromised...

Bar Kaduri Neil Carpenter

Jan 30, 2024

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

Discovered Vulnerabilities

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

The Orca Research Pod has uncovered a dangerous loophole in Google Kubernetes Engine (GKE) that could allow an attacker with...

Roi Nisimi

Jan 24, 2024

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

Discovered Vulnerabilities

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into...

Ofir Yakobi

Jan 24, 2024

The Biggest Cloud Security Threats to Watch Out for in 2024

‘Orca Watch’ Series

The Biggest Cloud Security Threats to Watch Out for in 2024

It’s hard to believe that 2023 is nearing its end. As we look ahead to 2024, the Orca Research Pod...

Bar Kaduri

Dec 27, 2023

Research Pod

Detecting Malicious Actors By Observing Commands in Shell History

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service

Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments

Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management

How to Protect Against Midnight Blizzard-Style Kill Chains

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

The Biggest Cloud Security Threats to Watch Out for in 2024

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons