Research Pod Archives | Page 6 of 10

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

Discovered Vulnerabilities

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

The Orca Research Pod has made an important discovery that puts Google Cloud Dataproc clusters at risk for data theft,...

Roi Nisimi

Dec 12, 2023

The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

Research

The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

The highly anticipated Common Vulnerability Scoring System (CVSS) version 4 is planned to be released on October 31st by the...

Bar Kaduri

Oct 24, 2023

Meet Orca Security Cloud Threat Researcher Lidor B.

Research

Meet Orca Security Cloud Threat Researcher Lidor B.

Fun Facts About Lidor Beverage of choice: Coffee or soda Go-to snack: Any kind of chocolate Hobbies (Present and Past):...

Deborah Galea

Oct 03, 2023

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

Discovered Vulnerabilities

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

The Orca Research Pod recently discovered a total of 8 important Cross-Site Scripting (XSS) vulnerabilities within various Apache services on...

Lidor Ben Shitrit

Sep 13, 2023

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

Research

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...

Roee Sagi

Aug 28, 2023

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Discovered Vulnerabilities

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...

Roi Nisimi

Jul 18, 2023

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

Research

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

Although it’s always preferable to prevent security incidents before they occur, it’s only a matter of time before an attacker...

Coby Penso

Jul 18, 2023

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

‘Orca Watch’ Series

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

The state of cloud security is a dynamic and ever-evolving landscape, as both attackers and defenders continuously adapt their tactics...

Bar Kaduri Tohar Braun

Jun 20, 2023

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Discovered Vulnerabilities

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...

Lidor Ben Shitrit

Jun 14, 2023

Research Pod

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

Meet Orca Security Cloud Threat Researcher Lidor B.

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons