Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS
Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...
Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...
As part of the Orca Research Pod efforts, we regularly research various cloud provider services and capabilities to help our...
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure DigitalTwins Explorer service, allowing any unauthenticated...
In this blog we describe how we uncovered an SSRF Vulnerability in Azure Functions allowing any unauthenticated user to request...
In this blog we describe how we uncovered an important Server-Side Request Forgery (SSRF) Vulnerability on Azure API Management Service,...
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure Machine Learning service, allowing any authenticated...
It’s been a busy year in cloud security. We’ve seen data breaches, tens of thousands of new vulnerabilities, and an...
The Orca Research Pod has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from...
The Orca Research Pod has discovered FabriXss, a vulnerability in Azure Service Fabric Explorer