Research Pod Archives | Page 7 of 9

Authenticated SSRF Vulnerability on Azure Machine Learning Service

Discovered Vulnerabilities

Authenticated SSRF Vulnerability on Azure Machine Learning Service

In this blog we describe how we uncovered an SSRF Vulnerability in the Azure Machine Learning service, allowing any authenticated...

Lidor Ben Shitrit

Jan 17, 2023

The Top 5 Cloud Security Threats to Be Prepared For in 2023

‘Orca Watch’ Series

The Top 5 Cloud Security Threats to Be Prepared For in 2023

It’s been a busy year in cloud security. We’ve seen data breaches, tens of thousands of new vulnerabilities, and an...

Bar Kaduri

Dec 06, 2022

CosMiss: Azure Cosmos DB Notebook Remote Code Execution Vulnerability

Discovered Vulnerabilities

CosMiss: Azure Cosmos DB Notebook Remote Code Execution Vulnerability

The Orca Research Pod has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from...

Roee Sagi Lidor Ben Shitrit

Nov 01, 2022

FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

Discovered Vulnerabilities

FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

The Orca Research Pod has discovered FabriXss, a vulnerability in Azure Service Fabric Explorer

Roee Sagi Lidor Ben Shitrit

Oct 19, 2022

2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps

‘Orca Watch’ Series

2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps

Orca Security has released the 2022 State of the Public Cloud Security report, which provides crucial insights into the current...

Bar Kaduri Deborah Galea

Sep 13, 2022

Azure Synapse: Local Privilege Escalation Vulnerability in Spark

Discovered Vulnerabilities

Azure Synapse: Local Privilege Escalation Vulnerability in Spark

The story of a simple race condition leading to a local privilege escalation vulnerability in Azure Synapse Analytics

Tzah Pahima

Sep 01, 2022

Infrastructure as Code: Common Security Risks and How to Prevent Them

Research

Infrastructure as Code: Common Security Risks and How to Prevent Them

Check out this Orca Security article that outlines infrastructure as code (IaC) security risks and offers recommended methods for protecting...

Roy Aviram

Aug 16, 2022

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Discovered Vulnerabilities

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Recently, the Orca Security research team discovered SynLapse, a tenant separation violation vulnerability in the Microsoft Azure Synapse environment.

Tzah Pahima

Jun 14, 2022

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

‘Orca Watch’ Series

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have...

Lidor Ben Shitrit

Jun 13, 2022

Research Pod

Authenticated SSRF Vulnerability on Azure Machine Learning Service

The Top 5 Cloud Security Threats to Be Prepared For in 2023

CosMiss: Azure Cosmos DB Notebook Remote Code Execution Vulnerability

FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps

Azure Synapse: Local Privilege Escalation Vulnerability in Spark

Infrastructure as Code: Common Security Risks and How to Prevent Them

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons