‘Orca Watch’ Series
Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained
A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have...
Research Pod
Discovered Vulnerabilities
Security Advisory: Insufficient Tenant Separation in Azure Synapse Service
This security advisory addresses a tenant separation issue in the Microsoft Azure Synapse service.
‘Orca Watch’ Series
Open Source Package Risks in Cloud Environments and How It Relates to the Russian-Ukrainian Conflict
Protestware malicious code found in NPM package node-ipc in Russia / Belarus, overwriting entire file systems with heart emojis to...
Google Cloud
GCP Organization Policies: Governing Your Inheritance
A GCP Organization is the top node of the permissions hierarchy, making policies defined at this level powerful, automatically applying...
‘Orca Watch’ Series
Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS
Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open...
‘Orca Watch’ Series
CVE-2018-25032: Zlib Memory Corruption Vulnerability
On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...
Discovered Vulnerabilities
BreakingFormation: Technical Vulnerability Walkthrough
BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...
Research
The Expansion of Malware to the Cloud
Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.
Research
Key Security Capabilities in Kubernetes
Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.