Research Pod Archives | Page 8 of 9

CVE-2018-25032: Zlib Memory Corruption Vulnerability

‘Orca Watch’ Series

CVE-2018-25032: Zlib Memory Corruption Vulnerability

On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...

Tohar Braun

Mar 29, 2022

BreakingFormation: Technical Vulnerability Walkthrough

Discovered Vulnerabilities

BreakingFormation: Technical Vulnerability Walkthrough

BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...

Tzah Pahima

Mar 28, 2022

Research

The Expansion of Malware to the Cloud

Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.

Bar Kaduri

Mar 24, 2022

Research

Key Security Capabilities in Kubernetes

Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...

Yonatan Broder

Mar 18, 2022

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

Research

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

The ‘Google Cloud Platform Storage Explorer’ tool crawls all of your Google Cloud projects and detects which have access to...

Liat Vaknin

Mar 17, 2022

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

‘Orca Watch’ Series

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

The Orca Security Research Pod has been actively tracking cyber attacks leading up to and occurring as part of Russia’s...

Bar Kaduri

Mar 11, 2022

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

‘Orca Watch’ Series

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

A new critical Linux privilege escalation vulnerability was published under the ID CVE-2022-0847, named “Dirty Pipe.”

Roy Aviram Bar Kaduri

Mar 10, 2022

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

Discovered Vulnerabilities

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the...

Yanir Tsarimi

Mar 07, 2022

Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration

Research

Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration

How a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.

Liat Vaknin

Mar 04, 2022

Research Pod

CVE-2018-25032: Zlib Memory Corruption Vulnerability

BreakingFormation: Technical Vulnerability Walkthrough

The Expansion of Malware to the Cloud

Key Security Capabilities in Kubernetes

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons