‘Orca Watch’ Series
Breaking Down APT29’s Latest Tactics and How to Defend Against Them
Recently, the US National Security Agency (NSA) joined United Kingdom’s National Cyber Security Center (NCSC) in releasing an advisory detailing...
Research Pod
‘Orca Watch’ Series
2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed
Orca Security has released the 2024 State of Cloud Security Report, which leverages unique insights into cloud risks captured by...
Technical Deep Dives
Detecting Malicious Actors By Observing Commands in Shell History
Among the myriad techniques and tools at the disposal of cybersecurity experts, one subtle yet powerful method often goes unnoticed:...
‘Orca Watch’ Series
‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)
On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within...
Research
Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service
Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services...
‘Orca Watch’ Series
Jenkins Vulnerability Estimated to Affect 43% of Cloud Environments
On January 24th, Jenkins, a widely used open source CI/CD automation tool, released a security advisory regarding a new critical...
Cloud Security Fundamentals
Diving into Exploit Prediction Scoring System (EPSS) for Effective Vulnerability Management
Publicly disclosed computer vulnerabilities are compiled into a list called Common Vulnerabilities and Exposures (CVE). To understand the severity of...
‘Orca Watch’ Series
How to Protect Against Midnight Blizzard-Style Kill Chains
Last week, Microsoft revealed that the Russia-based threat actor group known as Midnight Blizzard, Cozy Bear, and APT29 had compromised...
Discovered Vulnerabilities
Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise
The Orca Research Pod has uncovered a dangerous loophole in Google Kubernetes Engine (GKE) that could allow an attacker with...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
Chat with Us
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
Chat with an Orca ExpertNo Slack account required.