Research Archives | Page 4 of 6

How to Remediate CrowdStrike Falcon Windows Outages with Orca

‘Orca Watch’ Series

How to Remediate CrowdStrike Falcon Windows Outages with Orca

On Friday, July 19th, 2024, CrowdStrike customers experienced a major outage impacting Windows systems running the Falcon Sensor. This outage...

Neil Carpenter

Jul 19, 2024

The Five Most Common AI Model Risks and How to Prevent Them

Technical Deep Dives

The Five Most Common AI Model Risks and How to Prevent Them

It’s hard to ignore how GenAI has already become an integral part of our daily lives, with people using LLMs...

Bar Kaduri

Jul 18, 2024

Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability

Orca Platform

Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability

On June 6th, researchers from Shadowserver, a nonprofit security organization, discovered a heavily exploited vulnerability in PHP servers running on...

Yonatan Yosef

Jun 13, 2024

2024 Cloud Security Strategies Report Reveals Resource Constraints and Lack of Visibility as the Biggest Challenges

Research

2024 Cloud Security Strategies Report Reveals Resource Constraints and Lack of Visibility as the Biggest Challenges

Orca Security has released the 2023 & 2024 Cloud Security Strategies Report, which reveals key insights from senior executives about...

Todd Stansfield

May 28, 2024

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Discovered Vulnerabilities

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Table of contentsExecutive Summary:What are Azure, Gcloud and AWS CLI?Exposure of Serverless environment variablesAWS CLI LeakageGcloud CLI LeakageExploitation Proof of...

Roi Nisimi

Apr 16, 2024

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Technical Deep Dives

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Table of contentsBuilding the vulnerable scenariosScenario 1: Web application vulnerabilityScenario 2: CI/CD server vulnerabilityAutomated vulnerability detection using Nuclei templatesScenario 1:...

Ofir Yakobi

Apr 03, 2024

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

‘Orca Watch’ Series

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux...

Bar Kaduri

Mar 30, 2024

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

‘Orca Watch’ Series

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

With 84% of vulnerable and exposed TeamCity servers likely already compromised, the recent issue in JetBrains’ TeamCity illustrates how a...

Ofir Yakobi Neil Carpenter

Mar 20, 2024

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

‘Orca Watch’ Series

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

Recently, the US National Security Agency (NSA) joined United Kingdom’s National Cyber Security Center (NCSC) in releasing an advisory detailing...

Shir Sadon Neil Carpenter

Mar 14, 2024

Research

How to Remediate CrowdStrike Falcon Windows Outages with Orca

The Five Most Common AI Model Risks and How to Prevent Them

Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability

2024 Cloud Security Strategies Report Reveals Resource Constraints and Lack of Visibility as the Biggest Challenges

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons