Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Welcome to Orca Security's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Start your security review
View & download sensitive information
Unity-company-logoUnity
SAP-company-logoSAP
Digital Turbine-company-logoDigital Turbine
Autodesk-company-logoAutodesk
Wix-company-logoWix
Gannett-company-logoGannett
Lemonade-company-logoLemonade
Wiley-company-logoWiley
Vercel-company-logoVercel
Sisense-company-logoSisense
Docebo-company-logoDocebo
FourKites-company-logoFourKites
Network Diagram

Trust Center Updates

Snowflake

VulnerabilitiesCopy link

We are aware of recent reports related to a potential compromise of certain Snowflake accounts. Orca remains unaffected; no Snowflake accounts managed by Orca were targeted or compromised in this incident. Snowflake has also confirmed to us that they have no indicators of compromise for any of our accounts. As well we continued with further due diligence to ensure our data security.

Published at N/A

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

VulnerabilitiesCopy link

Our company remains unaffected by the CVE-2024-3094 vulnerability; A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux distributions, affecting XZ Utils versions 5.6.0 and 5.6.1. The vulnerability could allow an attacker to gain unauthorized access to the system and is being tracked as CVE-2024-3094 with a CVSS score of 10 – the highest possible score.

Sincerely, Orca Security team.

Published at N/A*

Libwebp CVE-2023-4863

VulnerabilitiesCopy link

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Orca considers this vulnerability remediated. Orca Security promptly patches zero-day and critical vulnerabilities leveraging central asset management and Orca Platform, with detection and remediation capabilities. In addition, Orca implements security check in the code evaluating any vulnerable dependencies. We keep monitoring for this vulnerability and many more.

Sincerely, the Orca Security team

Published at N/A

HTTP/2 Rapid Reset Attacks and Vulnerability

VulnerabilitiesCopy link

Our company remains unaffected by the HTTP/2 vulnerability, thanks to the robust protections offered by AWS CloudFront, AWS WAF and the expeditious protection of our Orca Platform. Orca diligently reports about zero-day, new and trending vulnerabilities for all our production assets and cloud infrastructure. We make sure our infrastructure and service is not disrupted leveraging the above described solutions, while DDoS can only be contained, we took all needed measures on the matter.
If you are a customer and you have any additional inquiries, you are welcome to reach us in compliance@orca.security or to submit an RFI to your CSM.

Sincerely, the Orca Security team

Published at N/A*

MOVEit vulnerability

VulnerabilitiesCopy link

Orca Security has conducted a thorough investigation of the MOVEit vulnerability and has determined that our company is not affected. We have also confirmed that none of our security sub contractors are affected.

The MOVEit vulnerability is a critical security flaw that could allow an attacker to gain unauthorized access to sensitive data. We take the security of our platform very seriously and are committed to providing our customers with the highest level of protection.

If you have any questions or concerns, please do not hesitate to contact us.

Sincerely, the Orca Security team

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo