Welcome to Orca Security's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
Trust Center Updates
We are aware of the ongoing CrowdStrike outage and want to reassure our customers that Orca remains unaffected. Our security measures and protocols continue to operate without interruption, ensuring that your data remains secure.
We are aware of recent reports related to a potential compromise of certain Snowflake accounts. Orca remains unaffected; no Snowflake accounts managed by Orca were targeted or compromised in this incident. Snowflake has also confirmed to us that they have no indicators of compromise for any of our accounts. As well we continued with further due diligence to ensure our data security.
Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)
VulnerabilitiesCopy linkOur company remains unaffected by the CVE-2024-3094 vulnerability; A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux distributions, affecting XZ Utils versions 5.6.0 and 5.6.1. The vulnerability could allow an attacker to gain unauthorized access to the system and is being tracked as CVE-2024-3094 with a CVSS score of 10 – the highest possible score.
Sincerely, Orca Security team.
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Orca considers this vulnerability remediated. Orca Security promptly patches zero-day and critical vulnerabilities leveraging central asset management and Orca Platform, with detection and remediation capabilities. In addition, Orca implements security check in the code evaluating any vulnerable dependencies. We keep monitoring for this vulnerability and many more.
Sincerely, the Orca Security team
Our company remains unaffected by the HTTP/2 vulnerability, thanks to the robust protections offered by AWS CloudFront, AWS WAF and the expeditious protection of our Orca Platform. Orca diligently reports about zero-day, new and trending vulnerabilities for all our production assets and cloud infrastructure. We make sure our infrastructure and service is not disrupted leveraging the above described solutions, while DDoS can only be contained, we took all needed measures on the matter.
If you are a customer and you have any additional inquiries, you are welcome to reach us in compliance@orca.security or to submit an RFI to your CSM.
Sincerely, the Orca Security team
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.