Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/google-cloud-alters-the-deal Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help l...
Mar 23, 2022•9 min•Ep 361•Transcript available on Metacast AWS Morning Brief for the week of March 21, 2022 with Corey Quinn.
Mar 21, 2022•8 min•Ep 360•Transcript available on Metacast Links: Links Referenced: Couchbase Capella: https://couchbase.com/screaminginthecloud couchbase.com/screaminginthecloud: https://couchbase.com/screaminginthecloud blog post: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html AutoWarp: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ “Google Announces Intent to Acquire Mandiant”: https://www.googlecloudpresscorner.com/2022-03-08-mgc password table: https://www.hivesys...
Mar 17, 2022•6 min•Ep 359•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/my-mental-model-of-aws-regions Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
Mar 16, 2022•9 min•Ep 358•Transcript available on Metacast AWS Morning Brief for the week of March 14, 2022 with Corey Quinn.
Mar 14, 2022•7 min•Ep 357•Transcript available on Metacast Links: The Register : https://www.theregister.com/2022/02/28/tech_response_to_ukraine/ “WTF is Cloud Native Data Security?”: https://blog.container-solutions.com/wtf-is-cloud-native-data-security Imdsv2 wall of shame: https://github.com/SummitRoute/imdsv2_wall_of_shame/blob/main/README.md “Piercing the Cloud Armor”: https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Via a third-party: https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/ “St...
Mar 10, 2022•7 min•Ep 356•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/handling-secrets-with-aws Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lowe...
Mar 09, 2022•9 min•Ep 355•Transcript available on Metacast AWS Morning Brief for the week of March 7, 2022 with Corey Quinn.
Mar 07, 2022•7 min•Ep 354•Transcript available on Metacast Links: Charlie Bell in the Wall Street Journal The Register’s Roundup Melijoe.com’s award AWS Announcement Granted Transcript Corey: This is the AWS Morning Brief: Security Edition . AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff. Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured, and fully managed with built-in access via key-value, SQL, and ...
Mar 03, 2022•5 min•Ep 353•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/status-paging-you Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your A...
Mar 02, 2022•12 min•Ep 352•Transcript available on Metacast AWS Morning Brief for the week of February 28, 2022 with Corey Quinn.
Feb 28, 2022•6 min•Ep 351•Transcript available on Metacast Links: “Developer Experience is Security”: https://redmonk.com/rstephens/2022/02/17/devex-is-security/ Cleansing their network of ransomware: https://www.espn.com/nfl/story/_/id/33283115/san-francisco-49ers-network-hit-gang-ransomware-attack-team-notifies-law-enforcement “Control access to Amazon Elastic Container Service resources by using ABAC policies”: https://aws.amazon.com/blogs/security/control-access-to-amazon-elastic-container-service-resources-by-using-abac-policies/ “Introducing s2n-q...
Feb 24, 2022•5 min•Ep 350•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-trials-and-travails-of-aws-sso/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to...
Feb 23, 2022•8 min•Ep 349•Transcript available on Metacast AWS Morning Brief for the week of February 20, 2022 with Corey Quinn.
Feb 21, 2022•8 min•Ep 348•Transcript available on Metacast Links Referenced: CanaryTokens: https://www.canarytokens.org/ Found a solid way to avoid that sneaky method: https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html?m=1 The folks at Orca found a vulnerability around OCI’s handling of Server Side Request Forgery (SSRF) Metadata: https://orca.security/resources/blog/Oracle-server-side-request-forgery-ssrf-attack-metadata/ S3 Bucket Negligence Award: https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-convoy-exposed-donation/ O...
Feb 17, 2022•6 min•Ep 347•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill G...
Feb 16, 2022•6 min•Ep 346•Transcript available on Metacast AWS Morning Brief for the week of February 14, 2021 with Corey Quinn.
Feb 14, 2022•8 min•Ep 345•Transcript available on Metacast Links: CodeBuild to exfiltrate data from an AWS VPC: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html Thousands of Open Databases: https://InfoSecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32 “Why do Amazon S3 Data Breaches Keep Happening?”: https://markn.ca/2022/why-do-amazon-s3-data-breaches-keep-happening/ You’re going to be placed on a public list of shame: https://Twitter.com/0xdabbad00/status/1489305680490106880?s=12 How to...
Feb 10, 2022•7 min•Ep 344•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/guardduty-for-eks-and-why-security-should-be-free Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duc...
Feb 09, 2022•10 min•Ep 343•Transcript available on Metacast AWS Morning Brief for the week of February 7, 2022 with Corey Quinn.
Feb 07, 2022•7 min•Ep 342•Transcript available on Metacast Links: Three vulnerabilities: https://blog.wiz.io/black-hat-2021-aws-cross-account-vulnerabilities-how-isolated-is-your-cloud-environment/ Embarrassingly long time: https://Twitter.com/christophetd/status/1486610249045925890 “Companies Leave Vast Amounts of Sensitive Data Unprotected”: https://www.propublica.org/article/identity-theft-surged-during-the-pandemic-heres-where-a-lot-of-the-stolen-data-came-from?token=pIt-Qx8lrKMcPei_lM3rFDQpHXkkcxXQ Google Drive started mistakenly flagging files as ...
Feb 03, 2022•7 min•Ep 341•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/going-out-to-play-with-the-cdk Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
Feb 02, 2022•11 min•Ep 340•Transcript available on Metacast AWS Morning Brief for the week of January 31, 2022 with Corey Quinn.
Jan 31, 2022•8 min•Ep 339•Transcript available on Metacast Links: GitHub organizations: https://alsmola.medium.com/securing-github-organizations-9c33c850638 CloudTrail would spew other accounts’ credentials your way: https://onecloudplease.com/blog/security-september-cataclysms-in-the-cloud-formations Spot on: https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/ Some excellent points: https://www.darkreading.com/cloud/enterprises-are-sailing-into-a-perfect-storm-of-cloud-risk “Amazon EC2 customers can n...
Jan 27, 2022•5 min•Ep 338•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/clickops Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill...
Jan 26, 2022•7 min•Ep 337•Transcript available on Metacast AWS Morning Brief for the week of January 24, 2022 with Corey Quinn.
Jan 24, 2022•10 min•Ep 336•Transcript available on Metacast Links: S3 Bucket Negligence Award: http://saharareporters.com/2022/01/10/exclusive-hacker-breaks-nimc-server-steals-over-three-million-national-identity-numbers Anyone in a VPC, any VPC, anywhere: https://Twitter.com/santosh_ankr/status/1481387630973493251 A disgruntled developer corrupts their own NPM libs ‘colors’ and ‘faker’, breaking thousands of apps: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ “Top ten security best prac...
Jan 20, 2022•6 min•Ep 335•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/orca-security-aws-and-the-killer-whale-of-a-problem Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the D...
Jan 19, 2022•13 min•Ep 334•Transcript available on Metacast AWS Morning Brief for the week of January 17, 2021 with Corey Quinn.
Jan 17, 2022•7 min•Ep 333•Transcript available on Metacast Links: Comes with a cryptominer: https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ You could be federally charged with wire fraud for paying off a security researcher: https://www.justice.gov/usao-ndca/pr/former-uber-chief-security-officer-face-wire-fraud-charges-0 A source code leak of its Azure App Service: https://www.theregister.com/2021/12/24/azure_app_service_not_legit_source_code_leak/ “Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks...
Jan 13, 2022•6 min•Ep 332•Transcript available on Metacast 
