Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/google-cloud-alters-the-deal Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help l...
Mar 23, 2022•9 min•Ep. 361
AWS Morning Brief for the week of March 21, 2022 with Corey Quinn.
Mar 21, 2022•8 min•Ep. 360
Links: Links Referenced: Couchbase Capella: https://couchbase.com/screaminginthecloud couchbase.com/screaminginthecloud: https://couchbase.com/screaminginthecloud blog post: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html AutoWarp: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ “Google Announces Intent to Acquire Mandiant”: https://www.googlecloudpresscorner.com/2022-03-08-mgc password table: https://www.hivesys...
Mar 17, 2022•6 min•Ep. 359
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/my-mental-model-of-aws-regions Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
Mar 16, 2022•9 min•Ep. 358
AWS Morning Brief for the week of March 14, 2022 with Corey Quinn.
Mar 14, 2022•7 min•Ep. 357
Links: The Register : https://www.theregister.com/2022/02/28/tech_response_to_ukraine/ “WTF is Cloud Native Data Security?”: https://blog.container-solutions.com/wtf-is-cloud-native-data-security Imdsv2 wall of shame: https://github.com/SummitRoute/imdsv2_wall_of_shame/blob/main/README.md “Piercing the Cloud Armor”: https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Via a third-party: https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/ “St...
Mar 10, 2022•7 min•Ep. 356
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/handling-secrets-with-aws Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lowe...
Mar 09, 2022•9 min•Ep. 355
AWS Morning Brief for the week of March 7, 2022 with Corey Quinn.
Mar 07, 2022•7 min•Ep. 354
Links: Charlie Bell in the Wall Street Journal The Register’s Roundup Melijoe.com’s award AWS Announcement Granted Transcript Corey: This is the AWS Morning Brief: Security Edition . AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff. Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured, and fully managed with built-in access via key-value, SQL, and ...
Mar 03, 2022•5 min•Ep. 353
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/status-paging-you Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your A...
Mar 02, 2022•12 min•Ep. 352
AWS Morning Brief for the week of February 28, 2022 with Corey Quinn.
Feb 28, 2022•6 min•Ep. 351
Links: “Developer Experience is Security”: https://redmonk.com/rstephens/2022/02/17/devex-is-security/ Cleansing their network of ransomware: https://www.espn.com/nfl/story/_/id/33283115/san-francisco-49ers-network-hit-gang-ransomware-attack-team-notifies-law-enforcement “Control access to Amazon Elastic Container Service resources by using ABAC policies”: https://aws.amazon.com/blogs/security/control-access-to-amazon-elastic-container-service-resources-by-using-abac-policies/ “Introducing s2n-q...
Feb 24, 2022•5 min•Ep. 350
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-trials-and-travails-of-aws-sso/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to...
Feb 23, 2022•8 min•Ep. 349
AWS Morning Brief for the week of February 20, 2022 with Corey Quinn.
Feb 21, 2022•8 min•Ep. 348
Links Referenced: CanaryTokens: https://www.canarytokens.org/ Found a solid way to avoid that sneaky method: https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html?m=1 The folks at Orca found a vulnerability around OCI’s handling of Server Side Request Forgery (SSRF) Metadata: https://orca.security/resources/blog/Oracle-server-side-request-forgery-ssrf-attack-metadata/ S3 Bucket Negligence Award: https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-convoy-exposed-donation/ O...
Feb 17, 2022•6 min•Ep. 347
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill G...
Feb 16, 2022•6 min•Ep. 346
AWS Morning Brief for the week of February 14, 2021 with Corey Quinn.
Feb 14, 2022•8 min•Ep. 345
Links: CodeBuild to exfiltrate data from an AWS VPC: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html Thousands of Open Databases: https://InfoSecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32 “Why do Amazon S3 Data Breaches Keep Happening?”: https://markn.ca/2022/why-do-amazon-s3-data-breaches-keep-happening/ You’re going to be placed on a public list of shame: https://Twitter.com/0xdabbad00/status/1489305680490106880?s=12 How to...
Feb 10, 2022•7 min•Ep. 344
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/guardduty-for-eks-and-why-security-should-be-free Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duc...
Feb 09, 2022•10 min•Ep. 343
AWS Morning Brief for the week of February 7, 2022 with Corey Quinn.
Feb 07, 2022•7 min•Ep. 342
Links: Three vulnerabilities: https://blog.wiz.io/black-hat-2021-aws-cross-account-vulnerabilities-how-isolated-is-your-cloud-environment/ Embarrassingly long time: https://Twitter.com/christophetd/status/1486610249045925890 “Companies Leave Vast Amounts of Sensitive Data Unprotected”: https://www.propublica.org/article/identity-theft-surged-during-the-pandemic-heres-where-a-lot-of-the-stolen-data-came-from?token=pIt-Qx8lrKMcPei_lM3rFDQpHXkkcxXQ Google Drive started mistakenly flagging files as ...
Feb 03, 2022•7 min•Ep. 341
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/going-out-to-play-with-the-cdk Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
Feb 02, 2022•11 min•Ep. 340
AWS Morning Brief for the week of January 31, 2022 with Corey Quinn.
Jan 31, 2022•8 min•Ep. 339
Links: GitHub organizations: https://alsmola.medium.com/securing-github-organizations-9c33c850638 CloudTrail would spew other accounts’ credentials your way: https://onecloudplease.com/blog/security-september-cataclysms-in-the-cloud-formations Spot on: https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/ Some excellent points: https://www.darkreading.com/cloud/enterprises-are-sailing-into-a-perfect-storm-of-cloud-risk “Amazon EC2 customers can n...
Jan 27, 2022•5 min•Ep. 338
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/clickops Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill...
Jan 26, 2022•7 min•Ep. 337
AWS Morning Brief for the week of January 24, 2022 with Corey Quinn.
Jan 24, 2022•10 min•Ep. 336
Links: S3 Bucket Negligence Award: http://saharareporters.com/2022/01/10/exclusive-hacker-breaks-nimc-server-steals-over-three-million-national-identity-numbers Anyone in a VPC, any VPC, anywhere: https://Twitter.com/santosh_ankr/status/1481387630973493251 A disgruntled developer corrupts their own NPM libs ‘colors’ and ‘faker’, breaking thousands of apps: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ “Top ten security best prac...
Jan 20, 2022•6 min•Ep. 335
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/orca-security-aws-and-the-killer-whale-of-a-problem Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the D...
Jan 19, 2022•13 min•Ep. 334
AWS Morning Brief for the week of January 17, 2021 with Corey Quinn.
Jan 17, 2022•7 min•Ep. 333
Links: Comes with a cryptominer: https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ You could be federally charged with wire fraud for paying off a security researcher: https://www.justice.gov/usao-ndca/pr/former-uber-chief-security-officer-face-wire-fraud-charges-0 A source code leak of its Azure App Service: https://www.theregister.com/2021/12/24/azure_app_service_not_legit_source_code_leak/ “Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks...
Jan 13, 2022•6 min•Ep. 332
