Conducting the AWS Billing Train
AWS Morning Brief for the week of March 21, 2022 with Corey Quinn.
AWS Morning Brief for the week of March 21, 2022 with Corey Quinn.
Links: Links Referenced: Couchbase Capella: https://couchbase.com/screaminginthecloud couchbase.com/screaminginthecloud: https://couchbase.com/screaminginthecloud blog post: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html AutoWarp: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ “Google Announces Intent to Acquire Mandiant”: https://www.googlecloudpresscorner.com/2022-03-08-mgc password table: https://www.hivesys...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/my-mental-model-of-aws-regions Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
AWS Morning Brief for the week of March 14, 2022 with Corey Quinn.
Links: The Register : https://www.theregister.com/2022/02/28/tech_response_to_ukraine/ “WTF is Cloud Native Data Security?”: https://blog.container-solutions.com/wtf-is-cloud-native-data-security Imdsv2 wall of shame: https://github.com/SummitRoute/imdsv2_wall_of_shame/blob/main/README.md “Piercing the Cloud Armor”: https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Via a third-party: https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/ “St...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/handling-secrets-with-aws Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lowe...
AWS Morning Brief for the week of March 7, 2022 with Corey Quinn.
Links: Charlie Bell in the Wall Street Journal The Register’s Roundup Melijoe.com’s award AWS Announcement Granted Transcript Corey: This is the AWS Morning Brief: Security Edition . AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff. Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured, and fully managed with built-in access via key-value, SQL, and ...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/status-paging-you Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your A...
AWS Morning Brief for the week of February 28, 2022 with Corey Quinn.
Links: “Developer Experience is Security”: https://redmonk.com/rstephens/2022/02/17/devex-is-security/ Cleansing their network of ransomware: https://www.espn.com/nfl/story/_/id/33283115/san-francisco-49ers-network-hit-gang-ransomware-attack-team-notifies-law-enforcement “Control access to Amazon Elastic Container Service resources by using ABAC policies”: https://aws.amazon.com/blogs/security/control-access-to-amazon-elastic-container-service-resources-by-using-abac-policies/ “Introducing s2n-q...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-trials-and-travails-of-aws-sso/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to...
AWS Morning Brief for the week of February 20, 2022 with Corey Quinn.
Links Referenced: CanaryTokens: https://www.canarytokens.org/ Found a solid way to avoid that sneaky method: https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html?m=1 The folks at Orca found a vulnerability around OCI’s handling of Server Side Request Forgery (SSRF) Metadata: https://orca.security/resources/blog/Oracle-server-side-request-forgery-ssrf-attack-metadata/ S3 Bucket Negligence Award: https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-convoy-exposed-donation/ O...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill G...
AWS Morning Brief for the week of February 14, 2021 with Corey Quinn.
Links: CodeBuild to exfiltrate data from an AWS VPC: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html Thousands of Open Databases: https://InfoSecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32 “Why do Amazon S3 Data Breaches Keep Happening?”: https://markn.ca/2022/why-do-amazon-s3-data-breaches-keep-happening/ You’re going to be placed on a public list of shame: https://Twitter.com/0xdabbad00/status/1489305680490106880?s=12 How to...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/guardduty-for-eks-and-why-security-should-be-free Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duc...
AWS Morning Brief for the week of February 7, 2022 with Corey Quinn.
Links: Three vulnerabilities: https://blog.wiz.io/black-hat-2021-aws-cross-account-vulnerabilities-how-isolated-is-your-cloud-environment/ Embarrassingly long time: https://Twitter.com/christophetd/status/1486610249045925890 “Companies Leave Vast Amounts of Sensitive Data Unprotected”: https://www.propublica.org/article/identity-theft-surged-during-the-pandemic-heres-where-a-lot-of-the-stolen-data-came-from?token=pIt-Qx8lrKMcPei_lM3rFDQpHXkkcxXQ Google Drive started mistakenly flagging files as ...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/going-out-to-play-with-the-cdk Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
AWS Morning Brief for the week of January 31, 2022 with Corey Quinn.
Links: GitHub organizations: https://alsmola.medium.com/securing-github-organizations-9c33c850638 CloudTrail would spew other accounts’ credentials your way: https://onecloudplease.com/blog/security-september-cataclysms-in-the-cloud-formations Spot on: https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/ Some excellent points: https://www.darkreading.com/cloud/enterprises-are-sailing-into-a-perfect-storm-of-cloud-risk “Amazon EC2 customers can n...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/clickops Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill...
AWS Morning Brief for the week of January 24, 2022 with Corey Quinn.
Links: S3 Bucket Negligence Award: http://saharareporters.com/2022/01/10/exclusive-hacker-breaks-nimc-server-steals-over-three-million-national-identity-numbers Anyone in a VPC, any VPC, anywhere: https://Twitter.com/santosh_ankr/status/1481387630973493251 A disgruntled developer corrupts their own NPM libs ‘colors’ and ‘faker’, breaking thousands of apps: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ “Top ten security best prac...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/orca-security-aws-and-the-killer-whale-of-a-problem Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the D...
AWS Morning Brief for the week of January 17, 2021 with Corey Quinn.
Links: Comes with a cryptominer: https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ You could be federally charged with wire fraud for paying off a security researcher: https://www.justice.gov/usao-ndca/pr/former-uber-chief-security-officer-face-wire-fraud-charges-0 A source code leak of its Azure App Service: https://www.theregister.com/2021/12/24/azure_app_service_not_legit_source_code_leak/ “Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks...
Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/azures-terrible-security-posture-comes-home-to-roost/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the...