Links: Qtorque.io: https://qtorque.io A disturbing article: https://doublepulsar.com/the-hard-truth-about-ransomware-we-arent-prepared-it-s-a-battle-with-new-rules-and-it-hasn-t-a93ad3030a54 Kaspersky’s Amazon SES token: https://www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/ Twitch breach: https://www.esecurityplanet.com/cloud/twitch-breach-shows-difficulty-cloud-security/ Implement OAuth 2.0 device grant flow by using Amazon Cognito and AW...
Nov 11, 2021•6 min•Ep 300•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/The-Sneaky-Weakness-Behind-AWS'-Managed-KMS-keys Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duck...
Nov 10, 2021•11 min•Ep 299•Transcript available on Metacast AWS Morning Brief for the week of 8 November, 2021 with Corey Quinn.
Nov 08, 2021•10 min•Ep 298•Transcript available on Metacast Links: re:Quinnvent: https://requinnvent.com Don’t be surprised when ‘move fast and break things’ results in broken stuff: https://cloudpundit.com/2021/10/27/dont-be-surprised-when-move-fast-and-break-things-results-in-broken-stuff/ Twitter thread: https://Twitter.com/quinnypig/status/1453214680764219392 Correlate security findings with AWS Security Hub and Amazon EventBridge: https://aws.amazon.com/blogs/security/correlate-security-findings-with-aws-security-hub-and-amazon-eventbridge/ Three wa...
Nov 04, 2021•7 min•Ep 297•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/The-Unfulfilled-Promise-of-Serverless Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group ...
Nov 03, 2021•6 min•Ep 296•Transcript available on Metacast AWS Morning Brief for the week of November 1, 2021 with Corey Quinn.
Nov 01, 2021•10 min•Ep 295•Transcript available on Metacast Links: 1Password University: https://blog.1password.com/introducing-1password-university/ Penetration testing: https://www.darkreading.com/cloud/pentesting-in-the-cloud-demands-a-different-approach New AWS workbook for New Zealand financial services customers: https://aws.amazon.com/blogs/security/new-aws-workbook-for-new-zealand-financial-services-customers/ Secretive: https://github.com/maxgoedjen/secretive Transcript Corey: This is the AWS Morning Brief: Security Edition . AWS is fond of sayi...
Oct 28, 2021•6 min•Ep 294•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link : http://www.lastweekinaws.com/blog/the-dumbest-dollars-a-cloud-provider-can-make Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbil...
Oct 27, 2021•7 min•Ep 293•Transcript available on Metacast AWS Morning Brief for the week of October 25, 2021 with Corey Quinn.
Oct 25, 2021•10 min•Ep 292•Transcript available on Metacast Links: Entirely optional for attackers: https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/ Worst Case: https://www.tbray.org/ongoing/When/202x/2021/10/08/The-WOrst-Case Are looking to change that: https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/ Introducing Security at the Edge: https://aws.amazon.com/blogs/security/introducing-the-security-at-the-edge-core-principles-whitepaper/ Password reuse: https://www.hypr.com/password-reuse/ Transcript Corey: This is the A...
Oct 21, 2021•7 min•Ep 291•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/The-Turbotax-of-AWS-Billing Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lo...
Oct 20, 2021•7 min•Ep 290•Transcript available on Metacast AWS Morning Brief for the week of October 18, 2021 with Corey Quinn.
Oct 18, 2021•11 min•Ep 289•Transcript available on Metacast Links: Disclosed a nasty auto-delete bug: https://arstechnica.com/information-technology/2021/10/researcher-refuses-telegrams-bounty-award-discloses-auto-delete-bug/ Enroll basically all of it’s users: https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/ Worth taking a look: https://labs.bishopfox.com/tech-blog/IAM-vulnerable-assessing-the-aws-assessment-tools Enumerate those yourself: https://www.hezmatt.org/~mpalmer/blog/2021/10/07/enumerating-aws-iam-accounts....
Oct 14, 2021•8 min•Ep 288•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/why-i-turned-down-an-aws-job-offer Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to ...
Oct 13, 2021•8 min•Ep 287•Transcript available on Metacast AWS Morning Brief for the week of October 11, 2021 with Corey Quinn.
Oct 11, 2021•8 min•Ep 286•Transcript available on Metacast Links: Let’s Encrypt’s root certificate has expired, and it might break your devices: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/ Slack was bitten by DNSSEC: https://Twitter.com/tqbf/status/1443654964556013569 Prepare For Cybersecurity Assessments From Your Customers: https://www.securitysystemsnews.com/article/prepare-for-cybersecurity-assessments-from-your-customers AWS Lambda now supports triggering Lambda functions from an Amazon SQS queue in a different account: https://aws....
Oct 07, 2021•8 min•Ep 285•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/The-Compelling-Economics-of-Cloudflare-R2 Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Gr...
Oct 06, 2021•14 min•Ep 284•Transcript available on Metacast AWS Morning Brief for the week of September 3, 2021 with Corey Quinn.
Oct 04, 2021•8 min•Ep 283•Transcript available on Metacast Links: “I Trust AWS IAM to Secure my Applications. I Don’t Trust the IAM Docs to Tell Me How”: https://ben11kehoe.medium.com/i-trust-aws-iam-to-secure-my-applications-i-dont-trust-the-iam-docs-to-tell-me-how-f0ec4c119e79 “Introduction to Zero Trust on AWS ECS Fargate”: https://omerxx.com/identity-aware-proxy-ecs/ Threat Stack Aquired by F5: https://techcrunch.com/2021/09/20/f5-acquires-cloud-security-startup-threat-stack-for-68-million/ AWS removed from CVE-2021-38112 : https://rhinosecuritylabs...
Sep 30, 2021•8 min•Ep 282•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/The-Actual-Next-1-Million-Cloud-Customers Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Gr...
Sep 29, 2021•9 min•Ep 281•Transcript available on Metacast AWS Morning Brief for the week of September 27,2021 with Corey Quinn.
Sep 27, 2021•11 min•Ep 280•Transcript available on Metacast Links: WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job : https://www.theregister.com/2021/09/17/microsoft_manual_omigod_fixes/ Travis CI flaw exposed secrets of thousands of open source projects : https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/ How to Build Strong Security Guardrails in the AWS Cloud With Minimal Effort : https://markn.ca/2021/how-to-build-strong-security-guardrails-in-the-aws-cloud-wi...
Sep 23, 2021•11 min•Ep 279•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/17-more-ways-to-tun-containers-on-aws Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group ...
Sep 22, 2021•9 min•Ep 278•Transcript available on Metacast AWS Morning Brief for the week of September 20, 2021 with Corey Quinn.
Sep 20, 2021•10 min•Ep 277•Transcript available on Metacast Links: Principals in AWS IAM : https://ben11kehoe.medium.com/principals-in-aws-iam-38c4a3dc322a You Don’t Need to Burn off Your Fingertips (and Other Biometric Authentication Myths) : https://www.troyhunt.com/you-dont-need-to-burn-off-your-fingertips-and-other-biometric-myths/ Amazon Detective offers Splunk integration : https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-detective-splunk-integration/ IAM Vulnerable - An AWS IAM Privilege Escalation Playground : https://labs.bishopfox.com/...
Sep 16, 2021•7 min•Ep 276•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/awss-per-service-margins/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lowe...
Sep 15, 2021•11 min•Ep 275•Transcript available on Metacast AWS Morning Brief for the week of September 13, 2021 with Corey Quinn.
Sep 13, 2021•9 min•Ep 274•Transcript available on Metacast Links: Enumeration vulnerability in AWS: https://twitter.com/donkersgood/status/1433148548565151748 Lacework Cloud Threat Report : https://info.Lacework.com/2021-cloud-threat-report.html High Availability WireGuard On AWS : https://www.procustodibus.com/blog/2021/02/ha-wireguard-on-aws/ How to improve visibility into AWS WAF with anomaly detection : https://aws.amazon.com/blogs/security/how-to-improve-visibility-into-aws-waf-with-anomaly-detection/ How US federal agencies can authenticate to AWS...
Sep 09, 2021•10 min•Ep 273•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/saas-cost-tools-suck Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower you...
Sep 08, 2021•14 min•Ep 272•Transcript available on Metacast AWS Morning Brief for the week of September 6, 2021 with Corey Quinn.
Sep 06, 2021•10 min•Ep 271•Transcript available on Metacast 
