Links: The Nigerian government scores this week's S3 Bucket Negligence Award New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals Automatically block suspicious DNS activity with Amazon GuardDuty and Route 53 Resolver DNS Firewall Use Security Hub custom actions to remediate S3 resources based on Macie discovery results There has been significant improvement to the AWS IAM documentation around IAM best practices. Artillery lets you use Lambdas for open source load testing ....
Jul 27, 2022•5 min•Ep 415•Transcript available on Metacast AWS Morning Brief for the week of July 25, 2022 with Corey Quinn.
Jul 25, 2022•7 min•Ep 414•Transcript available on Metacast Links: Things I wish I knew about AWS WAF - Bot Control How to Protect Your Data from Ransomware with S3 Object Lock It seems that Experian has learned nothing from its string of data breaches The Makati city government is the winner of this week's S3 Bucket Negligence award. A quick overview of AWS principals, identity-based policies, and resource-based policies . Eligible customers can now order a free MFA security key Reported EKS IAM Authenticator Issue I found a handy script that someone be...
Jul 21, 2022•6 min•Ep 413•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/azures_vulnerabilities_are_quack Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/5iTxtBnCPys Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey...
Jul 20, 2022•9 min•Ep 412•Transcript available on Metacast AWS Morning Brief for the week of July 18th, 2022 with Corey Quinn.
Jul 18, 2022•7 min•Ep 411•Transcript available on Metacast Links: My article on the dangers of chatbots led someone to share this concern-affirming tale . Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere How to tune TLS for hybrid post-quantum cryptography with Kyber hasIAMfailedopenyet.com is a site that triggers a Lambda function on every invocation that attempts to access something it cannot....
Jul 14, 2022•5 min•Ep 410•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/coreys-security-posture-2022 Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/dHDY69hIvvk Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on ...
Jul 13, 2022•15 min•Ep 409•Transcript available on Metacast AWS Morning Brief for the week of July 11, 2022 with Corey Quinn.
Jul 11, 2022•5 min•Ep 408•Transcript available on Metacast Links: The most recently reported Azure vulnerability Amazon Photos exposes customers to risk I (re)discovered Scott Piper's work on Lesser Known Techniques for Attacking AWS Environments . PyPi python packages get caught sending stolen AWS keys to unsecured sites . TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints GuardDuty has new findings CloudFormation Guard had a new release....
Jul 07, 2022•5 min•Ep 407•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link: https://www.lastweekinaws.com/blog/the-chatops-issue-no-ones-chatting-about Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/eBKZ71OLjG8 Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Foll...
Jul 06, 2022•8 min•Ep 406•Transcript available on Metacast AWS Morning Brief for the week of July 4th, 2022 with Corey Quinn.
Jul 05, 2022•8 min•Ep 405•Transcript available on Metacast Links: Azure has another security issue around its Synapse offering; this one was discovered by Tenable . Sysdig has a dive into the real threats to SSH on EC2. Tailscale has announced the ability to support Tailscale SSH. Chris Farris has a treatise on the The Philosphy of Prevention when it comes to cloud security. Google Cloud CISO Phil Venables asks whether security analogies are counterproductive . A security issue of sorts was discovered around sts:GetSessionToken Role Chaining in AWS The ...
Jun 30, 2022•5 min•Ep 404•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/9-ways-aws-cdk-headdesk Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/3Mf3_l6iEtA Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitt...
Jun 29, 2022•17 min•Ep 403•Transcript available on Metacast AWS Morning Brief for the week of June 27, 2022 with Corey Quinn.
Jun 27, 2022•6 min•Ep 402•Transcript available on Metacast Links: Travis CI continues to be a security nightmare . Implementing IAM Permission Boundaries with AWS SSO using Terraform A user reported a vulnerability to a company through Bugcrowd. The writeup is really worth reviewing. The RSA conference was apparently a super spreader event . Because nobody beats the Wiz, they've got a post up on the secret agents installed by cloud service providers . Partitioning and Isolating Multi-Tenant SaaS Data with Amazon S3 Service Notice – Upcoming changes requ...
Jun 23, 2022•6 min•Ep 401•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/should-you-take-a-job-at-aws/ Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/BCiUulzr9f8 Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on...
Jun 22, 2022•16 min•Ep 400•Transcript available on Metacast AWS Morning Brief for the week of June 20, 2022 with Corey Quinn.
Jun 21, 2022•6 min•Ep 399•Transcript available on Metacast Links: Azure’s continuing security woes The Meeting Owl videoconference device apparently had significant security problems Brandon Sherman writes about how Temporal structures its access control strategy with regard to AWS This week's S3 Bucket Negligence Award goes to Mobike. Cloud Functions or Cloud Run launched from any GCP organization can bypass Google Kubernetes Engine (GKE) Authorized Networks restrictions Proof of someone migrating to SSO and disabling IAM users entirely . AWS blog post...
Jun 16, 2022•7 min•Ep 398•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link: https://www.lastweekinaws.com/blog/reinvent-keynote-incident/ Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/NGvLMsf4Wg8 Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts...
Jun 15, 2022•9 min•Ep 397•Transcript available on Metacast AWS Morning Brief for the week of June 13, 2022 with Corey Quinn.
Jun 13, 2022•6 min•Ep 396•Transcript available on Metacast Links: Nick Jones' review of the AWS Security Model I linked to previously . Microsoft Azure has seen 6 'nightmare' cloud security flaws over the past year . Unsecured Elasticsearch Data Replaced with Ransom Note AWS Systems Manager announces support for port forwarding to remote hosts using Session Manager When and where to use IAM permissions boundaries Security vulnerability in AWS's Managed Workflows for Apache Airflow...
Jun 09, 2022•5 min•Ep 395•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-strange-too-familiar-tale-of-uncle-suitcase/ Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/x70EypnAH1Y Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up ...
Jun 08, 2022•7 min•Ep 394•Transcript available on Metacast AWS Morning Brief for the week of June 6, 2022, with Corey Quinn.
Jun 06, 2022•7 min•Ep 393•Transcript available on Metacast Links: Poisoned Python and PHP packages purloin passwords for AWS access No, your cloud environment doesn't need a sandbox Spring 2022 SOC reports are now available with 150 services in scope Canary Tokens...
Jun 02, 2022•4 min•Ep 392•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-aurora-serverless-road-not-taken/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group ...
Jun 01, 2022•8 min•Ep 391•Transcript available on Metacast AWS Morning Brief for the week of May 30, 2022 with Corey Quinn.
May 30, 2022•6 min•Ep 390•Transcript available on Metacast Links: Google Cloud Build deep dive Andrea Brancaleoni found an ELB header security issue An article on You Can't Opt Out of Citizen Development DOJ Announces It Won’t Prosecute White Hat Security Researchers Choosing the right certificate revocation method in ACM Private CA a somewhat... controversial AWS Security Maturity Model AWS API calls that return credentials on GitHub...
May 26, 2022•5 min•Ep 389•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/an-aws-free-tier-bill-shock-your-next-steps Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill ...
May 25, 2022•10 min•Ep 388•Transcript available on Metacast AWS Morning Brief for the week of May 23, 2022 with Corey Quinn.
May 23, 2022•5 min•Ep 387•Transcript available on Metacast Links: "Hacking the Cloud" is a community-built encyclopedia npm dependency confusion attack . Windows Event Logs F5 appliance (software or hardware) full remote code execution with privileged access Wiz has a blog post up about securing AWS Lambda function URLs Build a strong identity foundation that uses your existing on-premises Active Directory How to use new Amazon GuardDuty EKS Protection findings Poro (an open source project) scans for publicly accessible assets in your AWS environment...
May 19, 2022•6 min•Ep 386•Transcript available on Metacast 
