Overscoped Role? No, It's the Children Who Are Wrong
Sep 14, 2023•4 min•Ep. 569
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Last week in security news: Corey reported an over-scoped role to AWS security, The bad LastPass breach got even worse, How to enforce DNS name constraints in AWS Private CA, and more!
Links:
- I reported an over-scoped role to AWS security; the response from the SageMaker Canvas team was that it's working as intended.
- The bad LastPass breach that continues to get worse once again somehow got worse.
- Microsoft has published a rather thorough postmortem about how their signing key was leaked.
- A security newsletter features a scam that I reported via Twitter.
- Google has gone from paragon of security to apparently now sharing aspects of your browsing history with websites in Chrome,
- Establishing a data perimeter on AWS: Allow access to company data only from expected networks
- How to enforce DNS name constraints in AWS Private CA
- Tool of the week: ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit.
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast