Episode description
Last week in security news: Corey reported an over-scoped role to AWS security, The bad LastPass breach got even worse, How to enforce DNS name constraints in AWS Private CA, and more!
Links:
- I reported an over-scoped role to AWS security; the response from the SageMaker Canvas team was that it's working as intended.
- The bad LastPass breach that continues to get worse once again somehow got worse.
- Microsoft has published a rather thorough postmortem about how their signing key was leaked.
- A security newsletter features a scam that I reported via Twitter.
- Google has gone from paragon of security to apparently now sharing aspects of your browsing history with websites in Chrome,
- Establishing a data perimeter on AWS: Allow access to company data only from expected networks
- How to enforce DNS name constraints in AWS Private CA
- Tool of the week: ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit.