Episode 569
Overscoped Role? No, It's the Children Who Are Wrong
September 14, 20233m 38s
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Last week in security news: Corey reported an over-scoped role to AWS security, The bad LastPass breach got even worse, How to enforce DNS name constraints in AWS Private CA, and more!
Links:
- I reported an over-scoped role to AWS security; the response from the SageMaker Canvas team was that it's working as intended.
- The bad LastPass breach that continues to get worse once again somehow got worse.
- Microsoft has published a rather thorough postmortem about how their signing key was leaked.
- A security newsletter features a scam that I reported via Twitter.
- Google has gone from paragon of security to apparently now sharing aspects of your browsing history with websites in Chrome,
- Establishing a data perimeter on AWS: Allow access to company data only from expected networks
- How to enforce DNS name constraints in AWS Private CA
- Tool of the week: ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit.
Topics
cloudawsamazondevopslast week in aws984841