Episode Summary
Last week in security news: Azure has another security issue, Sysdig dives into threats to SSH on EC2, and more!
Episode Show Notes & Transcript
Links:
- Azure has another security issue around its Synapse offering; this one was discovered by Tenable.
- Sysdig has a dive into the real threats to SSH on EC2.
- Tailscale has announced the ability to support Tailscale SSH.
- Chris Farris has a treatise on the The Philosphy of Prevention when it comes to cloud security.
- Google Cloud CISO Phil Venables asks whether security analogies are counterproductive.
- A security issue of sorts was discovered around sts:GetSessionToken Role Chaining in AWS
- The person responsible for the giant Capital One hack that took advantage of a series of small AWS misconfigurations has been convicted.
- Rogue GitHub apps could have hijacked countless repos for a week or two earlier this year.
- Wickr for Government achieves FedRAMP Ready designation
- It takes an open source project like trackiam to collate IAM actions, AWS APIs, and managed policies from all over the place
- Passwordle lets you guess commonly used passwords.