---
title: "Infosec Brain Worms"
id: "14045"
type: "podcast"
slug: "infosec-brain-worms"
published_at: "2023-06-29T10:00:00+00:00"
modified_at: "2026-05-17T00:04:15+00:00"
url: "https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/infosec-brain-worms/"
markdown_url: "https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/infosec-brain-worms.md"
taxonomy_shows:
  - "Last Week In AWS Podcast"
---

About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

[https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305](https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305)

[https://overcast.fm/itunes1466344305/aws-morning-brief](https://overcast.fm/itunes1466344305/aws-morning-brief)

[https://pca.st/AKs0](https://pca.st/AKs0)

[https://podcastaddict.com/podcast/2382583](https://podcastaddict.com/podcast/2382583)

[https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU](https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU)

[https://feeds.transistor.fm/aws-morning-brief](https://feeds.transistor.fm/aws-morning-brief)

## Episode Summary

## Episode Show Notes & Transcript

Last week in security news: 'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms, Issue with AWS Directory Service EnableRoleAccess, S3 buckets being used in attacks on npm packages, and more!

**Links:**

- This collection of [best practices](https://www.cloudyali.io/blogs/how-to-monitor-aws-iam-root-users-at-scale-best-practices) for managing root users at scale in AWS is worth a read
- ['Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms](https://www.darkreading.com/attacks-breaches/-muddled-libra-oktapus-smishing-outsourcing-firms) .
- 1Health is this week's winner of the [S3 Bucket Negligence Award](https://www.ftc.gov/news-events/news/press-releases/2023/06/ftc-says-genetic-testing-company-1health-failed-protect-privacy-security-dna-data-unfairly-changed)
- Barracuda advises customers to [rip the entire device out](https://www.techmeme.com/230615/p24#a230615p24) , throw it away, and replace it entirely.
- [S3 buckets being used in attacks on npm packages](https://www.theregister.com/2023/06/19/npm_s3_buckets_malware/)
- [Issue with AWS Directory Service EnableRoleAccess](https://aws.amazon.com/security/security-bulletins/AWS-2023-003/)
- Tool of the week: [xeol](https://github.com/xeol-io/xeol) is an end-of-life package scanner.

 View Full Transcript  Hide Full Transcript

## You might also like

[More Podcast Episodes](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/)

### [M3 Ultra Macs, Claude Platform, and 619 New APIs Walk Into a Bar](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/m3-ultra-macs-claude-platform-and-619-new-apis-walk-into-a-bar/)

Last Week In AWS Podcast

05.18.2026

7 Minutes

[Listen Now](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/m3-ultra-macs-claude-platform-and-619-new-apis-walk-into-a-bar/)

### [AI-Native Foundations and the CVEs That Love Them](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/ai-native-foundations-and-the-cves-that-love-them/)

Last Week In AWS Podcast

05.11.2026

7 Minutes

[Listen Now](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/ai-native-foundations-and-the-cves-that-love-them/)

### [Bedrock Bags OpenAI, Q Developer Bags Groceries](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/bedrock-bags-openai-q-developer-bags-groceries/)

Last Week In AWS Podcast

05.04.2026

9 Minutes

[Listen Now](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/bedrock-bags-openai-q-developer-bags-groceries/)