Episode Summary
Last week in security news: Eric Hammond has advised we throw out the passwords, Lightspin spun up some vulnerability, AJ Yawn is profiled by DarkReading, and more!
Episode Show Notes & Transcript
- Corey’s livetweet: https://twitter.com/quinnypig
- Eric Hammond’s old article: https://alestic.com/2014/09/aws-root-password/
- Lightspin found a vulnerability: https://blog.lightspin.io/aws-rds-critical-security-vulnerability
- Expel’s incident report: https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/
- Rhino Security Labs found a CVE in the AWS VPN Client: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
- DarkReading’s profile of AJ Yawn: https://www.darkreading.com/edge-articles/bytechek-founder-aj-yawn-brings-discipline-to-everything-he-does
- NotGitBleed: https://www.notgitbleed.com/
- AWS Security Bulletins:
- https://aws.amazon.com/security/security-bulletins/AWS-2022-005/
- https://aws.amazon.com/security/security-bulletins/AWS-2022-004/
- gimme-aws-creds: https://github.com/Nike-Inc/gimme-aws-creds
- Chamber: https://github.com/segmentio/chamber
- #lastweekinaws slack channel: https://og-aws-slack.lexikon.io/
