Links:

• 1Password frankly got it wrong with their assertion that you shouldn't bother with MFA for 1Password itself. 
• Joe Frichette has a handy guide on the ordered steps to take to avoid CloudFront or DNS domain takeovers on AWS
• Over 1,000 iOS apps found exposing hardcoded AWS credentials
• Chris Farris has a great post covering how to handle Incident Response in AWS.
• Announcing new AWS IAM Identity Center APIs to manage users and groups at scale 
• How to subscribe to the new Security Hub Announcements topic for Amazon SNS 
• This week's tool is an open source dingus that lets you use TouchID on supported Macs to authenticate sudo on macOS.