Sign up to save your podcasts
Or
Share re:Inforce and fwd:cloudsec with Scott Piper
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
re:Inforce and fwd:cloudsec with Scott Piper
Last week in security news: Videos from fwd:cloudsec are now available on YouTube, AWS announces AWS Payment Cryptography, Amazon CodeGuru Security is now available in preview, and more!
Links:
- There was lots of great content presented at fwd:cloudsec. The day-long videos are up on YouTube. You can use the schedule to help find the talks you're interested in.
- In contrast to AWS's "Shared Responsibility Model", I appreciate GCP's "Shared Fate Model" where they put their own skin in the game in ensuring their customers are protected. In their New Cryptomining Protection Program, they offer $1M in what is basically an insurance policy that comes with Security Command Center Premium.
- Bob McMillan from the WSJ reports that North Korean hackers have stolen more than $3 billion in crypto over the last 5 years, and their heists are now funding fully half of its ballistic missile program.
- a16z writes Hiring a Chief Information Security Officer.
- Removing header remapping from Amazon API Gateway, and notes about our work with security researchers - AWS made a breaking change to respond to a security issue. The security researchers that found the issue wrote their side of the story, describing it as AWS API Gateway header smuggling and cache confusion.
- Issue with AWS Directory Service EnableRoleAccess - AWS released a security bulletin for this issue, which they seem to do at random for security issues. Ben Bridts from Cloudar found and reported this issue which AWS has fixed. He goes into more detail in his blog post and in a talk at fwd:cloudsec.
- Amazon CloudWatch Logs data protection account level policy configuration
- AWS WAF Fraud Control launches account creation fraud prevention and reduced pricing
- AWS announces AWS Payment Cryptography
- AWS Transfer Family announces quantum-safe key exchange for SFTP
- Amazon CodeGuru Security is now available in preview
- Amazon Inspector announces the general availability of Code Scans for AWS Lambda function
- AWS announces Software Bill of Materials export capability in Amazon Inspector
- Amazon EC2 Instance Connect supports SSH and RDP connectivity without public IP address
- Amazon GuardDuty enhances console experience with findings summary view
- Amazon Detective extends finding groups to Amazon Inspector
- Amazon S3 announces dual-layer server-side encryption for compliance workloads
- AWS CloudTrail Lake launches curated dashboards for visualizing top CloudTrail trends
- AWS IAM Identity Center now supports automated user provisioning from Google Workspace
View all episodes
By Corey Quinn
4.7
7777 ratings
Last week in security news: Videos from fwd:cloudsec are now available on YouTube, AWS announces AWS Payment Cryptography, Amazon CodeGuru Security is now available in preview, and more!
Links:
- There was lots of great content presented at fwd:cloudsec. The day-long videos are up on YouTube. You can use the schedule to help find the talks you're interested in.
- In contrast to AWS's "Shared Responsibility Model", I appreciate GCP's "Shared Fate Model" where they put their own skin in the game in ensuring their customers are protected. In their New Cryptomining Protection Program, they offer $1M in what is basically an insurance policy that comes with Security Command Center Premium.
- Bob McMillan from the WSJ reports that North Korean hackers have stolen more than $3 billion in crypto over the last 5 years, and their heists are now funding fully half of its ballistic missile program.
- a16z writes Hiring a Chief Information Security Officer.
- Removing header remapping from Amazon API Gateway, and notes about our work with security researchers - AWS made a breaking change to respond to a security issue. The security researchers that found the issue wrote their side of the story, describing it as AWS API Gateway header smuggling and cache confusion.
- Issue with AWS Directory Service EnableRoleAccess - AWS released a security bulletin for this issue, which they seem to do at random for security issues. Ben Bridts from Cloudar found and reported this issue which AWS has fixed. He goes into more detail in his blog post and in a talk at fwd:cloudsec.
- Amazon CloudWatch Logs data protection account level policy configuration
- AWS WAF Fraud Control launches account creation fraud prevention and reduced pricing
- AWS announces AWS Payment Cryptography
- AWS Transfer Family announces quantum-safe key exchange for SFTP
- Amazon CodeGuru Security is now available in preview
- Amazon Inspector announces the general availability of Code Scans for AWS Lambda function
- AWS announces Software Bill of Materials export capability in Amazon Inspector
- Amazon EC2 Instance Connect supports SSH and RDP connectivity without public IP address
- Amazon GuardDuty enhances console experience with findings summary view
- Amazon Detective extends finding groups to Amazon Inspector
- Amazon S3 announces dual-layer server-side encryption for compliance workloads
- AWS CloudTrail Lake launches curated dashboards for visualizing top CloudTrail trends
- AWS IAM Identity Center now supports automated user provisioning from Google Workspace
More shows like AWS Morning Brief
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
272 Listeners
The Changelog: Software Development, Open Source
284 Listeners
The Cloudcast
152 Listeners
Thoughtworks Technology Podcast
40 Listeners
Talk Python To Me
590 Listeners
Software Engineering Daily
621 Listeners
AWS Podcast
201 Listeners
Data Engineering Podcast
140 Listeners
Bold Names
1,436 Listeners
Screaming in the Cloud
92 Listeners
Kubernetes Podcast from Google
181 Listeners
Cyber Security Headlines
127 Listeners
Latent Space: The AI Engineer Podcast
75 Listeners
The Pragmatic Engineer
53 Listeners