Links:

• Last week LastPass reported (yet another) security issue, wherein their source code was stolen. 
• Finally: an honest recap of fwd:cloudsec and re:Inforce 2022 from someone who had the stomach to sit through the entirety of the latter.
• The Register reports on a growing trend of using AWS resources to hide phishing attacks.
• Expanded eligibility for the free MFA security key program 
• How to centralize findings and automate deletion for unused IAM roles
• Identifying publicly accessible resources with Amazon VPC Network Access Analyzer 
• The tool of the week: popeye is a Kubernetes cluster resource sanitizer.