Overscoped Role? No, It's the Children Who Are Wrong
03:38 Share

Last week in security news: Corey reported an over-scoped role to AWS security, The bad LastPass breach got even worse, How to enforce DNS name constraints in AWS Private CA, and more!

Links:

• I reported an over-scoped role to AWS security; the response from the SageMaker Canvas team was that it's working as intended).
• The bad LastPass breach that continues to get worse once again somehow got worse).
• Microsoft has published a rather thorough postmortem) about how their signing key was leaked.
• A security newsletter features a scam) that I reported via Twitter.
• Google has gone from paragon of security to apparently now sharing aspects of your browsing history with websites in Chrome),
• Establishing a data perimeter on AWS: Allow access to company data only from expected networks) 
• How to enforce DNS name constraints in AWS Private CA) 
• Tool of the week: ThreatMapper) hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit.