“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers
Lock and Code
English - July 19, 2021 05:05 - 43 minutes - 40.2 MBTechnology Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Racing against a real-life ransomware attack, with Ski Kacoroski
On April 1, a volunteer researcher for the Dutch Institute for Vulnerability Disclosure (DIVD) began poking around into Kaseya VSA, a popular software tool used to remotely manage and monitor computers. Within minutes, he found a zero-day vulnerability that allowed remote code execution—a serious flaw. Within weeks, his team had found seven or eight more.
In today's episode, DIVD Chair Victor Gevers describes the race to prevent one of the most devastating ransomware attacks in recent history. It's a race that Gevers and his team almost won. Almost.