Episode 13
“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers
On April 1, a volunteer researcher for the Dutch Institute for Vulnerability Disclosure (DIVD) began poking around into Kaseya VSA, a popular software tool used to remotely manage and monitor computers. Within minutes, he found a zero-day vulnerability that allowed remote code execution—a serious flaw. Within weeks, his team had found seven or eight more. In today's episode, DIVD Chair Victor Gevers describes the race to prevent one of the most devastating ransomware attacks in recent history. It's a race that Gevers and his team almost won. Almost.