Risky Business #616 -- Exchange 0day party time for Chinese APT crew
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Chinese APT crew goes berserk with Exchange 0day Russia hacks Ukraine and USA, India hacks China, China hacks India The NYTimes got something big wrong again (shock horror) CANVAS exploit pack leaks, including their sweet, sweet Spectre exploit Atlantic Council report into offensive capability vendors/contractors Your vCentre gear it probably already on fire: find out why! Much, much more This week’s show is brought to you by Yubico, the makers of the Yubikey. Yubico Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk about “passwordless authentication”. Some organisations have a pretty bad understanding of what passwordless is, while other organisations are running into the mountains to avoid even thinking about it. But with hardware supported WebAuthn becoming pretty much ubiquitous, Jerrod thinks a tipping point is coming. Also, they’ve launched passwordless auth for AzureAD. NOTE: This podcast introduces Jerrod Chong as the CTO of Yubico. He’s actually the Chief Solutions Officer. It was our mistake, apologies! Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.