On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The msdt/office lolbinapalooza
  • Microsoft to introduce sensible defaults to Azure
  • Twitter fined $150m for sms 2fa spam
  • It turns out npm got owned in that Heroku/Travis CI thing
  • AWS cred-stealing supply chain attack was research your honour, I swear!
  • Much, much more

We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.