Blumira Briefings

Blumira
  • 0.0 (0)
  • TECH NEWS

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

  1. SEP 26

    🦔 Blumira Briefings Ep. 20: Rootkit Fixes, Airport Outages, & Entra ID Takeover

    🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔 What We Cover This Week: 🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score  🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances  ✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems  🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants  📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks 💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updates Plus, more insights on: How out-of-bounds write vulnerabilities workThe importance of inventory and asset management for tracking end-of-life equipmentWhy service-to-service (S2S) token abuse is especially concerning for cloud securityThe value of manual fallback procedures when critical systems are compromisedHow trusted publishing with OIDC can strengthen software supply chain securityBest practices for AI governance 🔗 LINKS:  OWASP AI BOM Project: https://owasp.org/www-project-aibom/ SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-blueprint 📰 SOURCES:  WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-for-firebox-firewall-vulnerability/  SonicWall Rootkit Update: https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/  European Airport Disruptions: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/  Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html  GitHub npm Security: https://www.theregister.com/2025/09/23/github_npm_registry_security/  CISO AI Governance: https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html

    55 min

  2. SEP 19

    🦔 Blumira Briefings Ep. 19: Security Wins, Zero Trust Turns 15, Education Beats Ransomware

    It was a rare "light week" for major critical updates, giving us a chance to talk about some deeper trends and stories. Here’s what we covered:  📧 Microsoft Exchange 2016/2019 end of support coming in 30 days - migration options and considerations 💻 NPM supply chain attack limited to minimal damage despite widespread potential impact, attackers made less than $1k 🤖 Microsoft forcing Copilot installation in October - we talk security implications and how to opt-out 🔒 Zero Trust’s quinceañera - can it still help us, or has the term been too “buzzwordified”?  🎓 Education sector's impressive ransomware defense improvements - ransom amounts dropping, and payments dropping even more! 💡 Quick tip of the week: Try treating every remote device as though it were connecting from an unknown coffee shop network - implement strong network segmentation, SSL everywhere, and posture checks to maintain security regardless of connection location Plus, Expert Insights On: Why some organizations still opt for on-premises Exchange versus cloud alternativesThe security implications of auto-installing AI tools like Copilot with hard-to-find opt-out optionsHow the "Salty2FA" phishing kit demonstrates increasing sophistication in social engineering attacksWhy positive reinforcement works better than punishment in security awareness programsHow to leverage education sector successes as examples when advocating for security investments 📰 SOURCES:  Microsoft Exchange 2016/2019 End of Support: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-30-days/  NPM Supply Chain Attack: https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/  Microsoft Copilot Force Install: https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-the-microsoft-365-copilot-app-in-october/  Salty2FA Phishing Kit: https://www.infosecurity-magazine.com/news/salty2fa-phishing-kit/ Education Ransomware Success: https://www.infosecurity-magazine.com/news/ransomware-payments-plummet/ Zero Trust at 15: https://www.securityweek.com/zero-trust-is-15-years-old-why-full-adoption-is-worth-the-struggle/

    55 min

  3. SEP 18

    🦔 Blumira Briefings Ep. 18: Android's Mega Patch, API Key Exploits, Remote Access Abuse Tactics

    🔔 It's time for your essential security download with Blumira Briefings! This week, Zoe is joined by Mike Toole, Nick Dixon, and Justin Kikani to break down the week's most important security headlines with context you can actually use. 🔔 What We Cover This Week: 📱 Android's largest patch of 2025 with 120 fixes, including two actively exploited vulnerabilities 🌐 EOL’d TP-Link router flaws added to CISA's Known Exploited Vulnerabilities catalog ☁️ New research: massive phishing operation abusing expired domains through Google Cloud and Cloudflare infrastructure 🔑 SalesLoft Drift breach via GitHub account compromise affecting 22+ known companies so far 💻 New research showing remote access software abuse as the #1 pre-ransomware indicator 💡 Quick tip of the week: Consider using Canary Tokens embedded in your website's branding or footer to get alerts when someone clones your site for phishing purposes Plus, Expert Insights On: - How to handle Android devices that are no longer receiving manufacturer updates - Why to treat every remote work laptop like it's connecting from a coffee shop - Practical tips for keeping track of your organization's domains, to prevent brand impersonation - Best practices for rapid response to remote access tool abuse, key to preventing ransomware execution - Why you should consider rotating API keys after vendor security incidents 📰 SOURCES: Android's September Security Patch: https://www.theregister.com/2025/09/03/android_patch_september/ TP-Link Router Vulnerabilities: https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html Phishing Empire Using Google Cloud: https://www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflare SalesLoft Drift Breach: https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html Remote Access Abuse Study: https://www.infosecurity-magazine.com/news/remote-access-abuse-pre-ransomware/

    42 min

  4. AUG 27

    🦔 Blumira Briefings Ep. 17: Microsoft ADFS Phishing, NHI Boom, SSA Whistleblower

    🔐 Welcome to Blumira Briefings! This week, Zoe is joined by Chris Furner and Mike Toole to download the latest on critical vulnerabilities and emerging threats you need to know about. 🔐 What We Cover This Week: 🐳 Critical Docker Desktop vulnerability would allow attacks on host through unauthenticated Engine API access  🔑 Git code execution vulnerability added to CISA's Known Exploited Vulnerabilities catalog  🌐 High-severity vulnerabilities patched in Chrome and Firefox browsers (yes, V8 JS Engine again...) 🔒 Attackers using legit office.com links with ADFS redirects to phish 🤖 AI agent security in 2025: non-human identities now outnumber humans 82:1, so... what's your plan? 🚨 Whistleblower reports Social Security database exposure affecting 300+ million Americans 💡 Quick tip of the week: Treat containers as applications running on your machine and scan them before execution, and check container images for vulnerabilities before running them on your system. Expert Insights On: Container security best practices beyond built-in controlsPreventing developers from cloning risky Git repositoriesHow to start keeping count of non-human identities in your environmentEvaluating when legacy systems might have better modern alternatives📰 SOURCES: Docker Desktop Vulnerability: https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/  CISA Git Vulnerability Alert: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/  Chrome/Firefox Patches: https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/  Microsoft ADFS Phishing: http://bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/  AI Identity Management: https://www.darkreading.com/cybersecurity-operations/growing-challenge-ai-agent-nhi-management  Social Security Whistleblower: https://whistleblower.org/press-release/whistleblower-warns-of-possible-risks-to-americans-social-security-information/ 🔍 LINKS:  How to freeze your credit (Krebs on Security): https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/ OWASP Agentic AI Threats & Mitigations: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

    43 min

  5. AUG 22

    🦔 Blumira Briefings Ep. 16: New Cisco CVSS 10, Zero Trust Temp Check, & Special Guest Tom Lawrence!

    🔐 Welcome to Blumira Briefings! This week, our security experts are joined by Tom Lawrence of Lawrence Systems to break down the latest headlines, trends, and tips you need to know about.  What We Cover This Week: 🔥 Cisco's latest CVSS 10.0 vulnerability in Secure Firewall Management Center allows unauthenticated remote command execution 🖥️ Zoom Windows client privilege escalation vulnerability and Xerox FreeFlow Core remote code execution flaws -- patch now! 💬 Microsoft Teams RCE vulnerability allowing attackers to read, write, and delete messages through complex attack 🌡️ Tailscale's 2025 State of Zero Trust Report gives a look at how zero-trust methods are viewed and used today ⚠️ Latest trends on Blumira platform, including suspicious VPN activity and registry value tampering We also got to pick Tom's brain on what he's learned during his 30-year career, and why he's drawn to helping others learn. He also shares all the places he gets his own news updates, and how you can to... check it out! 💡 Quick tip of the week: Embrace uncertainty! When presenting on security topics, it's okay to say "I don't know" and follow up later. EXTRA BONUS TIP: Creating "anti-notes" that remind you what topics to avoid can help keep presentations focused and effective 📰 SOURCES: Cisco Firewall Management Center Vulnerability: https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/ Zoom and Xerox Security Updates: https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html Microsoft Teams RCE Vulnerability: https://cybersecuritynews.com/microsoft-teams-rce-vulnerability/ Tailscale Zero Trust Report: https://tailscale.com/resources/report/zero-trust-report-2025 🔗  RESOURCES: Tom's Security News Feed: https://lawrence.video/cybernews CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model NIST 800-207 Zero Trust Architecture Guide: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

    55 min

  6. AUG 14

    🦔 Blumira Briefings Ep. 15: On-Prem Exchange Risks, S3 Bucket Leaks & Direct Send Phishing Tactics

    Welcome back to Blumira Briefings, freshly back after our summer break! Join Zoe and our panel of security experts Jake Ouellette, Michael Kellar, and Chris Furner as we dive into the week's most critical security headlines with actionable context. What We Cover This Week: 🔐 Critical Microsoft Exchange vulnerability (CVE-2025-53786) affecting on-premises servers - 29,000+ servers remain unpatched, let’s talk why 📱 Android's August security patch addressing critical vulnerabilities, including a zero-click RCE exploit and Qualcomm Adreno GPU flaws  ⏰ Windows 11 23H2 Home and Pro reaching end of support in November - why support cycles are getting shorter ☁️ Millions of records exposed through an unsecured AWS S3 bucket - how this common misconfiguration continues to cause major data breaches  📧 How attackers are abusing Microsoft 365's "Direct Send" feature to bypass security measures and appear as trusted internal senders 💡 Quick tip of the week: Run regular scans for exposed S3 buckets using tools like S3Scanner or S3Enum. Even if you don't think your organization has AWS instances, shadow infrastructure might exist without your knowledge. Plus, Expert Insights On: Why some organizations still maintain on-premises Exchange servers despite cloud alternativesHow to handle Android device security when updates depend on manufacturer timelinesThe challenge of keeping pace with accelerating Windows update cyclesEssential cloud storage security practices to prevent data exposureStrategies to protect against sophisticated internal email spoofing 📰 SOURCES: Microsoft Exchange Vulnerability: https://hackread.com/29k-microsoft-exchange-servers-unpatched-networks-risk/  Android Security Update: https://www.malwarebytes.com/blog/news/2025/08/android-critical-vulnerabilities-patched-update-as-soon-as-you-can  Windows 11 End of Support: https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/ AWS S3 Bucket Exposure: https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/  Microsoft 365 Direct Send Phishing: https://www.darkreading.com/cyber-risk/phishers-abuse-m365-direct-send-to-spoof-internal-users 🔗 LINKS: Atomic Red Team Testing Framework: https://www.atomicredteam.io/ S3Scanner GitHub Repository: https://github.com/sa7mon/S3Scanner  S3Enum GitHub Repository: https://github.com/koenrh/s3enum  DorkSearch Tool: https://dorksearch.com/ Google Dorks Awesome List : https://github.com/Tobee1406/Awesome-Google-Dorks

    51 min

  7. JUL 11

    🦔 Blumira Briefings Ep. 14: Cisco's Critical Vulnerabilities, Chrome Zero-Day, & CitrixBleed 2 Alert

    🚨 Welcome to Blumira Briefings! This week, our security experts Jake, Mike, and Michael join Zoe to help break down critical vulnerabilities and trending threats you need to know about. 🚨 What We Cover This Week: 📱 Two critical Cisco vulnerabilities - hard-coded root credentials in Unified CM (CVSS 10.0) and RCE flaws in Identity Services Engine (CVSS 10.0)  🌐 Google's 4th Chrome zero-day of 2025 - type confusion in the V8 JavaScript engine  ⚠️ CitrixBleed 2 exploits now in the wild - allowing attackers to steal session tokens with a CVSS 9.3 rating  ⚫ Windows' Blue Screen of Death turning black - Microsoft's response to last year's CrowdStrike outage  🤖 AI models providing incorrect login URLs 34% of the time, creating new phishing opportunities 💼 Ingram Micro hit by suspected SafePay ransomware, highlighting supply chain risks 💡 Quick tip of the week: Remind your team that LLMs generate information rather than retrieve it - so it’s important to always verify URLs! Expert Insights On: * Building failover communication options in case primary systems are compromised * How to better validate API security before implementation * Why organizations should treat AI-generated information with skepticism * Defensive domain registration strategies to counter AI misdirection * Preparation steps to mitigate third-party security risks SOURCES: Cisco Root Credential Flaw: https://hackread.com/cisco-emergency-fix-critical-root-credential-flaw-unified-cm/ Cisco ISE Vulnerabilities: https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-rce-flaws-in-identity-services-engine/  Chrome Zero-Day: https://www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/ Windows Blue Screen Changes: https://www.securityweek.com/windows-infamous-blue-screen-of-death-will-soon-turn-black/ CitrixBleed 2 Exploits: https://go.theregister.com/feed/www.theregister.com/2025/07/07/citrixbleed_2_exploits/ AI Models URL Issues: https://www.infosecurity-magazine.com/news/ai-models-mislead-users-login-urls/ Ingram Micro Ransomware: https://www.darkreading.com/cyberattacks-data-breaches/ransomware-attack-outage-ingram-micro RESOURCES: Burnout Assessment Test for Security Professionals: https://github.com/Patrick-Kelley/CBI-CS Jake's video on double extension file attacks: https://youtu.be/qXGcNCSLDKw

    48 min

  8. JUN 27

    🦔 Blumira Briefings Ep. 13: Critical Veeam RCE, NetScaler Vulns, & Zero-Click Copilot Data Theft

    🔔 Welcome back for this week’s episode and your weekly security download! We're joined by Jake Ouellette, Taylor Jacobson, and Amanda Berlin to break down the week's most important security headlines with context you can actually use. 🔔 What We Cover This Week: 📊 Most changed weekly trends, including recurring process dumps for credential theft and suspicious IAM behavior 🔧 Critical Veeam RCE vulnerability (CVE-2025-23121) with a 9.9 CVSS score - make sure to patch this one immediately! 🌐 NetScaler ADC and Gateway vulnerabilities allowing token theft from internet-facing devices 📲 Cisco Meraki MX and Z device vulnerability can DoS VPN connections  💼 Identity theft report showing 148% surge in impersonation scams, with businesses as primary targets  🤖 First-ever zero-click AI data leak vulnerability in Microsoft 365 Copilot dubbed "EchoLeak" Document your recovery processes so anyone can perform them if the primary person is unavailable - don't create single points of failure in your incident response team Plus, Expert Insights On: How to handle emergency patches outside normal change control cyclesWhy testing backup restoration is more critical than just having backupsPractical ways to run tabletop exercises even with limited resourcesStrategies for businesses to prevent impersonation attacksHow organizations can manage AI access to reduce risks NOTE: We'll be on hiatus next week due to the July 4th holiday -- we'll be back on July 11th with more security insights! 📰 SOURCES: Veeam RCE Vulnerability: https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html Citrix NetScaler Vulnerabilities: https://www.darkreading.com/vulnerabilities-threats/citrix-patches-vulns-netscaler-adc-gateway Cisco & Atlassian Patches: https://www.securityweek.com/high-severity-vulnerabilities-patched-by-cisco-atlassian/ Identity Impersonation Scams: https://www.infosecurity-magazine.com/news/reported-impersonation-scams-surge/ Zero-Click AI Data Leak: https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/ 🔗 LINKS: Veeam Advisory: https://www.veeam.com/kb4743 Rapid7 Emergent Threat Response: https://www.rapid7.com/blog/post/etr-critical-veeam-backup-replication-cve-2025-23121/ Citrix Security Bulletin CTX693420: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 OWASP Top 10 for LLM Applications 2025: https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ Defensive Security Handbook: https://www.oreilly.com/library/view/defensive-security-handbook/9781098127237/

    53 min
See All (19)

About

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

Information

  • Creator
    Blumira
  • Years Active
    2K
  • Episodes
    19
  • Rating
    Clean
  • Copyright
    © 2025 Blumira Briefings
  • Show Website
    Blumira Briefings