Blumira Briefings
Blumira Briefings
Podcast Description
Staying on top of security news shouldn't be another full-time job.Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes
Podcast Insights
Content Themes
The show focuses on critical security issues, trending threats, and risk analysis, with episodes discussing topics such as major vulnerabilities in software, breach incidents involving well-known companies, and analysis of specific security tools and methods. For example, the latest episode covers new flaws in VMware Tools and CrushFTP, CheckPoint's breach confirmation, and the rise of ransomware techniques like BlackSuit.
Staying on top of security news shouldn’t be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we’re seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
••Keep it conversational, informative, and under 30 minutes
🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔
What We Cover This Week:
🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score
🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances
✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems
🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants
📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks
💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updates
Plus, more insights on:
- How out-of-bounds write vulnerabilities work
- The importance of inventory and asset management for tracking end-of-life equipment
- Why service-to-service (S2S) token abuse is especially concerning for cloud security
- The value of manual fallback procedures when critical systems are compromised
- How trusted publishing with OIDC can strengthen software supply chain security
- Best practices for AI governance
🔗 LINKS:
OWASP AI BOM Project: https://owasp.org/www-project-aibom/
SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-blueprint
📰 SOURCES:
WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-for-firebox-firewall-vulnerability/
SonicWall Rootkit Update: https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/
European Airport Disruptions: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/
Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html
GitHub npm Security: https://www.theregister.com/2025/09/23/github_npm_registry_security/
CISO AI Governance: https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.