Blumira Briefings
Staying on top of security news shouldn't be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we're seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
••Keep it conversational, informative, and under 30 minutes
Blumira Briefings
Blumira Briefings, Ep. 2: Breach News, BlackSuit, and Begone Batch Files!
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Welcome back for our latest episode of Blumira Briefings!
This week, Zoe is joined by Matt Warner (CEO/Co-founder), Mike Toole (Director of IT and Security), and Jake Ouellette (Detection Engineering) to break down the week's headlines with a side of perspective! 🔒
In this episode, we'll cover:
📊 This week's top threats, suspects, and risks tracked by our detection and response platform
⚠️ New critical security flaws found in VMware Tools and CrushFTP (with CVSS scores of 7.8 and 9.8 respectively! Learn what makes certain vulnerabilities more severe than others
🔍 CheckPoint confirms a breach but says it contains "old data" – we discuss how to evaluate vendor security incidents and what questions customers should be asking
😬 The Oracle breach saga unfolds in three parts – from denial to confirmation to healthcare data exposure! We discuss what this reveals about breach disclosure practices
🦠 Jake breaks down how a fake Zoom installer led to BlackSuit ransomware through a sophisticated multi-stage attack chain, and how attackers use legitimate tools for malicious purposes
🔑 Why Evilginx tools continue to successfully bypass MFA, and what stronger authentication methods like passkeys can do to help protect your accounts
LINKS/SOURCES 🔗
⚠️ VMWare Tools Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518
⚠️ CrushFTP Advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
🛠️ More on canary tokens: https://docs.canarytokens.org/guide/entraid-token.html
📰 New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html
📰 Check Point confirms breach, but says it was 'old' data and crook made 'false' claims: https://www.theregister.com/2025/03/31/check_point_confirms_breach/
📰 Oracle denies breach after hacker claims theft of 6 million data records: https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/
📰 Oracle customers confirm data stolen in alleged cloud breach is valid: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
📰 Oracle Health breach compromises patient data at US hospitals: https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/
📰 Fake Zoom Ends in BlackSuit Ransomware: https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/
📰 Evilginx Tool (Still) Bypasses MFA: https://www.darkreading.com/endpoint-security/evilginx-bypasses-mfa
Don't miss out on these important security updates – hit that subscribe button and join us every Friday for your weekly security download! 💪