Blumira Briefings
Staying on top of security news shouldn't be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we're seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
••Keep it conversational, informative, and under 30 minutes
Blumira Briefings
🦔 Blumira Briefings Ep. 8: Chrome Zero-Days, Microsoft’s BIG Patch Tuesday, DNS Attacks & Exploitability Metrics
🔔 Your essential security download is here! This week on Blumira Briefings, we're joined by Matt Warner, Jake Ouellette, and Mike Toole to break down the latest security headlines with practical insights for busy IT and security teams. 🔔
What We Cover This Week:
📱 Chrome patches 3rd actively-exploited vuln in a week - what this means for browser security
🔐 Microsoft's patch Tuesday fixes 78 flaws, including five 0days and a CVSS 10.0 vulnerability in Azure DevOps Server
🔄 How attackers are abusing dynamic DNS services to create convincing phishing domains and evade detection
🕸️ We look at a novel "Hazy Hawk" attack, exploiting abandoned CNAME records to hijack trusted domains
📊 New "Likely Exploited Vulnerabilities" (LEV) metric proposed by NIST/CISA - will it help your prioritization?
💡 Quick tip of the week: Set a recurring "DNS spring cleaning day" to audit and remove obsolete or unused DNS records to prevent dangling CNAME attacks
Plus, Expert Insights On:
- Can you "just disable JavaScript" in modern web environments?
- How to properly secure your developer machines against token theft
- Why a complex password that's "keyboard walked" doesn't count as secure
- Better approaches to prioritizing vulnerabilities beyond just scores
🔗 RESOURCE LINKS:
Certificate Search: https://crt.sh/
DNS Twist Tool: https://dnstwist.it/
📰 SOURCES:
Google Chrome Zero-Day Fixes: https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/
Microsoft Patch Tuesday: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html
Likely Exploited Vulnerabilities Metric: https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/
Dynamic DNS Attacks: https://www.darkreading.com/threat-intelligence/dynamic-dns-cyberattack-facilitator
Hazy Hawk DNS Hijacking: https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/