Blumira Briefings
Staying on top of security news shouldn't be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we're seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
••Keep it conversational, informative, and under 30 minutes
Blumira Briefings
🦔 Blumira Briefings Ep. 20: Rootkit Fixes, Airport Outages, & Entra ID Takeover
🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔
What We Cover This Week:
🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score
🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances
✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems
🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants
📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks
💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updates
Plus, more insights on:
- How out-of-bounds write vulnerabilities work
- The importance of inventory and asset management for tracking end-of-life equipment
- Why service-to-service (S2S) token abuse is especially concerning for cloud security
- The value of manual fallback procedures when critical systems are compromised
- How trusted publishing with OIDC can strengthen software supply chain security
- Best practices for AI governance
🔗 LINKS:
OWASP AI BOM Project: https://owasp.org/www-project-aibom/
SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-blueprint
📰 SOURCES:
WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-for-firebox-firewall-vulnerability/
SonicWall Rootkit Update: https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/
European Airport Disruptions: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/
Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html
GitHub npm Security: https://www.theregister.com/2025/09/23/github_npm_registry_security/
CISO AI Governance: https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html