Sign up to save your podcasts
Or
Share 🦔 Blumira Briefings Ep. 15: On-Prem Exchange Risks, S3 Bucket Leaks & Direct Send Phishing Tactics
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
🦔 Blumira Briefings Ep. 15: On-Prem Exchange Risks, S3 Bucket Leaks & Direct Send Phishing Tactics
Welcome back to Blumira Briefings, freshly back after our summer break! Join Zoe and our panel of security experts Jake Ouellette, Michael Kellar, and Chris Furner as we dive into the week's most critical security headlines with actionable context.
What We Cover This Week:
🔐 Critical Microsoft Exchange vulnerability (CVE-2025-53786) affecting on-premises servers - 29,000+ servers remain unpatched, let’s talk why
📱 Android's August security patch addressing critical vulnerabilities, including a zero-click RCE exploit and Qualcomm Adreno GPU flaws
⏰ Windows 11 23H2 Home and Pro reaching end of support in November - why support cycles are getting shorter
☁️ Millions of records exposed through an unsecured AWS S3 bucket - how this common misconfiguration continues to cause major data breaches
📧 How attackers are abusing Microsoft 365's "Direct Send" feature to bypass security measures and appear as trusted internal senders
💡 Quick tip of the week: Run regular scans for exposed S3 buckets using tools like S3Scanner or S3Enum. Even if you don't think your organization has AWS instances, shadow infrastructure might exist without your knowledge.
Plus, Expert Insights On:
- Why some organizations still maintain on-premises Exchange servers despite cloud alternatives
- How to handle Android device security when updates depend on manufacturer timelines
- The challenge of keeping pace with accelerating Windows update cycles
- Essential cloud storage security practices to prevent data exposure
- Strategies to protect against sophisticated internal email spoofing
📰 SOURCES:
Microsoft Exchange Vulnerability: https://hackread.com/29k-microsoft-exchange-servers-unpatched-networks-risk/
Android Security Update: https://www.malwarebytes.com/blog/news/2025/08/android-critical-vulnerabilities-patched-update-as-soon-as-you-can
Windows 11 End of Support: https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/ AWS S3 Bucket Exposure: https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/
Microsoft 365 Direct Send Phishing: https://www.darkreading.com/cyber-risk/phishers-abuse-m365-direct-send-to-spoof-internal-users
🔗 LINKS:
Atomic Red Team Testing Framework: https://www.atomicredteam.io/
S3Scanner GitHub Repository: https://github.com/sa7mon/S3Scanner
S3Enum GitHub Repository: https://github.com/koenrh/s3enum
DorkSearch Tool: https://dorksearch.com/
Google Dorks Awesome List : https://github.com/Tobee1406/Awesome-Google-Dorks
View all episodes
By BlumiraWelcome back to Blumira Briefings, freshly back after our summer break! Join Zoe and our panel of security experts Jake Ouellette, Michael Kellar, and Chris Furner as we dive into the week's most critical security headlines with actionable context.
What We Cover This Week:
🔐 Critical Microsoft Exchange vulnerability (CVE-2025-53786) affecting on-premises servers - 29,000+ servers remain unpatched, let’s talk why
📱 Android's August security patch addressing critical vulnerabilities, including a zero-click RCE exploit and Qualcomm Adreno GPU flaws
⏰ Windows 11 23H2 Home and Pro reaching end of support in November - why support cycles are getting shorter
☁️ Millions of records exposed through an unsecured AWS S3 bucket - how this common misconfiguration continues to cause major data breaches
📧 How attackers are abusing Microsoft 365's "Direct Send" feature to bypass security measures and appear as trusted internal senders
💡 Quick tip of the week: Run regular scans for exposed S3 buckets using tools like S3Scanner or S3Enum. Even if you don't think your organization has AWS instances, shadow infrastructure might exist without your knowledge.
Plus, Expert Insights On:
- Why some organizations still maintain on-premises Exchange servers despite cloud alternatives
- How to handle Android device security when updates depend on manufacturer timelines
- The challenge of keeping pace with accelerating Windows update cycles
- Essential cloud storage security practices to prevent data exposure
- Strategies to protect against sophisticated internal email spoofing
📰 SOURCES:
Microsoft Exchange Vulnerability: https://hackread.com/29k-microsoft-exchange-servers-unpatched-networks-risk/
Android Security Update: https://www.malwarebytes.com/blog/news/2025/08/android-critical-vulnerabilities-patched-update-as-soon-as-you-can
Windows 11 End of Support: https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/ AWS S3 Bucket Exposure: https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/
Microsoft 365 Direct Send Phishing: https://www.darkreading.com/cyber-risk/phishers-abuse-m365-direct-send-to-spoof-internal-users
🔗 LINKS:
Atomic Red Team Testing Framework: https://www.atomicredteam.io/
S3Scanner GitHub Repository: https://github.com/sa7mon/S3Scanner
S3Enum GitHub Repository: https://github.com/koenrh/s3enum
DorkSearch Tool: https://dorksearch.com/
Google Dorks Awesome List : https://github.com/Tobee1406/Awesome-Google-Dorks