🔔 This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! 🔔

What We Cover This Week: 

📊 Top trending threats across Blumira's platform - including a 50% WoW increase in Azure single-factor PowerShell auth attempts 

⚠️ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes 

🔥 Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution - plus known exploited vulnerabilities affecting 14,000 devices 

🚨 Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 - why it's time to plan your migration now 

🏛️ CVE program uncertainty and temporary extension - what security teams need to know 

🔐 SSL/TLS certificate lifespans being reduced to just 47 days by 2029 

🤖 "Slopsquatting" attacks leveraging hallucinated package names from AI coding assistants

Plus, Expert Insights On:

• How to use vulnerability announcements to build effective tabletop exercises
• Defensive measures when fixes aren't available for active threats
• Why legacy systems like on-premises Exchange persist despite security risks
• Practical ways to handle certificate management automation
• Strategies for securing AI-assisted code development

Pro Tip: Search your Google Drive/SharePoint for files named "password" - you might be surprised what your team is storing in the cloud!

🔗 SOURCES: 

Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html 

Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution 

Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/ 

CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories 

CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/ 

SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/ 

AI "Slopsquatting" Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/

Subscribe for your weekly security update, and check us out us on YouTube for our video edition! 🎥

🔔 Time for another edition of Blumira Briefings, bringing you the week’s headlines with the extra context you need! 🔔

What We Cover This Week:

📊 Top trending threats, risks, and suspects detected across our platform - including risky Azure sign-ins and Screen Connect anomalies
💻 Halo ITSM vulnerability that allowed pre-auth SQL injection - and how quick vendor responses can demonstrate good security practices 
📱 Android's critical April security update fixing over 60 flaws, including an 0day and plenty of privilege escalation bugs
🔍 NIST's new "deferred" status for older vulnerabilities (and why legacy CVEs still matter)
⚠️ Malicious VS Code extensions used in cryptomining campaigns - find out why attackers keep using this vector
🎣 Tax-themed phishing campaigns deploying BruteRatel, Raccoon and AHKBot malware through sophisticated attack chains

Plus, Expert Insights On:
How to evaluate vendor security incident responses
BYOD considerations for mobile device security
Why old CVEs remain relevant
Mitigating the risks of developer tools like VS Code
How threat actors leverage emotional current events like tax season for effective phishing

Don't miss out on more practical advice for securing your organization -- hit subscribe for your weekly security download. 💪


🔗 LINKS:
CVE Trends Tool: https://intel.intruder.io
MSPGeek: https://mspgeek.org/ 
MSPs R Us: https://discord.com/invite/mspexchange

📰 SOURCES:
Halo ITSM Vulnerability: https://www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/
Android Security Update: https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/
NIST Deferred Status: https://www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities
VS Code Extensions Campaign: https://www.infosecurity-magazine.com/news/microsoft-vs-code-cryptojacking/
Tax Season Phishing: https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

CHAPTERS
0:00 - Introduction
1:12 - Weekly Trends
7:30 - Halo ITSM vulnerability
13:30 - Android's critical April security update
18:59 - NIST's new "deferred" status for older vulnerabilities
26:15 - Malicious VS Code extensions
32:31 - Tax-themed phishing campaigns
44:15 - Outro

Welcome back for our latest episode of Blumira Briefings! 

This week, Zoe is joined by Matt Warner (CEO/Co-founder), Mike Toole (Director of IT and Security), and Jake Ouellette (Detection Engineering) to break down the week's headlines with a side of perspective! 🔒

In this episode, we'll cover:

📊 This week's top threats, suspects, and risks tracked by our detection and response platform
⚠️ New critical security flaws found in VMware Tools and CrushFTP (with CVSS scores of 7.8 and 9.8 respectively! Learn what makes certain vulnerabilities more severe than others
🔍 CheckPoint confirms a breach but says it contains "old data" – we discuss how to evaluate vendor security incidents and what questions customers should be asking
😬 The Oracle breach saga unfolds in three parts – from denial to confirmation to healthcare data exposure! We discuss what this reveals about breach disclosure practices
🦠 Jake breaks down how a fake Zoom installer led to BlackSuit ransomware through a sophisticated multi-stage attack chain, and how attackers use legitimate tools for malicious purposes
🔑 Why Evilginx tools continue to successfully bypass MFA, and what stronger authentication methods like passkeys can do to help protect your accounts

LINKS/SOURCES 🔗
⚠️ VMWare Tools Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518 
⚠️ CrushFTP Advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
🛠️ More on canary tokens: https://docs.canarytokens.org/guide/entraid-token.html

📰 New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html
📰  Check Point confirms breach, but says it was 'old' data and crook made 'false' claims: https://www.theregister.com/2025/03/31/check_point_confirms_breach/
📰  Oracle denies breach after hacker claims theft of 6 million data records: https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/
📰 Oracle customers confirm data stolen in alleged cloud breach is valid: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
📰 Oracle Health breach compromises patient data at US hospitals: https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/
📰 Fake Zoom Ends in BlackSuit Ransomware: https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/
📰 Evilginx Tool (Still) Bypasses MFA: https://www.darkreading.com/endpoint-security/evilginx-bypasses-mfa

Don't miss out on these important security updates – hit that subscribe button and join us every Friday for your weekly security download! 💪