Welcome back for our latest episode of Blumira Briefings!Β
This week, Zoe is joined by Matt Warner (CEO/Co-founder), Mike Toole (Director of IT and Security), and Jake Ouellette (Detection Engineering) to break down the week's headlines with a side of perspective! π
In this episode, we'll cover:
π This week's top threats, suspects, and risks tracked by our detection and response platform
β οΈ New critical security flaws found in VMware Tools and CrushFTP (with CVSS scores of 7.8 and 9.8 respectively! Learn what makes certain vulnerabilities more severe than others
π CheckPoint confirms a breach but says it contains "old data" β we discuss how to evaluate vendor security incidents and what questions customers should be asking
π¬ The Oracle breach saga unfolds in three parts β from denial to confirmation to healthcare data exposure! We discuss what this reveals about breach disclosure practices
π¦ Jake breaks down how a fake Zoom installer led to BlackSuit ransomware through a sophisticated multi-stage attack chain, and how attackers use legitimate tools for malicious purposes
π Why Evilginx tools continue to successfully bypass MFA, and what stronger authentication methods like passkeys can do to help protect your accounts
LINKS/SOURCES π
β οΈ VMWare Tools Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518Β
β οΈ CrushFTP Advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
π οΈ More on canary tokens: https://docs.canarytokens.org/guide/entraid-token.html
π° New Security Flaws Found in VMware Tools and CrushFTP β High Risk, PoC Released: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html
π°Β Check Point confirms breach, but says it was 'old' data and crook made 'false' claims: https://www.theregister.com/2025/03/31/check_point_confirms_breach/
π°Β Oracle denies breach after hacker claims theft of 6 million data records: https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/
π° Oracle customers confirm data stolen in alleged cloud breach is valid: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
π° Oracle Health breach compromises patient data at US hospitals: https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/
π° Fake Zoom Ends in BlackSuit Ransomware: https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/
π° Evilginx Tool (Still) Bypasses MFA: https://www.darkreading.com/endpoint-security/evilginx-bypasses-mfa
Don't miss out on these important security updates β hit that subscribe button and join us every Friday for your weekly security download! πͺ
Popular Podcasts
Fudd Around And Find Out
UConn basketball star Azzi Fudd brings her championship swag to iHeart Womenβs Sports with Fudd Around and Find Out, a weekly podcast that takes fans along for the ride as Azzi spends her final year of college trying to reclaim the National Championship and prepare to be a first round WNBA draft pick. Ever wonder what itβs like to be a world-class athlete in the public spotlight while still managing schoolwork, friendships and family time? Itβs time to Fudd Around and Find Out!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you wonβt hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, youβve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!