🔔 Your essential security download is here! This week on Blumira Briefings, we're joined by Matt Warner, Jake Ouellette, and Mike Toole to break down the latest security headlines with practical insights for busy IT and security teams. 🔔
What We Cover This Week:
📱 Chrome patches 3rd actively-exploited vuln in a week - what this means for browser security
🔐 Microsoft's patch Tuesday fixes 78 flaws, including five 0days and a CVSS 10.0 vulnerability in Azure DevOps Server
🔄 How attackers are abusing dynamic DNS services to create convincing phishing domains and evade detection
🕸️ We look at a novel "Hazy Hawk" attack, exploiting abandoned CNAME records to hijack trusted domains
📊 New "Likely Exploited Vulnerabilities" (LEV) metric proposed by NIST/CISA - will it help your prioritization?
💡 Quick tip of the week: Set a recurring "DNS spring cleaning day" to audit and remove obsolete or unused DNS records to prevent dangling CNAME attacks
Plus, Expert Insights On:
- Can you "just disable JavaScript" in modern web environments?
- How to properly secure your developer machines against token theft
- Why a complex password that's "keyboard walked" doesn't count as secure
- Better approaches to prioritizing vulnerabilities beyond just scores
🔗 RESOURCE LINKS:
Certificate Search: https://crt.sh/
DNS Twist Tool: https://dnstwist.it/
📰 SOURCES:
Google Chrome Zero-Day Fixes: https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/
Microsoft Patch Tuesday: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html
Likely Exploited Vulnerabilities Metric: https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/
Dynamic DNS Attacks: https://www.darkreading.com/threat-intelligence/dynamic-dns-cyberattack-facilitator
Hazy Hawk DNS Hijacking: https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/
Popular Podcasts
Fudd Around And Find Out
UConn basketball star Azzi Fudd brings her championship swag to iHeart Women’s Sports with Fudd Around and Find Out, a weekly podcast that takes fans along for the ride as Azzi spends her final year of college trying to reclaim the National Championship and prepare to be a first round WNBA draft pick. Ever wonder what it’s like to be a world-class athlete in the public spotlight while still managing schoolwork, friendships and family time? It’s time to Fudd Around and Find Out!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.