🦔 Blumira Briefings Ep. 20: Rootkit Fixes, Airport Outages, & Entra ID Takeover

Описание: 🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔

What We Cover This Week:

🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score
🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems
🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants
📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks

💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updates

Plus, more insights on:
How out-of-bounds write vulnerabilities work
The importance of inventory and asset management for tracking end-of-life equipment
Why service-to-service (S2S) token abuse is especially concerning for cloud security
The value of manual fallback procedures when critical systems are compromised
How trusted publishing with OIDC can strengthen software supply chain security
Best practices for AI governance

🔗 LINKS:

OWASP AI BOM Project: https://owasp.org/www-project-aibom/
SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-...

📰 SOURCES:
WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-f...
SonicWall Rootkit Update: https://www.theregister.com/2025/09/2...
European Airport Disruptions: https://www.reuters.com/business/aero... Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/mic...
GitHub npm Security: https://www.theregister.com/2025/09/2... CISO AI Governance: https://thehackernews.com/2025/09/how...