🦔 Blumira Briefings, Ep. 3: Halo Fixes, NIST Changes, and Tax Phishing Prevention Tips

🔔 Time for another edition of Blumira Briefings, bringing you the week’s headlines with the extra context you need! 🔔 What We Cover This Week: 📊 Top trending threats, risks, and suspects detected across our platform - including risky Azure sign-ins and Screen Connect anomalies 💻 Halo ITSM vulnerability that allowed pre-auth SQL injection - and how quick vendor responses can demonstrate good security practices 📱 Android's critical April security update fixing over 60 flaws, including an 0day and plenty of privilege escalation bugs 🔍 NIST's new "deferred" status for older vulnerabilities (and why legacy CVEs still matter) ⚠️ Malicious VS Code extensions used in cryptomining campaigns - find out why attackers keep using this vector 🎣 Tax-themed phishing campaigns deploying BruteRatel, Raccoon and AHKBot malware through sophisticated attack chains Plus, Expert Insights On: How to evaluate vendor security incident responses BYOD considerations for mobile device security Why old CVEs remain relevant Mitigating the risks of developer tools like VS Code How threat actors leverage emotional current events like tax season for effective phishing Don't miss out on more practical advice for securing your organization -- hit subscribe for your weekly security download. 💪 🔗 LINKS: CVE Trends Tool: https://intel.intruder.io MSPGeek: https://mspgeek.org/ MSPs R Us: https://discord.com/invite/mspexchange 📰 SOURCES: Halo ITSM Vulnerability: https://www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/ Android Security Update: https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/ NIST Deferred Status: https://www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities VS Code Extensions Campaign: https://www.infosecurity-magazine.com/news/microsoft-vs-code-cryptojacking/ Tax Season Phishing: https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/ CHAPTERS 0:00 - Introduction 1:12 - Weekly Trends 7:30 - Halo ITSM vulnerability 13:30 - Android's critical April security update 18:59 - NIST's new "deferred" status for older vulnerabilities 26:15 - Malicious VS Code extensions 32:31 - Tax-themed phishing campaigns 44:15 - Outro