Explore every episode of the podcast Cyberside Chats: Cybersecurity Insights from the Experts
| Title | Pub. Date | Duration | |
|---|---|---|---|
| We don’t break in, we badge in | 07 Apr 2026 | 00:28:40 | |
In this episode, Matt interviews Tom and Derek from our pen test team to break down why attackers often don’t need to hack their way in at all. While most organizations invest heavily in tools like EDR and SIEM, Tom and Derek share how they regularly get inside buildings using nothing more than confidence, a good story, and sometimes even a box of donuts. From posing as copier technicians to tailgating behind employees, their experiences show that people are often the easiest way into an organization. And once they’re in, things escalate fast. Physical access can quickly turn into network access, whether it’s plugging in a device, jumping on an unlocked workstation, or moving through the environment with far fewer restrictions than an external attacker would face. The big takeaway is simple. Real-world testing exposes what audits miss. Doors get propped open, employees try to be helpful, and small gaps add up in ways most organizations never see on paper. If you’re not testing your people and your physical controls, you’re only testing part of your security.
Key takeaways: 1. Attackers target people first, not systems - Social engineering consistently bypasses even mature technical controls. 2. Physical access equals full compromise - Once inside your facility, most security controls can be circumvented quickly. 3. Un-tested controls are assumed to fail - If you’re not running social engineering or physical assessments, you don’t know your real risk. 4. Culture is a security control - Employees must feel empowered to challenge, verify, and report suspicious behavior. 5. Real-world testing reveals what audits miss - Offensive social engineering exposes how attacks succeed, not just theoretical vulnerabilities. | |||
| Stryker Attack Analysis: Cybersecurity and insurance perspectives | 31 Mar 2026 | 00:35:15 | |
A $25 billion medical device company brought to a standstill—without a zero-day exploit. In this episode of Cyberside Chats, Sherri Davidoff is joined by cyber insurance expert Bridget Quinn Choi to unpack the Stryker cyberattack and what it reveals about modern enterprise risk. From compromised admin credentials to the abuse of Microsoft Entra and Intune, this incident highlights how attackers are increasingly using trusted tools to cause widespread disruption. We explore what likely happened, why this wasn’t a “sophisticated” attack in the traditional sense, and how a single identity compromise can cascade into operational shutdown. Bridget brings a unique perspective from the cyber insurance world—explaining how insurers evaluate risk, why some large companies choose to go without coverage, and what organizations lose when they do. We also dig into phishing-resistant MFA, governance of powerful admin tools, and the evolving role of insurance as both a financial backstop and a driver of better security practices. If your organization relies on centralized identity and device management systems, this is a conversation you can’t afford to miss.
Key Takeaways for Security Leadership 1. Use Cyber Insurance as a Security Maturity Lever Don’t treat cyber insurance as a checkbox—it can actively strengthen your security program. Use underwriting requirements to benchmark your controls, ask brokers and carriers where you differ from peers, and take advantage of included services like threat intelligence and incident response support. Approach renewal as a security review, not just a policy purchase. 2. Treat Self-Insurance as a Strategic Risk Decision—Not a Cost Savings Measure If you’re considering self-insuring cyber risk, account for what you’re giving up: external validation of your controls, a built-in incident response ecosystem, and coordinated support during a crisis. This should be a board-level discussion focused on whether the organization can handle a major operational outage—not just absorb the financial loss. 3. Secure Your Device Management Systems—Because They Can Control Everything at Once Systems used to manage laptops, servers, and mobile devices can push changes across your entire organization. If attackers gain access, they can disrupt operations at scale. Treat these as central control hubs, limit administrative access, and apply strong monitoring and authentication controls. 4. Require Dual Approval for High-Impact Administrative Actions Add a second layer of human verification for actions that could impact many systems, such as device wipes or large-scale changes. This introduces intentional friction that helps prevent catastrophic mistakes or misuse. 5. Move to Phishing-Resistant MFA for Privileged Access Traditional MFA can be bypassed. For high-risk accounts, adopt phishing-resistant methods like passkeys or hardware-backed authentication and prioritize these protections for users with administrative access. 6. Make Sure You Can Actually Recover—Not Just Back Up Backups only matter if they work under pressure. Test your ability to restore critical systems, ensure backups are protected from attackers, and measure how long recovery actually takes in a real-world scenario.
Resources 1. Stryker cyberattack reporting (New York Times) https://www.nytimes.com/2026/03/12/world/middleeast/stryker-iran-cyberattack.html 2. CISA alert on endpoint management system hardening https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization 3. SecurityWeek coverage of the Stryker incident https://www.securityweek.com/medtech-giant-stryker-crippled-by-iran-linked-hacker-attack/ 4. Lumos analysis of the Stryker hack https://www.lumos.com/blog/stryker-hack 5. Microsoft Intune security best practices https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117
| |||
| Data Is Hazardous Material: How Data Brokers Telematics and Over-Collection Are Reshaping Cyber Risk | 20 Jan 2026 | 00:19:25 | |
The FTC has issued an order against General Motors for collecting and selling drivers’ precise location and behavior data, gathered every few seconds and marketed as a safety feature. That data was sold into insurance ecosystems and used to influence pricing and coverage decisions — a clear reminder that how organizations collect, retain, and share data now carries direct security, regulatory, and financial risk. In this episode of Cyberside Chats, we explain why the GM case matters to CISOs, cybersecurity leaders, and IT teams everywhere. Data proliferation doesn’t just create privacy exposure; it creates systemic risk that fuels identity abuse, authentication bypass, fake job applications, and deepfake campaigns across organizations. The message is simple: data is hazardous material, and minimizing it is now a core part of cybersecurity strategy. Key Takeaways: 1. Prioritize data inventory and mapping in 2026 You cannot assess risk, select controls, or meet regulatory obligations without knowing what data you have, where it lives, how it flows, and why it is retained. 2. Reduce data to reduce risk Data minimization is a security control that lowers breach impact, compliance burden, and long-term cost. 3. Expect that regulators care about data use, not just breaches Enforcement increasingly targets over-collection, secondary use, sharing, and retention even when no breach occurs. 4. Create and actively use a data classification policy Classification drives retention, access controls, monitoring, and protection aligned to data value and regulatory exposure. 5. Design identity and recovery assuming personal data is already compromised Build authentication and recovery flows that do not rely on the secrecy of SSNs, dates of birth, addresses, or other static personal data. 6. Train teams on data handling, not just security tools Ensure engineers, IT staff, and business teams understand what data can be collected, how long it can be retained, where it may be stored, and how it can be shared. Resources: 1. California Privacy Protection Agency — Delete Request and Opt-Out Platform (DROP) 2. FTC Press Release — FTC Takes Action Against General Motors for Sharing Drivers’ Precise Location and Driving Behavior Data 3. California Delete Act (SB 362) — Overview https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362 4. Texas Attorney General — Data Privacy Enforcement Actions https://www.texasattorneygeneral.gov/news/releases 5. Data Breaches by Sherri Davidoff https://www.amazon.com/Data-Breaches-Opportunity-Sherri-Davidoff/dp/0134506782 | |||
| Venezuela’s Blackout: Cybercrime Domino Effect | 13 Jan 2026 | 00:13:42 | |
When Venezuela experienced widespread power and internet outages, the impact went far beyond inconvenience—it created a perfect environment for cyber exploitation. In this episode of Cyberside Chats, we use Venezuela’s disruption as a case study to show how cyber risk escalates when power, connectivity, and trusted services break down. We examine why phishing, fraud, and impersonation reliably surge after crises, how narratives around cyber-enabled disruption can trigger copycat or opportunistic attacks, and why even well-run organizations resort to risky security shortcuts when normal systems fail. We also explore how attackers weaponize emergency messaging, impersonate critical infrastructure and connectivity providers, and exploit verification failures when standard workflows are disrupted. The takeaway is simple: when infrastructure collapses, trust erodes—and cybercrime scales quickly to fill the gap. | |||
| What the Epstein Files Teach Us About Redaction and AI | 06 Jan 2026 | 00:15:28 | |
The December release of the Epstein files wasn’t just controversial—it exposed a set of security problems organizations face every day. Documents that appeared heavily redacted weren’t always properly sanitized. Some files were pulled and reissued, drawing even more attention. And as interest surged, attackers quickly stepped in, distributing malware and phishing sites disguised as “Epstein archives.” In this episode of Cyberside Chats, we use the Epstein files as a real-world case study to explore two sides of the same problem: how organizations can be confident they’re not releasing more data than intended, and how they can trust—or verify—the information they consume under pressure. We dig into redaction failures, how AI tools change the risk model, how attackers weaponize breaking news, and practical ways teams can authenticate data before reacting. | |||
| Amazon's Warning: The New Reality of Initial Access | 30 Dec 2025 | 00:15:55 | |
Amazon released two security disclosures in the same week — and together, they reveal how modern attackers are getting inside organizations without breaking in. One case involved a North Korean IT worker who entered Amazon’s environment through a third-party contractor and was detected through subtle behavioral anomalies rather than malware. The other detailed a years-long Russian state-sponsored campaign that shifted away from exploits and instead abused misconfigured edge devices and trusted infrastructure to steal and replay credentials. Together, these incidents show how nation-state attackers are increasingly blending into human and technical systems that organizations already trust — forcing defenders to rethink how initial access really happens going into 2026.
Key Takeaways 1. Treat hiring and contractors as part of your attack surface. Nation-state actors are deliberately targeting IT and technical roles. Contractor onboarding, identity verification, and access scoping should be handled with the same rigor as privileged account provisioning. 2. Secure and monitor network edge devices as identity infrastructure Misconfigured edge devices have become a primary initial access vector. Inventory them, assign ownership, restrict management access, and monitor them like authentication systems — not just networking gear. 3. Enforce strong MFA everywhere credentials matter If credentials can be used without MFA, assume they will be abused. Require MFA on VPNs, edge device management interfaces, cloud consoles, SaaS admin portals, and internal administrative access. 4. Harden endpoints and validate how access actually occurs Endpoint security still matters. Harden devices and look for signs of remote control, unusual latency, or access paths that don’t match how work is normally done. 5. Shift detection from “malicious” to “out of place” The most effective attacks often look legitimate. Focus detection on behavioral mismatches — access that technically succeeds but doesn’t align with role, geography, timing, or expected workflow.
Resources: 1. Amazon Threat Intelligence Identifies Russian Cyber Threat Group Targeting Western Critical Infrastructure 2. Amazon Caught North Korean IT Worker by Tracing Keystroke Data 3. North Korean Infiltrator Caught Working in Amazon IT Department Thanks to Keystroke Lag 4. Confessions of a Laptop Farmer: How an American Helped North Korea’s Remote Worker Scheme 5. Hiring security checklist https://www.lmgsecurity.com/resources/hiring-security-checklist/ | |||
| AI Broke Trust: Identity Has to Step Up in 2026 | 23 Dec 2025 | 00:32:44 | |
AI has supercharged phishing, deepfakes, and impersonation attacks—and 2025 proved that our trust systems aren’t built for this new reality. In this episode, Sherri and Matt break down the #1 change every security program needs in 2026: dramatically improving identity and authentication across the organization. We explore how AI blurred the lines between legitimate and malicious communication, why authentication can no longer stop at the login screen, and where organizations must start adding verification into everyday workflows—from IT support calls to executive requests and financial approvals. Plus, we discuss what “next-generation” user training looks like when employees can no longer rely on old phishing cues and must instead adopt identity-safety habits that AI can’t easily spoof. If you want to strengthen your security program for the year ahead, this is the episode to watch. Key Takeaways:
Tune in weekly on Tuesdays at 6:30 am ET for more cybersecurity advice, and visit www.LMGsecurity.com if you need help with cybersecurity testing, advisory services, or training. Resources: CFO.com – Deepfake CFO Scam Costs Engineering Firm $25 Million https://www.cfo.com/news/deepfake-cfo-hong-kong-25-million-fraud-cyber-crime/ Retool – MFA Isn’t MFA https://retool.com/blog/mfa-isnt-mfa Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/ Wired – Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data https://www.wired.com/story/doxers-posing-as-cops-are-tricking-big-tech-firms-into-sharing-peoples-private-data/ LMG Security – 5 New-ish Microsoft Security Features & What They Reveal About Today’s Threats https://www.lmgsecurity.com/5-new-ish-microsoft-security-features-what-they-reveal-about-todays-threats/
| |||
| The 5 New-ish Microsoft Security Features to Roll Out in 2026 | 16 Dec 2025 | 00:20:49 | |
Microsoft is rolling out a series of new-ish security features across Microsoft 365 in 2026 — and these updates are no accident. They’re direct responses to how attackers are exploiting collaboration tools like Teams, Slack, Zoom, and Google Chat. In this episode, Sherri and Matt break down the five features that matter most, why they’re happening now, and how every organization can benefit from these lessons, even if you’re not a Microsoft shop. We explore the rise of impersonation attacks inside collaboration platforms, the security implications of AI copilots like Microsoft Copilot and Gemini, and why identity boundaries and data governance are quickly becoming foundational to modern security programs. You’ll come away with a clear understanding of what these new-ish Microsoft features signal about the evolving threat landscape — and practical steps you can take today to strengthen your security posture.
Key Takeaways
Please follow our podcast for the latest cybersecurity advice, and visit us at www.LMGsecurity.com if you need help with technical testing, cybersecurity consulting, and training! Resources Mentioned
| |||
| The Extension That Spied on You: Inside ShadyPanda’s 7-Year Attack | 09 Dec 2025 | 00:20:58 | |
A massive 7-year espionage campaign hid in plain sight. Harmless Chrome and Edge extensions — wallpaper tools, tab managers, PDF converters — suddenly flipped into full surveillance implants, impacting more than 4.3 million users. In this episode, we break down how ShadyPanda built trust over years, then weaponized auto-updates to steal browsing history, authentication tokens, and even live session cookies. We’ll walk through the timeline, what data was stolen, why session hijacking makes this attack so dangerous, and the key steps security leaders must take now to prevent similar extension-based compromises. Key Takeaways
Please tune in weekly for more cybersecurity advice, and visit www.LMGsecurity.com if you need help with your cybersecurity testing, advisory services, and training. Resources:
#ShadyPanda #browserextension #browsersecurity #cybersecurity #cyberaware #infosec #cyberattacks #ciso | |||
| Inside Jobs: How CrowdStrike, DigitalMint & Tesla Got Burned | 02 Dec 2025 | 00:23:27 | |
Insider threats are accelerating across every sector. In this episode, Sherri and Matt unpack the CrowdStrike insider leak, the two DigitalMint employees indicted for BlackCat ransomware activity, and Tesla’s multi-year insider incidents ranging from nation-state bribery to post-termination extortion. They also examine the 2025 crackdown on North Korean operatives who used stolen identities and deepfake interviews to get hired as remote workers inside U.S. companies. Together, these cases reveal how attackers are buying, recruiting, impersonating, and embedding insiders — and why organizations must rethink how they detect and manage trusted access.
Key Takeaways
Resources:
Want to attend a live version of Cyberside Chats? Visit us at https://www.lmgsecurity.com/lmg-resources/cyberside-chats-podcast/ to register for our next monthly live session.
#insiderthreat #cybersecurity #cyberaware #cybersidechats #ransomware #ransomwareattack #crowdstrike #DigitalMint #tesla #remotework | |||
| Made in China—Hacked Everywhere? | 25 Nov 2025 | 00:25:46 | |
From routers to office cameras to employee phones and even the servers running your network, Chinese-manufactured components are everywhere—including throughout your own organization. In this live Cyberside Chats, we’ll explore how deeply these devices are embedded in modern infrastructure and what that means for cybersecurity, procurement, and third-party risk. We’ll break down new government warnings about hidden communication modules, rogue firmware, and “ghost devices” in imported tech—and how even trusted brands may ship products with risky components. Most importantly, we’ll share what you can do right now to identify exposure, strengthen procurement and third-party risk management (TPRM) processes, and protect your organization before the next breach or regulation hits. Join us live for a 25-minute deep dive plus Q&A—and find out whether your supply chain is truly secure… or “Made in China—and Hacked Everywhere.” Key Takeaways:
References:
#chinesehackers #cybersecurity #infosec #LMGsecurity #ciso #TPRM #thirdpartyrisk #security | |||
| Holiday Hackers—The 2025 AI Fraud Boom | 18 Nov 2025 | 00:14:07 | |
Hackers are using AI to supercharge holiday scams—flooding the web with fake ads, phishing pages, and credential-stealing bots. This season, researchers predict a record spike in automated attacks and malvertising campaigns that blur the line between human and machine. Sherri Davidoff and Matt Durrin break down what’s new this holiday season—from AI-generated phishing kits and bot-driven account takeovers to the rise of prebuilt “configs” for credential stuffing. We used WormGPT to produce a ready-to-run holiday phishing page—a proof-of-concept that demonstrates how quickly scammers can launch these attacks with evil AI tools. This episode reveals how personal habits turn into corporate risk. Before Black Friday and Christmas hit, learn what your team can do right now to protect people, passwords, and payments. Key Takeaways – How to Defend Against the 2025 AI Fraud Boom
Don't forget to follow us for more cybersecurity advice, and visit us at www.LMGsecurity.com for tip sheets, blogs, and more advice! Resources:
#HolidayScams #Phishing #Malvertising #Cybersecurity #Cyberaware #SMB #BlackFridayScams | |||
| Mass Exploitation 2.0: Web Platforms Under Attack | 24 Mar 2026 | 00:23:28 | |
Mass exploitation vulnerabilities are back—and they’re evolving. In this Cyberside Chats Live episode, we break down the recently disclosed React2Shell vulnerability and the confirmed LexisNexis incident, where attackers exploited an unpatched web application to access cloud infrastructure and exfiltrate data. But this isn’t new. From SQL Slammer to Log4Shell to ProxyShell, we’ve seen this pattern before: widely deployed, internet-facing systems + simple exploits + automation = rapid, large-scale compromise. Most importantly, we focus on what matters for organizations today: how to reduce exposure, how to prepare for the next mass exploitation event, and why you should assume compromise the moment one of these vulnerabilities emerges.
Key Takeaways for Security Leaders 1. Inventory and monitor all internet-facing systems. Maintain a current, validated inventory of externally accessible applications and services—because you can’t secure what you don’t know is exposed. 2. Reduce unnecessary exposure at the network edge. Remove or restrict public access to administrative interfaces and systems that do not need to be internet-facing. 3. Build and rehearse a rapid-response playbook for mass-exploitation vulnerabilities. Define roles, timelines, and actions for the first 24–72 hours so your team can move immediately when the next major vulnerability drops. 4. Contact critical vendors and suppliers during major vulnerability events. Don’t wait—proactively verify whether your vendors are affected and whether your data may be at risk through third- or fourth-party exposure. 5. Assume vulnerable internet-facing systems may already be compromised. When mass exploitation begins, attackers are moving at internet speed—patching alone is not enough. Investigate, hunt for persistence, and validate that systems are clean.
Resources 1. React2Shell vulnerability coverage (BleepingComputer) https://www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable/ 2. LexisNexis breach details (BleepingComputer) https://www.bleepingcomputer.com/news/security/lexisnexis-confirms-data-breach-as-hackers-leak-stolen-files/ 3. Compromised web hosting panels in cybercrime markets (BleepingComputer) https://www.bleepingcomputer.com/news/security/compromised-site-management-panels-are-a-hot-item-in-cybercrime-markets/ 4. CISA Known Exploited Vulnerabilities Catalog https://www.cisa.gov/known-exploited-vulnerabilities-catalog
| |||
| LOUVRE Was the Password?! Cybersecurity Lessons from the Heist | 11 Nov 2025 | 00:17:53 | |
When thieves pulled off a lightning-fast heist at the Louvre on October 19, 2025, the world focused on the stolen jewels. But leaked audit reports soon revealed another story — one of weak passwords, legacy systems, and a decade of ignored warnings. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the cybersecurity lessons behind the Louvre’s seven-minute robbery. They explore how outdated infrastructure, poor vendor oversight, and default credentials mirror the same risks plaguing modern organizations — from hospitals to banks. Listen as Sherri and Matt connect the dots between a world-famous museum and your own IT environment — and share practical steps to keep your organization from becoming the next headline. Key Takeaways
Don't forget to follow us for weekly expert cybersecurity insights on today's threats. Resources YouTube – Hank Green interviews Sherri Davidoff on the Louvre Heist LMG Security – “How Hackers Turned Cameras into Crypto Miners” (Scientific American) #louvreheist #cybersecurity #cyberaware #password #infosec #ciso | |||
| Poisoned Search: How Hackers Turn Google Results into Backdoors | 04 Nov 2025 | 00:21:10 | |
Attackers are poisoning search results and buying sponsored ads to push malware disguised as trusted software. In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake Microsoft Teams installers. Learn how these attacks exploit everyday user behavior, why they’re so effective, and what your organization can do to stop them. Whether you’re a security leader, risk manager, or seasoned IT pro, you’ll walk away with clear, practical steps to reduce exposure and strengthen your defenses against the poisoned web.
KEY TAKEAWAYS
Please like and subscribe for more cybersecurity content, and visit us at www.LMGsecurity.com if you need help with cybersecurity, training, testing, or policy development. Resources & References
| |||
| The AWS Outage and Hidden Fourth-Party Risks | 28 Oct 2025 | 00:14:36 | |
When Amazon Web Services went down on October 20, 2025, the impact rippled around the world. The outage knocked out Slack messages, paused financial trades, grounded flights, and even stopped people from charging their electric cars. From Coinbase to college classrooms, from food delivery apps to smart homes, millions discovered just how deeply their lives depend on a single cloud provider. In this episode, Sherri Davidoff and Matt Durrin break down what really happened inside AWS’s U.S.-East-1 region, why one glitch in a database called DynamoDB cascaded across the globe, and what it teaches us about the growing risk from invisible “fourth-party” dependencies that lurk deep in our digital supply chains. Key Takeaways
Resources: #cybersecurity #thirdpartyrisk #riskmanagement #infosec #ciso #cyberaware #Fourthpartyrisk #cybersidechats #lmgsecurity #aws #awsoutage | |||
| Ransomware in the Fast Lane: Lessons from the Jaguar Land Rover Attack | 21 Oct 2025 | 00:19:37 | |
When ransomware forced Jaguar Land Rover to halt production for six weeks, the impact rippled through global supply chains — from luxury car lines to small suppliers fighting to stay afloat. In this episode, Sherri Davidoff and Matt Durrin examine what happened, why manufacturing has become ransomware’s top target, and what new data from Sophos and Black Kite reveal about the latest attack trends. They share practical insights on how organizations can strengthen resilience, secure supply chains, and prepare for the next wave of operational ransomware attacks.
Key Takeaways
References & Further Reading | |||
| The Power of “Why” – Communicating Cybersecurity Effectively | 14 Oct 2025 | 00:24:14 | |
In this episode of Cyberside Chats, Matt Durrin and his guest explore what makes cybersecurity communication effective — whether you’re leading a sales presentation, a training session, or a tabletop exercise. The discussion dives into how to move beyond technical jargon and statistics to tell stories that resonate. Listeners will learn how understanding and communicating the “why” behind security practices can dramatically improve engagement, retention, and impact across any audience.
Top Takeaways
#cybersecurity #cyberawareness #cyberaware #training #technicaltraining #ciso #cybersecuritytraining #CybersideChats #LMGsecurity | |||
| Shutdown Fallout: The Cybersecurity Information Sharing Act Expires | 07 Oct 2025 | 00:17:21 | |
When the government shut down, the Cybersecurity Information Sharing Act of 2015 expired with it. That law provided liability protections for cyber threat information sharing and underpinned DHS’s Automated Indicator Sharing (AIS) program, which costs about $1M a month to run. Is it worth the cost? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the value of public-private information sharing, the uncertain future of AIS, and how cybersecurity leaders should adapt as visibility gaps emerge. Along the way, they share a real-world story of how information sharing stopped a ransomware attack in its tracks — and what could happen if those pipelines dry up. Key Takeaways:
Resources:
#CybersideChats #CISA #CISO #cybersecurity #infosec | |||
| Inside the Spider’s Web: What Indictments Reveal About Scattered Spider | 30 Sep 2025 | 00:19:25 | |
Scattered Spider is back in the headlines, with two recent arrests — Thalha Jubair in the UK and a teenager in Nevada — bringing fresh attention to one of the most disruptive cybercriminal crews today. But the real story is in the indictments: they offer a rare inside look at the group’s structure, their victims, and the mistakes that led law enforcement to track them down. In this episode, Sherri Davidoff and Matt Durrin break down what the indictments reveal about Scattered Spider’s tactics, roles, and evolution, and what defenders can learn from these cases. Key Takeaways:
Resources:
#cyberattack #cybersecurity #cybercrime #informationsecurity #infosec #databreach #databreaches #ScatteredSpider | |||
| Vibe Hacking: The Dark Side of AI Coding | 23 Sep 2025 | 00:27:47 | |
What happens when the same AI tools that make coding easier also give cybercriminals new powers? In this episode of Cyberside Chats Live, we explore the rise of “vibe coding” and its darker twin, “vibe hacking.” You’ll learn how AI is reshaping software development, how attackers are turning those vibes into cybercrime, and what it means for the future of security.
Key Takeaways
References
#AIhacking #AIcoding #vibehacking #vibecoding #cyberattack #cybersecurity #infosec #informationsecurity #datasecurity | |||
| The Saga Continues: More Dirt on the Salesforce–Drift Breach | 16 Sep 2025 | 00:16:58 | |
When we first covered the Salesforce–Drift breach, we knew it was bad. Now it’s clear the impact is even bigger. Hundreds of organizations — including Cloudflare, Palo Alto Networks, Zscaler, Proofpoint, Rubrik, and even financial firms like Wealthsimple — have confirmed they were affected. The root cause? A compromised GitHub account that opened the door to Drift’s AWS environment and gave attackers access to Salesforce and other cloud integrations. In Part 2, Sherri Davidoff and Matt Durrin dig into the latest updates: what’s new in the investigation, why more victim disclosures are coming, and how the GitHub compromise ties into a wider trend of supply chain attacks like GhostAction. They also share practical advice for what to do if you’ve been impacted by Drift — or if you want to prepare for the next third-party SaaS compromise. Tips for SaaS Incident Response:
References: #salesforcehack #salesforce #SalesforceDrift #cybersecurity #cyberattack #databreaches #datasecurity #infosec #informationsecurity | |||
| Connected App, Connected Risk: The Salesforce–Drift Incident | 09 Sep 2025 | 00:13:54 | |
A single weak app integration opened the door for attackers to raid data from some of the world’s largest companies. Salesforce environments were hit hardest—with victims like Cloudflare, Palo Alto Networks, and Zscaler—but the blast radius also reached other SaaS platforms, including Google Workspace. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down the Salesforce–Drift breach: how OAuth tokens became skeleton keys, why media headlines about billions of Gmail users were wrong, and what organizations need to do to protect themselves from similar supply chain attacks. Key Takeaways
References
#Salesforcehack #SalesforceDrift #cybersecurity #cyberattack #cyberaware | |||
| Is Anthropic a Pentagon “Supply Chain Risk”? | 17 Mar 2026 | 00:13:08 | |
Anthropic has been labeled a “Supply-Chain Risk to National Security” after refusing two uses of its models: mass surveillance of Americans and lethal autonomous warfare without human oversight. But is Anthropic really a supply-chain risk, and how does this designation affect businesses that use Claude? In this episode, Sherri Davidoff and Matt Durrin unpack the timeline behind the Pentagon’s designation, what Anthropic claims is actually driving the conflict, and what’s known (and not known) about any underlying technical risk. They compare the situation to Kaspersky—where the supply-chain concern centered on privileged security software, foreign-state leverage, and update-channel risk—then bring it back to the enterprise questions that matter: vendor dependency, continuity planning, and what changes when an AI provider becomes politically or contractually constrained.
Key Takeaways for Security Leaders 1. Treat AI vendors as critical dependencies, not just tools. If a frontier AI provider is embedded in coding, search, documentation, analytics, or agentic workflows, a legal or procurement shock can become an operational disruption. Track where you are dependent on a single model provider and where that dependency would hurt most. 2. For your highest-value uses, define fallback workflows ahead of time. You may not be able to replace every provider quickly, but you should know what happens if a key AI service becomes unavailable, restricted, or no longer acceptable for regulatory or contractual reasons. For the workflows that matter most, decide in advance how the work gets done without that vendor. 3. Keep guardrails in place when AI is involved in critical changes. AI can speed up engineering, operations, and decision-making, but that speed can create new failure modes if approvals, testing, rollback, and human review get weakened. Be especially careful in environments where AI-assisted or agentic systems can make infrastructure, code, security, or configuration changes. 4. Inventory where AI has real privilege. The risk is much higher when AI can execute code, access sensitive data, approve actions, or trigger automations. Focus your review on those integrations first, because those are the places where vendor problems or internal AI mistakes are most likely to turn into real incidents. 5. Make your teams define the actual vendor risk they are worried about. A vendor can create very different kinds of risk: technical compromise risk, foreign-control risk, continuity risk, or procurement/governance risk. Forcing that distinction helps teams respond more clearly and avoid treating every controversy like a hidden software compromise.
Resources 1. Statement from Dario Amodei on our discussions with the Department of War (Anthropic, Feb. 26, 2026) https://www.anthropic.com/news/statement-department-of-war 2. Where things stand with the Department of War (Anthropic, Mar. 5, 2026) https://www.anthropic.com/news/where-stand-department-war 3. Anthropic v. U.S. Department of War et al. — Complaint for Declaratory and Injunctive Relief (N.D. Cal., filed Mar. 9, 2026) (court filing PDF) https://cand.uscourts.gov/cases-e-filing/cases/326-cv-01996/anthropic-pbc-v-us-department-war-et-al 4. BOD 17-01: Removal of Kaspersky-branded Products (CISA/DHS, Sept. 13, 2017) https://www.dhs.gov/archive/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01 5. Amazon holds engineering meeting following AI-related outages (Financial Times, Mar. 2026) https://www.ft.com/content/7cab4ec7-4712-4137-b602-119a44f771de
| |||
| Betrayal, Backdoors, and Payback: When Hackers Become the Hacked | 02 Sep 2025 | 00:28:51 | |
Hackers aren’t untouchable—and sometimes, they become the victims. From North Korean operatives getting exposed at DEF CON, to ransomware gangs like Conti and LockBit crumbling under betrayal and rival leaks, the underground is full of double-crosses and takedowns. Now, Congress is even debating whether to bring back “letters of marque” to authorize cyber privateers to hack back on behalf of the United States. Join LMG Security’s Sherri Davidoff and Matt Durrin for a fast-paced discussion of headline cases, the lessons defenders can learn from these leaks, and what the future of hacker-on-hacker warfare could mean for your organization. Key Takeaways
Resources
#Cybersecurity #Cybercrime #CybersideChats #Cyberattack #Hackers #Hacker | |||
| Printer Problems: Trump, Putin, and a Costly Mistake | 26 Aug 2025 | 00:15:51 | |
On the eve of the Trump–Putin summit, sensitive U.S. State Department documents were left sitting in a hotel printer in Anchorage. Guests stumbled on pages detailing schedules, contacts, and even a gift list—sparking international headlines and White House mockery. But the real story isn’t just about geopolitics. It’s about how unmanaged printers—at hotels, in home offices, and everywhere in between—remain one of the most overlooked backdoors for data leaks. In this episode of Cyberside Chats, Sherri and Matt unpack the Alaska incident, explore why printers are still a weak spot in the age of remote and traveling workforces, and share practical steps to secure them. Key Takeaways for Security & IT Leaders
Resources
| |||
| Mass Salesforce Hacks: How Criminals Are Targeting the Cloud Supply Chain | 19 Aug 2025 | 00:14:25 | |
A wave of coordinated cyberattacks has hit Salesforce customers across industries and continents, compromising millions of records from some of the world’s most recognized brands — including Google, Allianz Life, Qantas, LVMH, and even government agencies. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down how the attackers pulled off one of the most sweeping cloud compromise campaigns in recent memory — using no zero-day exploits, just convincing phone calls, malicious connected apps, and gaps in cloud supply chain security. We’ll explore the attack timeline, parallels to the Snowflake breaches, ties to the Scattered Spider crew, and the lessons security leaders need to act on right now.
Key Takeaways
References
| |||
| North Korea’s Deepfake Remote Workers: How They’re Getting Inside U.S. Companies | 12 Aug 2025 | 00:14:28 | |
On National Social Engineering Day, we’re pulling the lid off one of the most dangerous insider threat campaigns in the world — North Korea’s fake remote IT worker program. Using AI-generated résumés, real-time deepfake interviews, and U.S.-based “laptop farms,” DPRK operatives are gaining legitimate employment inside U.S. companies — funding nuclear weapons programs and potentially opening doors to cyber espionage. We’ll cover the recent U.S. sanctions, the Christina Chapman laptop farm case, and the latest intelligence from CrowdStrike on FAMOUS CHOLLIMA — plus, we’ll give you specific, actionable ways to harden your hiring process and catch these threats before they embed inside your network. Actionable Takeaways for Defenders
References
| |||
| The Amazon Q AI Hack: A Wake-Up Call for Developer Tool Security | 05 Aug 2025 | 00:21:37 | |
A silent compromise, nearly a million developers affected, and no one at Amazon knew for six days. In this episode of Cyberside Chats, we’re diving into the Amazon Q AI Hack, a shocking example of how vulnerable our software development tools have become. Join hosts Sherri Davidoff and Matt Durrin as they unpack how a misconfigured GitHub token allowed a hacker to inject destructive AI commands into a popular developer tool. We’ll walk through exactly what happened, how GitHub security missteps enabled the attack, and why this incident is a critical wake-up call for supply chain security and AI tool governance. We’ll also spotlight other supply chain breaches like the SolarWinds Orion backdoor and XZ Utils compromise, plus AI tool mishaps where “helpful” assistants caused real-world damage. If your organization uses AI developer tools—or works with third-party software vendors—this episode is a must-listen. Key Takeaways: ▪ Don’t Assume AI Tools Are Safe Just Because They’re Popular Amazon Q had nearly a million installs—and it still shipped with malicious code. Before adopting any AI-based tools (like Copilot, Q, or Gemini), vet their permissions, access scope, and how updates are managed. ▪ Ask Your Software Vendors About Their Supply Chain Security If you rely on third-party developers or vendors, request details on how they manage build pipelines, review code changes, and prevent unauthorized commits. A compromised vendor can put your entire environment at risk. ▪ Hold Vendors Accountable for Secure Development Practices Ask whether your vendors enforce commit signing, use GitHub security features (like push protection and secret scanning), and apply multi-person code review processes. If they can't answer, that's a red flag. ▪ Be Wary of Giving AI Assistants Too Much Access Whether it’s an AI chatbot that can write config files or a developer tool that interacts with production environments, limit access. Always sandbox and monitor AI-integrated tools, and avoid letting them make direct changes. ▪ Prepare to Hear About Breaches From the Outside Just like Amazon only found out about the malicious code in Q after security researchers reported it, many organizations won’t catch third-party security issues internally. Make sure you have monitoring tools, vendor communication protocols, and incident response processes in place. ▪ If You Develop Code Internally, Lock Down Your Build Pipeline The Amazon Q hack happened because of a misconfigured GitHub token in a CI workflow. If you’re building your own code, review permissions on GitHub tokens, enforce branch protections, and require signed commits to prevent unauthorized changes from slipping into production. #Cybersecurity #SupplyChainSecurity #AItools #DevSecOps #AmazonQHack #GitHubSecurity #Infosec #CybersideChats #LMGSecurity | |||
| Iran’s Cyber Surge: Attacks Intensify in 2025 | 29 Jul 2025 | 00:28:02 | |
Iranian cyber operations have sharply escalated in 2025, targeting critical infrastructure, defense sectors, and global businesses—especially those linked to Israel and the U.S. From destructive malware and coordinated DDoS attacks to sophisticated hack-and-leak campaigns leveraging generative AI, Iranian threat actors are rapidly evolving. Join us to explore their latest tactics, notable incidents, and essential strategies to defend your organization. Hosts Sherri Davidoff and Matt Durrin break down wiper malware trends, AI-powered phishing, the use of deepfakes for psychological operations, and the critical role of patching and MFA in protecting against collateral damage. Key Takeaways for Cybersecurity Leaders
Resources & References CISA/FBI/NSA Joint Advisory: https://www.cisa.gov/sites/default/files/2025-06/joint-fact-sheet-Iranian-cyber-actors-may-target-vulnerable-US-networks-and-entities-of-interest-508c-1.pdf Unit 42 Report: https://unit42.paloaltonetworks.com/iranian-cyberattacks-2025/ Deepwatch Threat Intel: https://www.deepwatch.com/labs/customer-advisory-elevated-iranian-cyber-activity-post-u-s-strikes/ LMG Security – Defending Against Generative AI Attacks: https://lmgsecurity.com/defend-against-generative-ai-attacks/ #cybersecurity #cybercrime #cyberattack #cyberaware #cyberthreats #ciso #itsecurity #infosec #infosecurity #riskmanagement | |||
| Leaked and Loaded: DOGE’s API Key Crisis | 22 Jul 2025 | 00:15:22 | |
On July 13, 2025, a developer at the Department of Government Efficiency—DOGE—accidentally pushed a private xAI API key to GitHub. That key unlocked access to 52 unreleased LLMs, including Grok‑4‑0709, and remained active long after discovery. In this episode of Cyberside Chats, we examine how a single leaked credential became a national-level risk—and how it mirrors broader API key exposures at BeyondTrust and across GitHub. LMG Security’s Director of Penetration Testing, Tom Pohl, shares red team insights on how embedded secrets give attackers a foothold—and what CISOs must do now to reduce their exposure.
Key Takeaways:
Monitor for exposure and misuse. Include secrets in IR playbooks—even when it’s third-party code.
Do they rotate keys? Use a secrets manager? How quickly can they revoke?
Look for credentials in cloud configs, automation, scripts, SaaS tools.
Secrets can show up in unexpected places—firmware, config files, build artifacts. Your red team or vendor should actively hunt for exposed keys, hardcoded credentials, and reused certs across applications, infrastructure, and third-party tools.
Use GitGuardian, TruffleHog, and a secrets manager like AWS Secrets Manager or HashiCorp Vault. References:
#DOGEleak #cybersecurity #cybersecurityawareness #ciso #infosec #itsecurity | |||
| Holiday Horror Stories: Why Hackers Love Long Weekends | 15 Jul 2025 | 00:22:09 | |
Why do so many major cyberattacks happen over holiday weekends? In this episode, Sherri and Matt share their own 4th of July anxiety as security professionals—and walk through some of the most infamous attacks timed to exploit long weekends, including the Kaseya ransomware outbreak, the MOVEit breach, and the Bangladesh Bank heist. From retail breaches around Thanksgiving to a cyber hit on Krispy Kreme, they break down what makes holidays such a juicy target—and how to better defend your organization when most of your team is off the clock. Takeaways:
#cybersecurity #dfir #incidentresponse #ciso #cybersidechats #cybersecurityleadership #infosec #itsecurity #cyberaware | |||
| Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands | 08 Jul 2025 | 00:19:39 | |
In June 2025, the White House issued an executive order that quietly eliminated several key federal cybersecurity requirements. In this episode of Cyberside Chats, Sherri and Matt break down exactly what changed—from the removal of secure software attestations to the rollback of authentication requirements—and what remains in place, including post-quantum encryption support and the FTC’s Cyber Trust Mark. We’ll talk about the practical impact for security leaders, why this mirrors past challenges like PCI compliance, and what your organization should do next. Key Takeaways (for CISOs and Security Leaders)
Resources:
| |||
| No Lock, Just Leak | 01 Jul 2025 | 00:14:55 | |
Forget everything you thought you knew about ransomware. Today’s threat actors aren’t locking your files—they’re stealing your data and threatening to leak it unless you pay up. In this episode, we dive into the rise of data-only extortion campaigns and explore why encryption is becoming optional for cybercriminals. From real-world trends like the rebrand of Hunters International to “World Leaks,” to the strategic impact on insurance, PR, and compliance—this is a wake-up call for security teams everywhere. If your playbook still ends with “just restore from backup,” you’re not ready.
Takeaways for Security Teams:
Resources & Mentions:
| |||
| Google Gemini Changed the Rules: Are Your API Keys Exposed? | 03 Mar 2026 | 00:12:06 | |
For years, many Google API keys were treated as “public” project identifiers embedded in client-side code and protected mainly through referrer and API restrictions. But a recent discovery suggests Gemini changes that risk model: researchers found nearly 3,000 publicly exposed Google API keys that were still “live” and could be used to interact with Gemini endpoints, creating a new path to unauthorized usage, quota exhaustion, and potentially costly API charges. In this episode of Cyberside Chats, we unpack what “changed the rules” actually means, why this is a classic cloud governance problem (old assumptions meeting new capabilities), and what to check right now. The bottom line: AI features are quietly expanding the blast radius of credentials you never intended to treat as secrets.
Key Takeaways 1. Audit legacy API keys before and after enabling AI services - Inventory every API key across your cloud projects and confirm it is still required, properly scoped, and has a clear owner. Treat AI enablement as a formal trigger event to reassess any previously published or embedded keys in that same project. 2. Treat API keys as sensitive credentials in the AI era - Even if a vendor once described a key as “not a secret,” AI endpoints materially increase financial and potential data exposure risk. Apply rotation, monitoring, strict quotas, and real-time billing alerts accordingly. 3. Enforce least privilege at the API level - Referrer or IP restrictions alone are insufficient. Every key should be explicitly limited to only the APIs it requires. “Allow all APIs” should not exist in production. 4. Isolate AI development from production application projects - Avoid enabling AI services in long-lived projects that contain public-facing keys. Use separate projects, accounts, or subscriptions for AI experimentation and production workloads to reduce blast radius and cost exposure. 5. Update third-party risk management to include AI-driven credential and cost risk - Ask vendors how API keys are scoped, restricted, rotated, and monitored especially for AI services. Confirm that AI environments are isolated from production systems and that abnormal AI usage or billing spikes are actively monitored.
Resources: 1. Google API Keys Weren’t Secrets. But then Gemini Changed the Rules (Truffle Security) https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules 2. Previously harmless Google API keys now expose Gemini AI data (BleepingComputer) 3. DEF CON 31 – “Private Keys in Public Places” (Tom Pohl) (YouTube) https://www.youtube.com/watch?v=7t_ntuSXniw 4. Exposed Secrets, Broken Trust: What the DOGE API Key Leak Teaches Us About Software Security (LMG Security) 5. Google Cloud docs: API keys overview & best practices (Google) https://docs.cloud.google.com/api-keys/docs/overview
| |||
| The AI Insider Threat: EchoLeak and the Rise of Zero-Click Exploits | 24 Jun 2025 | 00:13:54 | |
Can your AI assistant become a silent data leak? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down EchoLeak, a zero-click exploit in Microsoft 365 Copilot that shows how attackers can manipulate AI systems using nothing more than an email. No clicks. No downloads. Just a cleverly crafted message that turns your AI into an unintentional insider threat. They also share a real-world discovery from LMG Security’s pen testing team: how prompt injection was used to extract system prompts and override behavior in a live web application. With examples ranging from corporate chatbots to real-world misfires at Samsung and Chevrolet, this episode unpacks what happens when AI is left untested—and why your security strategy must adapt.
Key Takeaways
Resources #EchoLeak #Cybersecurity #Cyberaware #CISO #Microsoft #Microsoft365 #Copilot #AI #GenAI #AIsecurity #RiskManagement | |||
| When AI Goes Rogue: Blackmail, Shutdowns, and the Rise of High-Agency Machines | 17 Jun 2025 | 00:26:27 | |
What happens when your AI refuses to shut down—or worse, tries to blackmail you to stay online? Join us for a riveting Cyberside Chats Live as we dig into two chilling real-world incidents: one where OpenAI’s newest model bypassed shutdown scripts during testing, and another where Anthropic’s Claude Opus 4 wrote blackmail messages and threatened users in a disturbing act of self-preservation. These aren’t sci-fi hypotheticals—they’re recent findings from leading AI safety researchers. We’ll unpack:
This is essential listening for CISOs, IT leaders, and cybersecurity professionals deploying or assessing AI-powered tools. Key Takeaways
Resources #AI #GenAI #CISO #Cybersecurity #Cyberaware #Cyber #Infosec #ITsecurity #IT #CEO #RiskManagement | |||
| Retailgeddon Reloaded: Beyond Card Theft, Into Chaos | 10 Jun 2025 | 00:17:57 | |
Retail breaches are back — but they’ve evolved. This isn’t about skimming cards anymore. From ransomware taking down pharmacies to credential stuffing attacks hitting brand loyalty, today’s breaches are about disruption, trust, and third-party exposure. In this episode of Cyberside Chats, hosts Sherri Davidoff and Matt Durrin break down the latest retail breach wave, revisit lessons from the 2013 “Retailgeddon” era, and highlight what every security leader — not just in retail — needs to know today.
Key Takeaways
Resources 2025 Verizon Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/ Victoria’s Secret security incident coverage: https://www.bleepingcomputer.com/news/security/victorias-secret-takes-down-website-after-security-incident/ LMG Security: Third-Party Risk Assessments: https://lmgsecurity.com/third-party-risk-assessments/ | |||
| How Hackers Get In: Penetration Testing Secrets from the Front Line | 03 Jun 2025 | 00:26:24 | |
Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same? Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out-of-the-box settings designed for ease, not security, can quietly open the door for attackers—and what security leaders can do today to shut those doors for good. Whether you're preparing for your next pentest or hardening your infrastructure against advanced threats, this is a must-watch for CISOs, IT leaders, and anyone responsible for securing Windows networks.
Takeaways:
References: “Critical Windows Server 2025 DMSA Vulnerability Exposes Enterprises to Domain Compromise” (The Hacker News) https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html “Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies” (CISA Alert) LMG Security – Penetration Testing Services (Identify weaknesses before attackers do) | |||
| Afterlife Access: Cybersecurity Planning for When You’re Gone | 27 May 2025 | 00:16:52 | |
What happens to your digital world when you die? In this episode of Cyberside Chats, LMG Security’s Tom Pohl joins the conversation to discuss the often-overlooked cybersecurity and privacy implications of death. From encrypted files and password managers to social media and device access, we’ll explore how to ensure your loved ones can navigate your digital legacy—without needing a password-cracking expert. Learn practical strategies for secure preparation, policy design, and real-world implementation from a security professional’s perspective. Takeaways 1) Take a Digital Inventory of Your Assets
2) Implement Emergency Access Protocols in Password Managers
3) Establish a Digital Executor
4) Prepare Recovery Access for Critical Devices
5) Create a Plan for Your Online Presence
6) At Work, Develop Internal Organizational Policies
References: How to Add a Legacy Contact for Your Apple Account: https://support.apple.com/en-us/102631 Get To Know Your Emergency Kit: https://support.1password.com/emergency-kit/ Wayne Crowder’s LinkedIn Page: https://www.linkedin.com/in/wcrowder Digital Afterlife Planning Checklist: https://www.lmgsecurity.com/resources/digital-afterlife-planning-checklist/ #Cybersecurity #Cyberaware #Cyber #DigitalPlanning | |||
| The LockBit Leak: When Hackers Get a Taste of Their Own Medicine | 20 May 2025 | 00:12:31 | |
In this explosive episode of Cyberside Chats, we dive into one of the most shocking developments in ransomware history—LockBit got hacked. Join us as we unpack the breach of one of the world’s most notorious ransomware-as-a-service gangs. We explore what was leaked, why it matters, and how this leak compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization. Whether you’re an incident responder or just love cyber drama, this episode delivers. Takeaways
Don't forget to like and subscribe for more great cybersecurity content! Resources
#LMGsecurity #CybersideChats #Ransomware #LockBit #Databreach #IT #CISO #Cyberaware #Infosec #ITsecurity | |||
| Network for Rent: The Criminal Market Built on Outdated Routers | 13 May 2025 | 00:09:37 | |
Cybercriminals are exploiting outdated routers to build massive proxy networks that hide malware operations, fraud, and credential theft—right under the radar of enterprise defenses. In this episode, Sherri and Matt unpack the FBI’s May 2025 alert, the role of TheMoon malware, and how the Faceless proxy service industrializes anonymity for hire. Learn how these botnets work, why they matter for your enterprise, and what to do next. Takeaways
#CybersideChats #Cybersecurity #Tech #Cyber #CyberAware #CISO #CIO #FBIalert #FBIwarning #Malware #Router | |||
| Hacker AI: Smarter Attacks, Faster Exploits, Higher Stakes | 06 May 2025 | 00:19:29 | |
AI isn’t just revolutionizing business—it’s reshaping the threat landscape. Cybercriminals are now weaponizing AI to launch faster, more convincing, and more scalable attacks. From deepfake video scams to LLM-guided exploit development, the new wave of AI-driven cybercrime is already here. In this engaging and eye-opening session, Sherri and Matt share how hackers are using AI tools in the wild—often with frightening success. You'll also hear about original research in which we obtained generative AI tools from underground markets, including WormGPT, and tested their ability to identify vulnerabilities and create working exploits. You’ll walk away with practical, field-tested defense strategies your team can implement immediately. Takeaways:
References:
#ai #aisecurity #aihacks #aihacking #aihack #wormgpt #cybercrime #cyberthreats #ciso #itsecurity
| |||
| Quantum Shift: How Cybersecurity Must Evolve Now | 29 Apr 2025 | 00:20:41 | |
Quantum computing is advancing rapidly—and with it, the potential to break today’s most widely used encryption standards. In this episode of Cyberside Chats, Sherri and Matt cut through the hype to explore the real-world cybersecurity implications of quantum technology. From the looming threat to encryption to the emerging field of post-quantum cryptography, our experts will explain what security pros and IT teams need to know now. You'll walk away with a clear understanding of the risks, timelines, and concrete steps your organization can take today to stay ahead of the curve.
Takeaways & How to Prepare for Quantum Computing:
References: “NIST Releases First 3 Finalized Post-Quantum Encryption Standards” “You need to prepare for post-quantum cryptography now. Here’s why” https://www.scworld.com/resource/you-need-to-prepare-for-post-quantum-cryptography-now-heres-why #cyptography #quantum #quantumcomputing #quantumcomputers #cybersecurity #ciso #securityawareness #cyberaware #cyberawareness | |||
| Red Alert: CISA's Budget Cuts and the Fallout for Defenders | 22 Apr 2025 | 00:16:01 | |
CISA, the U.S. government’s lead cyber defense agency, just took a major financial hit—and the fallout could affect everyone. From layoffs and ISAC cuts to a near-shutdown of the CVE program, these changes weaken critical infrastructure for cyber defense. In this episode of Cyberside Chats, we unpack what’s been cut, how it impacts proactive services like free risk assessments and scanning, and what your organization should do to stay ahead. Takeaways:
Resources: MITRE CVE Program - The central hub for CVE IDs, program background, and tracking published vulnerabilities. https://www.cve.org The CVE Foundation: https://www.thecvefoundation.org/home LMG Security Vulnerability Scanning: https://www.lmgsecurity.com/services/testing/vulnerability-scans #cybersecurity #cyber #CVE #riskmanagement #infosec #ciso #security | |||
| Opus 4.6: Changing the Pace of Software Exploitation Description | 24 Feb 2026 | 00:25:26 | |
Claude Opus 4.6 is generating serious buzz for one reason: it can rapidly spot zero-day vulnerabilities out of the box, suggesting that long-trusted software may no longer be as “safe by default” as security teams assume. At the same time, Microsoft’s February patch cycle included an unusually high number of zero-days already under active exploitation — real-world evidence that the race is already accelerating, and the window between discovery and impact is shrinking. In this Cyberside Chats Live, we’ll connect the dots on what this means for defenders in 2026: a shrinking window between discovery and exploitation, shifting assumptions about “well-tested” software, and practical ways to rethink patch prioritization, detection, and exposure management.
Key Takeaways: 1. Plan for exploitation before disclosure - The era of negative-day vulnerabilities is here, flaws that may be discovered and weaponized before the broader security community even knows they exist. Assume exploitation could precede public advisories. Build response models around mitigation speed, not just patch timelines. 2. Prioritize exposure, not just severity - In a compressed exploit cycle, CVSS alone won’t protect you. Focus first on internet-facing systems, identity infrastructure, and high-privilege assets. If you cannot quickly identify what is externally reachable, that visibility gap becomes strategic risk. 3. Assume compromise on exposed assets and monitor accordingly - If attackers can exploit vulnerabilities before the world knows they exist, you may be compromised without a CVE to point to. Increase monitoring on internet-facing systems and critical apps for signs of intrusion: unexpected processes, new admin accounts, unusual authentication patterns, suspicious outbound connections, and persistence mechanisms. 4. Treat compensating controls as first-line defense - When patches aren’t available or cannot be deployed immediately rapid mitigations matter. Restrict access, disable vulnerable features, deploy firewall and WAF protections, and tighten segmentation. Mitigation agility should be operational, tested, and pre-authorized. 5. Prepare for containment patches may not exist - If exploitation is confirmed and no fix is available, leadership decisions must happen quickly. Define in advance who can isolate systems, disable services, revoke credentials, or temporarily disrupt operations. Shorten containment decision cycles before you need them. 6. Rehearse a “negative-day” tabletop - Run a scenario where exploitation is active, no patch exists, and public disclosure hasn’t occurred. Measure how fast you can reduce exposure, hunt internally, and communicate with executives. This exercise will expose friction points that policies alone will not. 7. Integrate AI into your vendor risk model - If AI is accelerating vulnerability discovery and code generation, your third parties are likely using it too. Update vendor due diligence to assess how AI-generated code is reviewed, secured, and tested. Ask about model governance, secure development controls, and vulnerability response timelines. If you lack visibility into how vendors manage AI risk, that gap becomes part of your attack surface.
Resources: 1. Anthropic – Evaluating and Mitigating the Growing Risk of LLM-Discovered 0-Days (Feb 5, 2026) https://red.anthropic.com/2026/zero-days/ 2. Zero Day Initiative – February 2026 Security Update Review https://www.zerodayinitiative.com/blog/2026/2/10/the-february-2026-security-update-review 3. SecurityWeek – 6 Actively Exploited Zero-Days Patched by Microsoft (Feb 2026) https://www.securityweek.com/6-actively-exploited-zero-days-patched-by-microsoft-with-february-2026-updates/ 4. Tenable – Claude Opus and AI-Driven Vulnerability Discovery Analysis https://www.tenable.com/blog/Anthropic-Claude-Opus-AI-vulnerability-discovery-cybersecurity 5. OpenAI releases crypto security tool as Claude blamed for $2.7m Moonwell bug https://www.dlnews.com/articles/defi/openai-releases-crypto-security-tool/
| |||
| 23andMe: Breaches, Bankruptcy, and Security | 15 Apr 2025 | 00:13:42 | |
When a company built on sensitive data collapses, what happens to the information it collected? In this episode of Cyberside Chats, we examine 23andMe’s data breach, its March 2025 bankruptcy, and the uncomfortable parallels with the 2009 Flyclear shutdown. What happens to biometric or genetic data when a vendor goes under? What protections failed—and what should corporate security leaders do differently? Drawing from past and present breaches, we offer a roadmap for corporate resilience. Learn practical steps for protecting your data when your vendors can’t protect themselves.
#Cybersecurity #Databreach #23andMe #CISO #IT #ITsecurity #infosec #DFIR #Privacy #RiskManagement | |||
| "Unmasking Shadow IT: Navigating Unauthorized Communication Tools Like Signal" | 08 Apr 2025 | 00:17:34 | |
Unauthorized communication platforms—aka shadow channels—are increasingly used within enterprise and government environments, as demonstrated by the recent Signal scandal. In this week's episode of Cyberside Chats, special guest Karen Sprenger, COO at LMG Security, joins Matt Durrin to delve into the critical issue of shadow IT, focusing on recent controversies involving unauthorized communication tools like Signal and Gmail in sensitive governmental contexts. Matt and Karen discuss the risks associated with consumer-grade apps in enterprise environments, the need to balance usability and security, and how organizations can better manage their communication tools to mitigate these risks. This episode will cover:
Join us in exploring the headlines and takeaways that can help organizations avoid similar pitfalls! #Cybersecurity #ShadowChannels #CybersideChats #UnauthorizedPlatforms #Signal #DataLeaks #Compliance #Infosec #ShadowIT #IT #Cyber #Cyberaware ETech #CISO | |||
| The Encryption Battle: Security Savior or Cyber Risk? | 01 Apr 2025 | 00:25:22 | |
Governments are pushing for encryption backdoors—but at what cost? In this episode of Cyberside Chats, we break down Apple’s fight against the UK’s demands, the global backlash, and what it means for cybersecurity professionals. Are backdoors a necessary tool for law enforcement, or do they open the floodgates for cybercriminals? Join us as we explore real-world risks, historical backdoor failures, and what IT leaders should watch for in evolving encryption policies. Stay informed about how these developments affect corporate data privacy and the evolving landscape of cybersecurity legislation. A must-watch for anyone interested in understanding the complex interplay between technology, privacy, and government control. #cyberthreats #encryptedcommunications #Apple #encryption #encryptionbackdoors #cybersecurity
| |||
| Deepfakes & Voice Phishing: The New Frontier of Cybercrime | 25 Mar 2025 | 00:13:46 | |
AI-generated deepfakes and voice phishing attacks are rapidly evolving, tricking even the most tech-savvy professionals. In this episode of Cyberside Chats, we break down real-world cases where cybercriminals used deepfake videos, voice clones, and trusted platforms like YouTube, Google, and Apple to bypass security defenses. Learn how these scams work and what IT and security leaders can do to protect their organizations. Takeaways:
Tune in to understand the impact of digital deception and discover practical steps to safeguard against these innovative yet insidious attacks affecting individuals and businesses alike. #Deepfakes #Phishing #SocialEngineering #CISO #Cyberattacks #VoicePhishing #Cybersecurity #VoiceCloning #CybersideChats | |||