LMG Security

A #penetrationtest doesn’t reduce risk if the findings never get fixed. In #breach investigations, we routinely see the same vulnerabilities attackers exploited sitting in old #pentest reports that were marked “accepted” or forgotten. Watch for more: https://www.youtube.com/watch?v=8Iscx--Spjk

Fake employees and contractors are forcing orgs to rethink #vendorvetting, hiring security, & identity controls.

In today's #CybersideChats episode, we unpack Amazon’s recent incident in which a North Korean IT worker was detected through behavioral anomalies & what to do now.

youtu.be/WE8p9I3uUuA

Most organizations treat #cloud outages as a rare inconvenience, but #hyperscalers have become #criticalinfrastructure. Watch our video for why cloud monoculture is dangerous and what a realistic diversification and failover strategy should look like. https://www.youtube.com/watch?v=PoK8MWGhzWA

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...

Russian state-sponsored hackers linked to the #GRU have been targeting Western critical infrastructure for years, not with flashy zero-days, but by abusing misconfigured network edge devices to harvest credentials and persist inside victim systems.

aws.amazon.com/blogs/securi...

#Cybersecurity

AI Broke Trust: Why Identity Has to Step Up in 2026 | LMG Security AI didn’t just make cyberattacks smarter—it shattered the trust models security teams rely on. Learn why identity, mutual authentication, and phishing-resistant MFA must step up in 2026 as attackers exploit voice, chat, and internal workflows.

In 2026, audit where trust triggers action, not just where users log in. Our blog shares a practical look at why #identity must become a shared, continuous process — not a one-time check. Read it here: https://www.lmgsecurity.com/ai-broke-trust-why-identity-has-to-step-up-in-2026/ #cybersecurity

Many orgs still check identity once at login. Today on #CybersideChats, learn how #AI driven impersonation has made that model unsafe, and why #authentication has to extend into calls, chats, approvals, & support workflows

Video: youtu.be/J0UJSV6wYlI

Podcast: www.chatcyberside.com/e/when-ai-st...

YouTube video by LMG Security WormGPT Can Build a Holiday Scam in 30 Seconds

The #holidays are in full swing, and the attackers (and #evilAI tools) have been busy. In this 2-minute video, we show what happened when our team asked #WormGPT, a dark-web #AI with no guardrails, to generate a #holiday scam. www.youtube.com/watch?v=YCS7...

#Cybersecurity #Infosec #Phishing

Collaboration tools like Teams, Slack, and Zoom have become prime targets for attackers—and Microsoft’s latest roadmap reflects that shift. If your #security strategy hasn’t caught up with how people actually communicate, this #CybersideChats is worth a listen: www.chatcyberside.com/e/collaborat...

5 New-ish Microsoft Security Features & What They Reveal About Today’s Threats | LMG Security Microsoft’s new security features for 2026 reveal today’s real attack paths—collaboration tools, identity gaps, and AI-driven exposure. Here's what to do next.

Microsoft’s 2026 #security features highlight a shift many organizations are already experiencing: #collaboration platforms and #identity workflows are now prime attack paths. MOre on our blog: https://www.lmgsecurity.com/5-new-ish-microsoft-security-features-what-they-reveal-about-todays-threats/

YouTube video by LMG Security How to Build True Digital Resilience: 5 Steps Every CISO Should Take

A single #cloud outage can disrupt every core system you depend on, which is why #digitalresilience has to extend beyond traditional #businesscontinuity planning. In this quick video, we outline 5 steps every #CISO should prioritize: www.youtube.com/watch?v=-fgy...
#CloudSecurity #RiskManagement

What do Microsoft’s 2026 #security features tell us about how attackers are breaching #collaboration platforms? On this week’s #CybersideChats, Sherri & Matt break down the updates & why they matter.

Video: www.youtube.com/watch?v=60bY...

Podcast: www.chatcyberside.com/e/collaborat...

Cyberside Chats: Live! AI Broke Trust. Identity Has to Step Up in 2026. | LMG Security

Start 2026 with one upgrade that pays off immediately: tighten #identityverification. Join Sherri & Matt live on 12/17 as they break down how #AI driven impersonation is changing the rules: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/

4.3 Million Reasons to Rethink Browser Extension Security | LMG Security ShadyPanda hijacked 4.3M browsers through trusted extensions. See how the attack worked and the steps your team needs to take to close this overlooked supply-chain gap.

Think #browserextensions are harmless? Think again. A multi-year campaign turned popular, trusted browser add-ons into #spyware featuring #remotecodeexecution, session hijacking, and more. Read the blog here: https://www.lmgsecurity.com/4-3-million-reasons-to-rethink-browser-extension-security/

Cyberside Chats: Live! AI Broke Trust. Identity Has to Step Up in 2026. | LMG Security

#AI can spoof your people, processes, and communications. In the next #CybersideChats: Live, Sherri & Matt break down the #identity upgrades every org needs for 2026. Register to join us on 12/17: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/

More than 4.3 million users were affected before anyone realized ShadyPanda’s extensions had turned into surveillance tools. Listen to today's #CybersideChats for more: www.chatcyberside.com/e/shady-pand...

Or watch the video: youtu.be/x9AaE94KanM

#Security #SessionHijacking #Cybersecurity

Spot the Scam with Clearwater Credit Union: Cyber Security Scams Welcome to this week’s Spot the Scam with our partner, Clearwater Credit Union. We have two special guests this week — Kyle Rholl, Senior Vice President of IT a

Spot the #scam! In Sherri Davidoff’s recent NBC Montana and Clearwater Credit Union interview, she & Kyle Rholl explain how #AI driven #voicecloning is being used to impersonate friends and family—and why reacting under pressure is what scammers count on. Full story: nbcmontana.com/news/spot-th...

When #insider incidents can hit even the most #security focused companies, it forces every organization to reconsider how much “trust” is built into their workflows. More on our blog: www.lmgsecurity.com/betrayed-fro... or podcast: www.chatcyberside.com/e/when-secur... #insiderthreat #cybersecurity

Betrayed From Within: The Modern Insider Attack | LMG Security Insider threats are accelerating. See what’s behind the surge and the steps security leaders can take now to strengthen defenses from the inside out.

Insider threats are rising fast. LMG analyzes the latest cases — CrowdStrike, DigitalMint, Tesla & more — and what organizations can do now to reduce #risk.

Read: https://www.lmgsecurity.com/betrayed-from-within-the-modern-insider-attack/

#InsiderThreat #DataProtection #CompanyCulture

YouTube video by LMG Security What “Immutable Backups” Really Mean & How It Speeds Ransomware Recovery

Recovery times are improving, and the rise of truly immutable #backups is a major reason why. Watch as we break down what “immutable” actually means, why it matters for #ransomware resilience, and how proactive planning accelerates recovery. www.youtube.com/watch?v=XgdP... #DataRecovery #BCDR

Insider threats aren’t theoretical anymore—they’re happening inside orgs just like yours.

This week on #CybersideChats, we break down insider cases from #CrowdStrike, #DigitalMint, & others, and share strategies to reduce your org's risk. youtu.be/s7QW_BkkAvM

#InsiderThreats #Cybersecurity

75% percent of #manufacturers are carrying critical OT #vulnerabilities, often buried inside proprietary equipment and aging software that keeps production moving but limits security options. Sherri Davidoff and Matt Durrin share more in this quick video: https://www.youtube.com/watch?v=cETaSkOb5kw

This Thanksgiving, we’re feeling grateful for the clients, partners, and colleagues who make our work meaningful all year long.

Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday.

Made in China—Hacked Everywhere? What Organizations Need to Know Now | LMG Security The stories sound like something out of a cyber-thriller: a city tests a Chinese-made electric bus in a decommissioned mine to see if it can be remotely shut down. U.S. ports discover hidden cellular modems inside massive cargo cranes. A common hospital patient monitor reveals an undeclared backdoor that allows…

Chinese-made #IoT devices are turning up with hidden radios, undocumented modems, and opaque update channels—and organizations need faster ways to assess the risk. More on our blog: https://www.lmgsecurity.com/made-in-china-hacked-everywhere-what-organizations-need-to-know-now/ #SupplyChainSecurity

A single “smart” device can quietly tunnel out of your network. Today on #CybersideChats: real-world scenarios where hidden radios, #cloud paths, and offshore update servers slipped in through routine #hardware purchases.

Listen: www.chatcyberside.com/e/chinas-hid...

Watch: youtu.be/WYq6YTqanA4

YouTube video by LMG Security MFA Reality Check: Are you Vulnerable to Fatigue & Fallback Abuse?

#MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options. In this 1-minute video, we break down the most common gaps. www.youtube.com/watch?v=x290...

#Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices

#Holiday season scams now hit businesses as hard as consumers. This checklist highlights practical steps #security teams can take now—from enforcing strong #MFA to tuning #botdetection rules & more: www.lmgsecurity.com/resources/ho...

#Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing

Holiday Hackers: How AI Is Supercharging Seasonal Fraud—and What Your Organization Must Do Now | LMG Security Holiday fraud is surging 520% this season, and consumer scams are becoming enterprise breaches. Find out how this happens, and download our checklist to reduce your organization’s risk.

Attackers are now using #maliciousAI to launch #holidayscams at scale. We just published a breakdown of this year’s AI-driven holiday #fraud surge—plus an actionable checklist: https://www.lmgsecurity.com/holiday-hackers-how-ai-is-supercharging-seasonal-fraud-and-what-your-organization-must-do-now/

#AI driven #fraud is hitting holiday shoppers at machine speed. Today on #CybersideChats, Sherri & Matt discuss how #phishing kits, prebuilt configs, and bot-driven takeovers enable #CredentialAbuse.

Podcast: www.chatcyberside.com/e/holiday-ha...

Video: youtu.be/TpMD5v5JUNc

#Cybersecurity

When #security assessments leak, the fallout can eclipse the incident. In our latest #CybersideChats on the #Louvre heist, we dig into how exposed #audit findings fueled scrutiny. Listen to hear how a seven-minute #robbery turned into a reputational firestorm: www.chatcyberside.com/e/louvre-hei...

Cyberside Chats Live! Made in China — Hacked Everywhere?

Your #network may be locked down—but what about the circuitry inside your devices? Join us on November 19th for Cyberside Chats: Live! on how #hardware choices and opaque sourcing can introduce #risk + steps to spot red flags. https://www.lmgsecurity.com/event/cyberside-chats-live-november-2025/