LMG Security's Avatar

LMG Security

@lmgsecurity.bsky.social

LMG Security is a top cybersecurity firm providing penetration testing, advisory services, training, & more. Our experts speak at conferences like Black Hat and RSA, and have been featured in The Wall Street Journal, The New York Times, & many other pubs.

13 Followers  |  3 Following  |  104 Posts  |  Joined: 18.11.2024  |  1.7487

Latest posts by lmgsecurity.bsky.social on Bluesky


A #penetrationtest doesnโ€™t reduce risk if the findings never get fixed. In #breach investigations, we routinely see the same vulnerabilities attackers exploited sitting in old #pentest reports that were marked โ€œacceptedโ€ or forgotten. Watch for more: https://www.youtube.com/watch?v=8Iscx--Spjk

31.12.2025 15:30 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

Fake employees and contractors are forcing orgs to rethink #vendorvetting, hiring security, & identity controls.

In today's #CybersideChats episode, we unpack Amazonโ€™s recent incident in which a North Korean IT worker was detected through behavioral anomalies & what to do now.

youtu.be/WE8p9I3uUuA

30.12.2025 14:35 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Most organizations treat #cloud outages as a rare inconvenience, but #hyperscalers have become #criticalinfrastructure. Watch our video for why cloud monoculture is dangerous and what a realistic diversification and failover strategy should look like. https://www.youtube.com/watch?v=PoK8MWGhzWA

29.12.2025 16:05 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...

Russian state-sponsored hackers linked to the #GRU have been targeting Western critical infrastructure for years, not with flashy zero-days, but by abusing misconfigured network edge devices to harvest credentials and persist inside victim systems.

aws.amazon.com/blogs/securi...

#Cybersecurity

29.12.2025 14:44 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
AI Broke Trust: Why Identity Has to Step Up in 2026 | LMG Security AI didnโ€™t just make cyberattacks smarterโ€”it shattered the trust models security teams rely on. Learn why identity, mutual authentication, and phishing-resistant MFA must step up in 2026 as attackers exploit voice, chat, and internal workflows.

In 2026, audit where trust triggers action, not just where users log in. Our blog shares a practical look at why #identity must become a shared, continuous process โ€” not a one-time check. Read it here: https://www.lmgsecurity.com/ai-broke-trust-why-identity-has-to-step-up-in-2026/ #cybersecurity

24.12.2025 15:10 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

Many orgs still check identity once at login. Today on #CybersideChats, learn how #AI driven impersonation has made that model unsafe, and why #authentication has to extend into calls, chats, approvals, & support workflows

Video: youtu.be/J0UJSV6wYlI

Podcast: www.chatcyberside.com/e/when-ai-st...

23.12.2025 14:03 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
WormGPT Can Build a Holiday Scam in 30 Seconds
YouTube video by LMG Security WormGPT Can Build a Holiday Scam in 30 Seconds

The #holidays are in full swing, and the attackers (and #evilAI tools) have been busy. In this 2-minute video, we show what happened when our team asked #WormGPT, a dark-web #AI with no guardrails, to generate a #holiday scam. www.youtube.com/watch?v=YCS7...

#Cybersecurity #Infosec #Phishing

22.12.2025 15:27 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Collaboration tools like Teams, Slack, and Zoom have become prime targets for attackersโ€”and Microsoftโ€™s latest roadmap reflects that shift. If your #security strategy hasnโ€™t caught up with how people actually communicate, this #CybersideChats is worth a listen: www.chatcyberside.com/e/collaborat...

19.12.2025 16:37 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
5 New-ish Microsoft Security Features & What They Reveal About Todayโ€™s Threats | LMG Security Microsoftโ€™s new security features for 2026 reveal todayโ€™s real attack pathsโ€”collaboration tools, identity gaps, and AI-driven exposure. Here's what to do next.

Microsoftโ€™s 2026 #security features highlight a shift many organizations are already experiencing: #collaboration platforms and #identity workflows are now prime attack paths. MOre on our blog: https://www.lmgsecurity.com/5-new-ish-microsoft-security-features-what-they-reveal-about-todays-threats/

18.12.2025 14:35 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
How to Build True Digital Resilience: 5 Steps Every CISO Should Take
YouTube video by LMG Security How to Build True Digital Resilience: 5 Steps Every CISO Should Take

A single #cloud outage can disrupt every core system you depend on, which is why #digitalresilience has to extend beyond traditional #businesscontinuity planning. In this quick video, we outline 5 steps every #CISO should prioritize: www.youtube.com/watch?v=-fgy...
#CloudSecurity #RiskManagement

17.12.2025 15:52 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

What do Microsoftโ€™s 2026 #security features tell us about how attackers are breaching #collaboration platforms? On this weekโ€™s #CybersideChats, Sherri & Matt break down the updates & why they matter.

Video: www.youtube.com/watch?v=60bY...

Podcast: www.chatcyberside.com/e/collaborat...

16.12.2025 13:43 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Cyberside Chats: Live! AI Broke Trust. Identity Has to Step Up in 2026. | LMG Security

Start 2026 with one upgrade that pays off immediately: tighten #identityverification. Join Sherri & Matt live on 12/17 as they break down how #AI driven impersonation is changing the rules: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/

15.12.2025 15:10 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
4.3 Million Reasons to Rethink Browser Extension Security | LMG Security ShadyPanda hijacked 4.3M browsers through trusted extensions. See how the attack worked and the steps your team needs to take to close this overlooked supply-chain gap.

Think #browserextensions are harmless? Think again. A multi-year campaign turned popular, trusted browser add-ons into #spyware featuring #remotecodeexecution, session hijacking, and more. Read the blog here: https://www.lmgsecurity.com/4-3-million-reasons-to-rethink-browser-extension-security/

11.12.2025 14:35 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Cyberside Chats: Live! AI Broke Trust. Identity Has to Step Up in 2026. | LMG Security

#AI can spoof your people, processes, and communications. In the next #CybersideChats: Live, Sherri & Matt break down the #identity upgrades every org needs for 2026. Register to join us on 12/17: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/

10.12.2025 18:15 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

More than 4.3 million users were affected before anyone realized ShadyPandaโ€™s extensions had turned into surveillance tools. Listen to today's #CybersideChats for more: www.chatcyberside.com/e/shady-pand...

Or watch the video: youtu.be/x9AaE94KanM

#Security #SessionHijacking #Cybersecurity

09.12.2025 16:12 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Spot the Scam with Clearwater Credit Union: Cyber Security Scams Welcome to this weekโ€™s Spot the Scam with our partner, Clearwater Credit Union. We have two special guests this week — Kyle Rholl, Senior Vice President of IT a

Spot the #scam! In Sherri Davidoffโ€™s recent NBC Montana and Clearwater Credit Union interview, she & Kyle Rholl explain how #AI driven #voicecloning is being used to impersonate friends and familyโ€”and why reacting under pressure is what scammers count on. Full story: nbcmontana.com/news/spot-th...

08.12.2025 15:16 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

When #insider incidents can hit even the most #security focused companies, it forces every organization to reconsider how much โ€œtrustโ€ is built into their workflows. More on our blog: www.lmgsecurity.com/betrayed-fro... or podcast: www.chatcyberside.com/e/when-secur... #insiderthreat #cybersecurity

05.12.2025 15:37 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Betrayed From Within: The Modern Insider Attack | LMG Security Insider threats are accelerating. See whatโ€™s behind the surge and the steps security leaders can take now to strengthen defenses from the inside out.

Insider threats are rising fast. LMG analyzes the latest cases โ€” CrowdStrike, DigitalMint, Tesla & more โ€” and what organizations can do now to reduce #risk.

Read: https://www.lmgsecurity.com/betrayed-from-within-the-modern-insider-attack/

#InsiderThreat #DataProtection #CompanyCulture

04.12.2025 15:01 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
What โ€œImmutable Backupsโ€ Really Mean & How It Speeds Ransomware Recovery
YouTube video by LMG Security What โ€œImmutable Backupsโ€ Really Mean & How It Speeds Ransomware Recovery

Recovery times are improving, and the rise of truly immutable #backups is a major reason why. Watch as we break down what โ€œimmutableโ€ actually means, why it matters for #ransomware resilience, and how proactive planning accelerates recovery. www.youtube.com/watch?v=XgdP... #DataRecovery #BCDR

03.12.2025 15:41 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

Insider threats arenโ€™t theoretical anymoreโ€”theyโ€™re happening inside orgs just like yours.

This week on #CybersideChats, we break down insider cases from #CrowdStrike, #DigitalMint, & others, and share strategies to reduce your org's risk. youtu.be/s7QW_BkkAvM

#InsiderThreats #Cybersecurity

02.12.2025 15:18 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

75% percent of #manufacturers are carrying critical OT #vulnerabilities, often buried inside proprietary equipment and aging software that keeps production moving but limits security options. Sherri Davidoff and Matt Durrin share more in this quick video: https://www.youtube.com/watch?v=cETaSkOb5kw

28.11.2025 18:25 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

This Thanksgiving, weโ€™re feeling grateful for the clients, partners, and colleagues who make our work meaningful all year long.

Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday.

27.11.2025 18:20 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Made in Chinaโ€”Hacked Everywhere? What Organizations Need to Know Now | LMG Security The stories sound like something out of a cyber-thriller: a city tests a Chinese-made electric bus in a decommissioned mine to see if it can be remotely shut down. U.S. ports discover hidden cellular modems inside massive cargo cranes. A common hospital patient monitor reveals an undeclared backdoor that allowsโ€ฆ

Chinese-made #IoT devices are turning up with hidden radios, undocumented modems, and opaque update channelsโ€”and organizations need faster ways to assess the risk. More on our blog: https://www.lmgsecurity.com/made-in-china-hacked-everywhere-what-organizations-need-to-know-now/ #SupplyChainSecurity

26.11.2025 16:05 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

A single โ€œsmartโ€ device can quietly tunnel out of your network. Today on #CybersideChats: real-world scenarios where hidden radios, #cloud paths, and offshore update servers slipped in through routine #hardware purchases.

Listen: www.chatcyberside.com/e/chinas-hid...

Watch: youtu.be/WYq6YTqanA4

25.11.2025 15:43 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
MFA Reality Check: Are you Vulnerable to Fatigue & Fallback Abuse?
YouTube video by LMG Security MFA Reality Check: Are you Vulnerable to Fatigue & Fallback Abuse?

#MFA alone isnโ€™t enough if attackers can exploit fatigue prompts or weak fallback options. In this 1-minute video, we break down the most common gaps. www.youtube.com/watch?v=x290...

#Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices

24.11.2025 15:35 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

#Holiday season scams now hit businesses as hard as consumers. This checklist highlights practical steps #security teams can take nowโ€”from enforcing strong #MFA to tuning #botdetection rules & more: www.lmgsecurity.com/resources/ho...

#Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing

21.11.2025 17:29 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Holiday Hackers: How AI Is Supercharging Seasonal Fraudโ€”and What Your Organization Must Do Now | LMG Security Holiday fraud is surging 520% this season, and consumer scams are becoming enterprise breaches. Find out how this happens, and download our checklist to reduce your organizationโ€™s risk.

Attackers are now using #maliciousAI to launch #holidayscams at scale. We just published a breakdown of this yearโ€™s AI-driven holiday #fraud surgeโ€”plus an actionable checklist: https://www.lmgsecurity.com/holiday-hackers-how-ai-is-supercharging-seasonal-fraud-and-what-your-organization-must-do-now/

19.11.2025 17:39 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

#AI driven #fraud is hitting holiday shoppers at machine speed. Today on #CybersideChats, Sherri & Matt discuss how #phishing kits, prebuilt configs, and bot-driven takeovers enable #CredentialAbuse.

Podcast: www.chatcyberside.com/e/holiday-ha...

Video: youtu.be/TpMD5v5JUNc

#Cybersecurity

18.11.2025 13:23 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

When #security assessments leak, the fallout can eclipse the incident. In our latest #CybersideChats on the #Louvre heist, we dig into how exposed #audit findings fueled scrutiny. Listen to hear how a seven-minute #robbery turned into a reputational firestorm: www.chatcyberside.com/e/louvre-hei...

17.11.2025 15:55 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Cyberside Chats Live! Made in China โ€” Hacked Everywhere?

Your #network may be locked downโ€”but what about the circuitry inside your devices? Join us on November 19th for Cyberside Chats: Live! on how #hardware choices and opaque sourcing can introduce #risk + steps to spot red flags. https://www.lmgsecurity.com/event/cyberside-chats-live-november-2025/

14.11.2025 14:10 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@lmgsecurity is following 3 prominent accounts