LMG Security

Last week, LMG Security had the pleasure of speaking with the Las Vegas ISSA chapter! Matt Durrin led a thought-provoking session on “ #DeepFakes & AI: The New Frontier of #Cybercrime.” He explored how rapidly evolving #AI tools are transforming #SocialEngineering, fraud, and digital trust.

When the #Louvre was robbed, most people blamed the thieves. But leaked audit reports told a story of weak passwords, ignored warnings, & outdated systems. Hear more from Sherri & Matt on Cyberside Chats.

Podcast: www.chatcyberside.com/e/louvre-hei...

Video: youtu.be/3ErXdXv_bN8

#cybersecurity

YouTube video by LMG Security What Is The Automated Indicator Sharing Program (AIS) & Why Does It Matter?

The #CISA #AIS program delivered real-time, machine-readable threat intelligence across sectors. With participation disrupted, defense is at risk. In this video, we explain how AIS worked, why it mattered, and what your organization can do to stay protected post-AIS. www.youtube.com/watch?v=qFPC...

Top Control of Q4 2025: Penetration Testing | LMG Security Discover why LMG Security named Penetration Testing the Top Control of Q4 2025. Learn how real-world testing uncovers attack paths, strengthens defenses, and turns vulnerabilities into lasting resilience.

A great #PenetrationTest doesn’t just find vulnerabilities—it shows how attackers could exploit them and exposes the gaps behind technical issues. That’s why #PenetrationTesting is our Top #Cybersecurity Control of Q4: https://www.lmgsecurity.com/top-control-of-q4-2025-penetration-testing/

YouTube video by Hank Green The Genius of the Louvre Heist

What can a jewel heist teach us about #cybersecurity? When Hank Green sat down with Sherri Davidoff to analyze the #Louvre theft, striking parallels between physical and digital breaches were revealed. youtu.be/NIGbQ9NHFEg?... #RiskManagement #IncidentResponse #InformationSecurity #DataProtection

Attackers are turning Google results into #malware delivery systems, using fake software installers and sponsored ads to plant backdoors inside organizations. Podcast: www.chatcyberside.com/e/search-res...

Video: youtu.be/xKKA1ikoZ-4

#SEOpoisoning #Malvertising #Cybersecurity #Software #Phishing

What happens when you mix a high-stakes #cybersecurity #tabletopexercise with top-shelf whiskey? An unforgettable night.

LMG Security & Constangy hosted an exclusive #AI Fraud Tabletop & Whiskey Tasting where guests tackled a live #IncidentResponse scenario.

Thanks to everyone who joined us!

Poisoned Search: How Hackers Turn Google Results into Backdoors | LMG Security Hackers are poisoning Google search results with fake ads and malware. We share the new malvertising attack trends and how to protect your organization.

Hackers don’t need to email you anymore—they just need you to search. SEO poisoning & fake ads are spreading #malware and stealing credentials. Learn how to defend against the poisoned web: https://www.lmgsecurity.com/poisoned-search-how-hackers-turn-google-results-into-backdoors/ #Phishing #AI

We had a great time at #BSidesPDX connecting with the local security community! Matt Durrin took the stage to present “Hackers + #AI: Faster, Smarter, More Dangerous,” a demo showing how criminals are using tools like #WormGPT to uncover vulnerabilities, generate exploits, and weaponize zero-days.

When #AWS went offline, the outage exposed a global web of dependencies. Sherri & Matt explore what really happened, how fourth-party risks can undermine resilience, and practical steps to take on Cyberside Chats.

Listen: www.chatcyberside.com/e/when-the-c...

Watch: youtu.be/Djz-_VblMAw

#cloud

YouTube video by LMG Security How to Protect Your Organization After the Loss of CISA Threat Intelligence Sharing

When the #Cybersecurity Information Sharing Act lapsed, organizations lost a key federal threat feed. Watch this video to learn how to strengthen private intel networks, manage legal exposure, and integrate intel loss scenarios into your #IncidentResponse plans: www.youtube.com/watch?v=2JeB... #CISA

Diversity builds resilience — especially in the #cloud. Matt Durrin reminds us that spreading workloads across multiple clouds isn’t just a best practice, it’s a safeguard against systemic risk.

More on our blog: www.lmgsecurity.com/beyond-aws-h...

#AWS #DNS #CloudSecurity #FourthPartyRisk

Beyond AWS: How Hidden Fourth-Party Risks Threaten Digital Resilience | LMG Security Discover how the October 2025 AWS outage exposed hidden fourth-party risks that threaten digital resilience across every industry. In this blog, LMG Security’s experts unpack how one faulty DNS update triggered a global ripple effect—and what your organization can do to identify and mitigate unseen dependencies in your cloud supply chain.

The #AWS outage exposed a threat: #FourthPartyRisk. When your vendors’ vendors go down, so do you. Learn what the #outage revealed & how to strengthen your #cloud resilience before the next disruption: https://www.lmgsecurity.com/beyond-aws-how-hidden-fourth-party-risks-threaten-digital-resilience/

Cyberside Chats: Live! Poisoned Search: How Hackers Turn Google Results into Backdoors In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake installers. Lear...

Attackers are exploiting search results and online ads to spread #malware through fake software installers—and it’s working. In our next Cyberside Chats: Live! on 10/29, we'll uncover the latest #SEOpoisoning & #malvertising techniques & how they evade defenses. www.lmgsecurity.com/event/cybers...

When #ransomware halted Jaguar Land Rover’s production, it disrupted entire supply chains. In our latest #CybersideChats, we discuss what made this attack so impactful and share insights on how to strengthen resilience.

Podcast: www.chatcyberside.com/e/manufactur...

Video: youtu.be/LTW59YBJe-Q

We had a great time at the @seckc.org meetup! Tom Pohl shared insights on Microsoft CA exploits, showing how small misconfigurations can lead to full domain admin takeover. Big thanks to SecKC for the welcome and for making cybersecurity even more fun with a Halloween twist. #Cybersecurity #SecKC

The Power of Why: Making Cybersecurity Training Stick | LMG Security Discover how to make cybersecurity training stick. Learn how storytelling, hands-on exercises, and relevance turn awareness into real security action.

Why do some cybersecurity trainings work while others fall flat? The difference is engagement—it starts with the “why.” Read our blog for advice on how to make training resonate https://www.lmgsecurity.com/the-power-of-why-making-cybersecurity-training-stick/ #NCSAM #CybersecurityAwarenessMonth

Understanding the Need for Cybersecurity in 2025 As cyberattacks increase in frequency across all industries, law firms need to pre-emptively prepare by creating internal safety measures.

#LawFirms face mounting #cyber risks — from phishing and ransomware to AI-driven social engineering.

In the ALA's Legal Management Magazine, LMG’s Madison Iler explains why legal organizations are prime targets. Read the article: www.alanet.org/legal-manage... #cybersecurity #legalindustry

Why does the “why” matter in #cybersecurity? Matt Durrin & Todd Stewart discuss how understanding and communicating purpose, not just process, improves engagement, retention, & impact.

#podcast: www.chatcyberside.com/e/lead-with-...

Video: www.youtube.com/watch?v=xMKi...

#CybersecurityTraining

Cyberside Chats: Live! Poisoned Search: How Hackers Turn Google Results into Backdoors In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake installers. Lear...

Attackers are poisoning Google search results and ads to spread #malware disguised as trusted software. Join us for a live Cyberside Chats on October 29th for the latest SEO poisoning and #malvertising tactics and steps to keep your organization safe. Register: www.lmgsecurity.com/event/cybers...

When #threatintelligence stops flowing, everyone feels the impact—even those who never see it directly. The expiration of the CISA raises questions about how organizations can stay informed and protected. Full conversation here: www.chatcyberside.com/e/when-cisa-...

The Cybersecurity Information Sharing Act Has Lapsed—Here’s How to Adapt & Stay Ahead of Attackers | LMG Security Since the Cybersecurity Information Sharing Act has lapsed in the government shutdown, learn how to rebuild threat-intel pipelines, reduce liability, and protect your organization now.

The expiration of the CISA cuts off a key channel of #threatintelligence just when we need it most. Read our blog for practical steps to strengthen your intel network & more. https://www.lmgsecurity.com/the-cybersecurity-information-sharing-act-has-lapsed-heres-how-to-adapt-stay-ahead-of-attackers/

YouTube video by LMG Security What is Vibe Coding vs. Vibe Hacking?

#AI tools are reshaping development—and #cybercrime. “Vibe coding” makes it easier for new developers to generate code, but attackers are using the same tools for “vibe hacking,” producing malware with minimal skill. AI can speed up attacks as quickly as it speeds up innovation. youtu.be/VpF2N-Lk2a4

YouTube video by LMG Security Shutdown Fallout: The Cybersecurity Information Sharing Act Expires

With CISA expired, the future of public-private #cybersecurity threat sharing is uncertain & liability protections are gone. Today on Cyberside Chats, Sherri Davidoff & Matt Durrin explore how security leaders can adapt.

Video: youtu.be/ZLSbBE4CgJ8

Podcast: www.chatcyberside.com/e/when-cisa-...

Scattered Spider isn’t using cutting-edge exploits. They’re calling the #helpdesk and tricking staff into resetting passwords or MFA. Full podcast: https://www.chatcyberside.com/e/inside-scattered-spider-how-teen-hackers-and-crypto-trails-brought-down-a-global-ransom-network/ #socialengineering

Telegram isn’t just chat—it’s emerging as a new iteration of the #darkweb. Encrypted channels are now hubs where cybercriminals share tools, sell products, and even run services like #WormGPT.

Full podcast: www.chatcyberside.com/e/inside-sca...

Video: www.youtube.com/watch?v=Dxd9...

Inside Scattered Spider Indictments: What Security Leaders Need to Know | LMG Security Scattered Spider indictments reveal how the group hacks help desks and bypasses MFA. We share key lessons IT leaders can use to strengthen defenses.

#ScatteredSpider isn’t going away — but the indictments offer valuable lessons for security leaders. Our latest blog breaks down what the court documents reveal and what defenders can do now.

Read the full analysis: www.lmgsecurity.com/inside-scatt...

#Cybersecurity #Ransomware #MFA

YouTube video by LMG Security Printer Cybersecurity: Practical Prevention and Risk Reduction Tactics

Printers are often the first foothold for attackers. In this quick video, Sherri Davidoff & Matt Durrin explore why printers are such an attractive target & what policies and protections your business should put in place: www.youtube.com/watch?v=a2R0...

#PrinterSecurity #Cybersecurity #PenTesting

#ScatteredSpider is back in the spotlight — but indictments tell the bigger story. Today on Cyberside Chats, Sherri & Matt break down the lessons, from tightening help desk verification to #socialengineering training.

Listen: www.chatcyberside.com/e/inside-sca...

Watch: youtu.be/Dxd9UR3nKXU

Secret Service traced swatting threats against officials. They found 300 servers capable of crippling New York’s cell system | CNN A Secret Service unit set out to unmask the layers of burner phones, changing phone numbers and SIM cards that were swatting American officials. It ended with the largest seizure of SIM servers and ca...

The Secret Service recently uncovered a network of over 300 servers and 100,000 SIM cards capable of crippling New York City’s cell service in minutes. This discovery underscores how easily #telecom systems can be manipulated at scale: www.cnn.com/2025/09/23/u...

#infosec #CriticalInfrastructure