Insider threats are no longer edge cases — they’re becoming one of the most common drivers of real-world incidents.

Our latest article analyzes insider cases at CrowdStrike, DigitalMint, Tesla, and more, highlighting how attackers are:
- Buying insider access
- Recruiting disgruntled employees
- Exploiting remote hiring processes
- And impersonating workers using stolen identities

We outline five actionable steps security leaders can take today to strengthen insider-threat defenses.

➡️ Betrayed From Within: The Modern Insider Attack https://www.lmgsecurity.com/betrayed-from-within-the-modern-insider-attack/

#InsiderThreat #DataProtection #AccessControl #SecurityOperations #CompanyCulture #RiskReduction #CyberDefense

Recovery times are improving, and the rise of truly immutable backups is a major reason why.

This short video breaks down what “immutable” actually means, why it matters for ransomware resilience, and how proactive planning accelerates recovery.

If you’re reassessing your backup strategy, this is a clear look at what’s driving faster bounce-backs.

Watch here: https://www.youtube.com/watch?v=XgdPWZ5OKB0

#Cybersecurity #Ransomware #DataRecovery #BackupSecurity #ImmutableBackups #Resilience #IncidentResponse #BusinessContinuity

Insider threats aren’t theoretical anymore—they’re happening inside organizations just like yours.

This week on Cyberside Chats, Sherri and Matt break down major insider cases—from the new CrowdStrike leak and DigitalMint ransomware indictments to Tesla’s multi-year insider problems, and the crackdown on North Korean operatives using stolen identities to get hired.

Attackers are buying, recruiting, and embedding insiders faster than organizations are adapting their defenses.

Watch this week’s full episode for actionable strategies to reduce your organization’s risk.

Watch: https://youtu.be/s7QW_BkkAvM

Listen: https://www.chatcyberside.com/e/when-security-fails-crowdstrike-insider-leaks-and-the-threat-within/?token=80d65859eee83d3963239e2310e4d035

#Ransomware #InsiderThreats #Cybersecurity #CrowdStrike #DigitalMint #Tesla #Cyberaware #Infosec

A single “smart” device with undocumented connectivity can quietly tunnel out of your network—and most organizations don’t discover it until something goes wrong.

On the latest Cyberside Chats episode, Sherri Davidoff and Matt Durrin walk through real-world scenarios where hidden radios, cloud paths, and offshore update servers slipped in through routine hardware purchases. They explain how simple policies, ABOM requirements, and smart segmentation can stop these surprises before they become security incidents.

Listen here: https://www.chatcyberside.com/e/chinas-hidden-backdoors-buses-cranes-and-critical-infrastructure/

Watch the video: https://youtu.be/WYq6YTqanA4

#CybersideChats #HardwareRisk #SupplyChainSecurity #ThirdPartyRisk #ABOM #NetworkSecurity #FirmwareIntegrity #ConnectedTech

MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options.

In this 1-minute video, Sherri Davidoff and Matt Durrin break down the most common gaps and what defenders must reassess. A strong security program starts with understanding how your MFA behaves under pressure. https://www.youtube.com/watch?v=x290l-EAo8Q

#Cybersecurity #MFA #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices

Holiday-season scams now hit businesses as hard as consumers, with bots, spoofed sites, and AI-driven phishing targeting employees across SSO, VPN, and admin portals.

This checklist highlights practical steps security teams can take now — from enforcing strong MFA to tuning bot-detection rules and running focused awareness pushes before Black Friday and Christmas. Download it here: https://www.lmgsecurity.com/resources/holiday-fraud-defense-checklist/

#Cybersecurity #FraudPrevention #MFA #DNSFiltering #BotDetection #SecurityAwareness #BYOD #Phishing

“WormGPT did in 30 seconds what used to take hours to build.” - Matt Durrin, LMG Security

Attackers are now using malicious AI to launch holiday scams at a scale we’ve never seen before. And those stolen consumer credentials? They’re flowing straight into SSO, Microsoft 365, and VPN attacks.

We just published a breakdown of this year’s AI-driven holiday fraud surge — plus a free checklist your team can use today: https://www.lmgsecurity.com/holiday-hackers-how-ai-is-supercharging-seasonal-fraud-and-what-your-organization-must-do-now/

#Cybersecurity #Fraud #AI #MaliciousAI #Holidays #HolidayScams #RemoteWork #Infosec

AI-driven fraud is hitting holiday shoppers at machine speed. In today’s Cyberside Chats episode, Sherri Davidoff and Matt Durrin unpack what that looks like in the real world. They discuss how phishing kits, prebuilt configs, and bot-driven takeovers are giving attackers a near-instant launchpad for credential abuse.

This breakdown shows how quickly these tools scale—and why teams need to shore up people, passwords, and payments before the rush.

Listen here: https://www.chatcyberside.com/e/holiday-hack-alert-ai-bots-phishing-and-the-gift-card-scam-surge/

Watch the video: https://youtu.be/TpMD5v5JUNc

Or find Cyberside Chats wherever you get your podcasts.

#CyberDefense #SecurityAwareness #OnlineFraud #DigitalRisk #ThreatResearch #AIinSecurity #Malvertising #HolidayThreats

When security assessments leak, the fallout can eclipse the original incident.

In our latest Cyberside Chats episode on the Louvre heist, Sherri Davidoff and Matt Durrin dig into how exposed audit findings fueled public scrutiny and what every organization should learn from it.

If you want to hear how a seven-minute robbery turned into a reputational firestorm — and how to keep your own reports from becoming headlines — listen to the full podcast here: https://www.chatcyberside.com/e/louvre-heist-exposed-how-weak-tech-old-passwords-invited-the-theft/

#Cybersecurity #InformationSecurity #ReputationalRisk #SecurityAudits #DataProtection #ThirdPartyRisk #IncidentResponse #CyberRisk

Your network may be locked down — but what about the circuitry inside the devices you trust?

Join Sherri Davidoff and Matt Durrin next Wednesday, November 19th for a Cyberside Chats: Live! that explores how subtle hardware design choices and opaque sourcing can introduce risk long before a device ever reaches your environment. You’ll also learn the steps your team can take to spot the red flags.

Register here: https://www.lmgsecurity.com/event/cyberside-chats-live-november-2025/

#Cybersecurity #SupplyChainSecurity #ThirdPartyRiskManagement #HardwareSecurity #FirmwareRisk #EnterpriseSecurity #CyberRisk #Podcast

Last week, LMG Security had the pleasure of speaking with the Las Vegas ISSA chapter!

Our Director of Training and Research Matt Durrin led a thought-provoking session on “Deep Fakes & AI: The New Frontier of Cybercrime.” He explored how rapidly evolving AI tools are transforming social engineering, fraud, and digital trust.

Thank you to the ISSA Las Vegas community for the warm welcome and insightful discussion.

#Cybersecurity #AI #DeepFakes #SocialEngineering #FraudPrevention #Cybercrime #SecurityAwareness #InformationSecurity

When the Louvre was robbed in just seven minutes, most people blamed the thieves. But leaked audit reports told another story — one of weak passwords, ignored warnings, and outdated systems.

In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin reveal how the same security blind spots behind the heist also threaten hospitals, banks, and critical infrastructure today and what practical steps you can take to avoid becoming the next headline.

Listen now and learn how to lock down your organization.

Podcast: https://www.chatcyberside.com/e/louvre-heist-exposed-how-weak-tech-old-passwords-invited-the-theft/

Video: https://youtu.be/3ErXdXv_bN8

#Cybersecurity #PhysicalSecurity #Security #Authentication #PasswordSecurity #PenetrationTesting #RiskManagement #Louvre #Infosec

CISA’s Automated Indicator Sharing (AIS) program once delivered real-time, machine-readable threat intelligence across sectors to help organizations detect and respond faster.

But with participation disrupted, collective defense is at risk. In this video, we explain how AIS worked, why it mattered, and what your organization can do to stay protected in a post-AIS environment.

Watch now to learn how to adapt your threat intelligence strategy: https://www.youtube.com/watch?v=qFPCLWb9ezs

#Cybersecurity #ThreatIntelligence #CISA #InfoSharing #IncidentResponse #ThreatDetection #CollectiveDefense #CyberResilience

A great penetration test doesn’t just find vulnerabilities—it shows how attackers could exploit them and exposes the human and procedural gaps behind technical issues. Organizations that test regularly build stronger coordination, improve processes, and prevent repeat mistakes.

That’s why penetration testing has earned its place as LMG Security’s Top Cybersecurity Control of Q4 2025. Read our blog to learn more: https://www.lmgsecurity.com/top-control-of-q4-2025-penetration-testing/

How does your team turn penetration test results into lasting improvements?

#Cybersecurity #PenetrationTesting #RiskManagement

What can a jewel heist teach us about cybersecurity?

When Hank Green sat down with Sherri Davidoff to analyze the Louvre theft, the conversation revealed striking parallels between physical and digital breaches. From "unpatched" vulnerabilities (digital and physical) to leaked audits, attackers thrive when everyday operations create blind spots. Every system—whether it’s a museum or a network—has tradeoffs that criminals are eager to exploit.

Watch the full conversation here: https://youtu.be/NIGbQ9NHFEg?si=fdff_1IrtdXfWshR

#Cybersecurity #RiskManagement #SecurityStrategy #IncidentResponse #ThreatAnalysis #InformationSecurity #DataProtection #SecurityAwareness

I can't say I was expecting to see a high school friend interviewed in a #HankGreen video about the Louvre Heist!

https://youtu.be/NIGbQ9NHFEg?t=156

And it looks like the security company #SherriDavidoff founded is on Mastodon at @LMGsecurity!

Attackers are turning Google results into malware delivery systems, using fake software installers and sponsored ads to plant backdoors inside organizations. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin unpack the latest SEO poisoning and malvertising research and share actionable defenses.

From ad blocking to safer browsing habits, learn how to protect your team from the poisoned web. Listen to the podcast: https://www.chatcyberside.com/e/search-results-are-the-new-phish-inside-seo-poisoning-attacks/

Watch the video: https://youtu.be/xKKA1ikoZ-4

#SEOpoisoning #Malvertising #Cybersecurity #Software #Advertising #Phishing #PoisonedWeb

What happens when you mix a high-stakes cybersecurity tabletop with top-shelf whiskey? You get an unforgettable night.

LMG Security teamed up with our partners at Constangy for an exclusive AI Fraud Tabletop and Whiskey Tasting at the Multnomah Whiskey Library. Guests put their skills to the test in a live, AI-driven fraud scenario while enjoying a curated whiskey flight.

A huge thank-you to everyone who joined us for sharp insights, great company, and an incredible evening!

#Cybersecurity #infosec #AIFraud #IncidentResponse #AIsecurity #tabletopexercise #AI

Hackers don’t need to phish your inbox anymore — they just need you to search.

Attackers are poisoning Google results and buying ads to spread malware and steal credentials. In our latest blog, we break down how fake Microsoft Teams installers, cloned payroll portals, and AI-generated phishing campaigns are reshaping modern social engineering — and how your organization can fight back.

Read more: https://www.lmgsecurity.com/poisoned-search-how-hackers-turn-google-results-into-backdoors/

#Cybersecurity #Phishing #AI #CISO #ITSecurity #AIsecurity #Malvertising

We had a great time exhibiting at BSides Portland and connecting with the local security community last week.

LMG’s Matt Durrin took the stage to present “Hackers + AI: Faster, Smarter, More Dangerous,” a live demo showing how criminals are using tools like WormGPT to uncover vulnerabilities, generate exploits, and weaponize zero-days faster than ever.

Thank you to the BSides Portland organizers and attendees for another fantastic event.

#Cybersecurity #AI #Infosec #BSides #AI #AISecurity #WormGPT #BSidesPDX