Are your defenses ready for the quantum future?

Quantum computing and cybersecurity are on a collision course—and it's time to start thinking about the impacts it will have on your organization.

Check out our latest blog to learn what quantum computing means for your organization, the NIST standards, how to protect your data, and what steps to take right now to stay ahead of the curve.

Read more: https://www.lmgsecurity.com/quantum-computing-and-cybersecurity-how-to-secure-the-quantum-future/

#Cybersecurity #QuantumComputing #PostQuantum #DataSecurity #Tech #Cyberaware #NIST #Encryption #Infosec #CISO #RiskManagement #IT #Cyber

Windows 11 just took a major step into post-quantum security. At Microsoft BUILD 2025, the company announced the integration of quantum-resistant cryptography into Windows 11. For the first time, developers can invoke post-quantum algorithms using standard Windows APIs. It’s a pivotal move to safeguard data from future quantum-enabled threats.

Read the details: https://arstechnica.com/security/2025/05/heres-how-windows-11-aims-to-make-the-world-safe-in-the-post-quantum-era/

#PostQuantum #Cryptography #Microsoft #Windows11 #Cybersecurity #QuantumComputing #Encryption #IT #CISO #RiskManagement #InfoSec

509 / 63,206

The hackers got hacked! In an ironic twist, LockBit, the infamous ransomware-as-a-service gang, was breached. Watch the new episode of Cyberside Chats as @sherridavidoff and @MDurrin share the details and explain what it means for cyber defenders.

We explore what was leaked, why it matters, and how this incident compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization.

Watch or listen now and get practical takeaways to strengthen your ransomware response playbook.

Watch: https://youtu.be/xr-8GhazgME
Listen: https://www.chatcyberside.com/e/lockbits-own-medicine-when-hackers-get-hacked/?token=914ee622fe9d4797c7a87bfedd0294f0

#Ransomware #Cybersecurity #LockBit #DFIR #IncidentResponse #ThreatIntel #CybersideChats #LMGSecurity #Cybercrime #Hackers #DataBreach #CISO #CyberAware

New ransomware tactic! Firmware-based attacks could soon target your CPU directly. Rapid7's team has developed a proof-of-concept ransomware capable of infecting CPU microcode, potentially bypassing all traditional cybersecurity defenses and locking drives before the OS even boots.

Read the details: https://www.tomshardware.com/pc-components/cpus/worlds-first-cpu-level-ransomware-can-bypass-every-freaking-traditional-technology-we-have-out-there-new-firmware-based-attacks-could-usher-in-new-era-of-unavoidable-ransomware

#cybersecurity #ransomware #infosec #DFIR #CISO #ITsecurity #IT #riskmanagement

File Transfer Tools Under Fire

Secure file transfer vulnerabilities are fueling massive breaches—and insurers are tightening the rules. In just 9 minutes, get expert insights on:

✅ The ripple effect of the CrowdStrike outage
✅ How the Cleo breach by the Clop gang impacts your data
✅ AI’s role in faster exploits and leaked code weaponization
✅ How cyber insurance is evolving
✅ What your team can do to stay protected

From MoveIt to Cleo, file transfer tools are prime targets. Don’t become the next headline.

Watch now: https://youtu.be/vAm5N8c2EGk

#CyberInsurance #FileTransferBreach #CleoBreach #ClopRansomware #CrowdStrike #ZeroDay #Cybersecurity #LMGSecurity #DataRisk #VulnerabilityManagement #databreach #CISO #Cyberaware #Infosec #DFIR

At the recent #RSAC2025 conference, LMG Security's @sherridavidoff and @MDurrin drew packed crowds with their sessions on how hackers use AI to exploit stolen source code and a hands-on tabletop lab exploring deepfake cyber extortion.

We’ve received a lot of inquiries about these sessions! If you couldn’t attend RSA and you're interested in these topics, we also offer custom training and tabletop exercises to help your team prepare for the next generation of AI-powered cyber threats.

Contact us to learn more: https://www.lmgsecurity.com/contact-us/

#Cybersecurity #AIsecurity #AI #TabletopExercises #CISO #Infosec #RiskManagement #IT #Deepfake #CIO #DFIR #ITsecurity

AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney @baybedoll shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.

From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.

Read now: https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/

#CyberSecurity #PromptInjection #AIsecurity #WebAppSecurity #PenetrationTesting #LLMvulnerabilities #Pentest #DFIR #AI #CISO #Pentesting #Infosec #ITsecurity

2025 Ransomware Trends You Need to Know

Ransomware isn’t slowing down—in fact, it’s evolving faster than ever in 2025. Watch our new video for details on ransomware trends, including:

🔹 AI-powered ransomware that evolves faster than defenders can keep up
🔹 A surge in rookie attackers using leaked playbooks and dark web kits
🔹 The 2025 must-have proactive prevention strategies

Watch now for the details! https://youtu.be/r4_ePm3swE0

#Cybersecurity #Cyberaware #Ransomware #RansomwareTrends #AIThreats #EDR #XDR #SupplyChainSecurity

The FBI has issued an alert about cybercriminals hijacking outdated routers to power massive proxy-for-hire networks—masking malware, fraud, and credential theft right under your nose.

Watch the full Cyberside Chats episode to hear @sherridavidoff and @MDurrin 's insights on:

🔹 The FBI’s May 2025 alert
🔹 TheMoon malware and the Faceless proxy service
🔹 What these botnets mean for your enterprise
🔹 What you need to do now to stay protected

🎥 Watch the video: https://youtu.be/x_40BlvWsHk
🎧 Listen to the podcast: https://www.chatcyberside.com/e/outdated-routers-a-hidden-threat-in-your-neighborhood/?token=b0b648ff9ddf79f7cb1099945c74f7f0

#Cybersecurity #RouterSecurity #ThreatIntel #Malware #CISO #CybersideChats #ProxyAbuse #TheMoonMalware #Botnets #NetworkSecurity #CISO #Cyberaware #Tech #Infosec #IT #CIO #SMB #Cyber

Think your network is locked down? Think again.

Register for our May 28th Cyberside Chats Live episode featuring special guest @tompohl, LMG Security’s Head of Penetration Testing, and discover the most common security gaps attackers exploit.

Tom will share how his team routinely gains domain admin access in over 90% of their engagements—and how you can stop real attackers from doing the same. He’ll break down the weak points they target, from insecure default Active Directory settings to overlooked misconfigurations—even in mature environments.

Register now: https://www.lmgsecurity.com/event/cyberside-chats-live-may-2025/

#Cybersecurity #PenetrationTesting #InfoSec #ITsecurity #CybersideChats #CISO #Pentest #DFIR #NetworkSecurity #IT

Check out TechSpot’s new article featuring LMG Security’s @sherridavidoff and @MDurrin on how “Evil AI” is accelerating cyber threats.

The article recaps their #RSAC2025 presentation, where they demonstrated how rogue AI tools like WormGPT—AI stripped of ethical guardrails—can rapidly detect and help exploit real-world vulnerabilities.

From identifying SQL flaws to delivering working Log4j and Magento exploits, Sherri and Matt reveal how AI is arming cybercriminals faster than traditional defenses can keep up.

Read the full TechSpot article: https://www.techspot.com/news/107786-rsa-conference-experts-reveal-how-evil-ai-changing.html#commentsOffset

#Cybersecurity #AIsecurity #WormGPT #RSAC #TechSpot #Infosec #LMGSecurity #AI #EvilAI #RiskManagement #CISO #SMB #CIO #IT #ITsecurity #RSAC2025

Dive into our new technical blog, No Exploits Needed: Using Cisco’s Own Features to Extract Credentials, for a behind-the-scenes look at how default settings can lead to a data breach.

In this post, Penetration Testing Team Manager @tompohl shares how he extracted a Cisco router’s entire running configuration—no credentials required—during a recent penetration test and offers tips for hardening your security. https://www.lmgsecurity.com/no-exploits-needed-using-ciscos-own-features-to-extract-credentials/

#Cybersecurity #PenetrationTesting #Pentest #IT #CISO #DFIR #Infosec #ITsecurity #NetworkSecurity #Cisco #SecurityTesting

Congratulations to @sherridavidoff and @MDurrin for an amazing session at #RSAC! PCWorld called their session on Evil AI and hacker tools like WormGPT “a glimpse into a mirror universe” that provided an “aha” moment about how AI is already impacting cybersecurity.

In a packed room at RSA, Sherri and Matt demonstrated how rogue AI tools are already finding vulnerabilities faster than many defensive systems and how the cybersecurity community must adapt.

Read PCWorld's full article: https://ow.ly/M6gz50VMXGo

#Cybersecurity #AI #InfoSec #LMGSecurity #WormGPT #EvilAI #CISO #CEO #CyberAware #CIO #RiskManagement #AIThreats #ITsecurity #IT #Tech #Cyber

AI is making #cyberattacks faster and easier. Are you ready?

In our latest podcast, Hacker AI: Smarter Attacks, Faster Exploits, Higher Stakes, @sherridavidoff and @MDurrin dive into how cybercriminals are weaponizing AI to launch more convincing, scalable attacks—from deepfake scams to AI-assisted exploit development.
You'll hear about original research using real underground AI tools like WormGPT, plus field-tested strategies you can put into action today to defend your organization.

🎥 Watch the full episode: https://youtu.be/QfhmG7QxTdI
🎧 Listen on your favorite podcast app: https://www.chatcyberside.com/e/ai-in-cybercrime-how-hackers-exploit-artificial-intelligence/?token=57dafee9697759cbee09dcdd4929876a

#Cybersecurity #AI #AIThreats #Cybercrime #InfoSec #IncidentResponse #Cyberaware #SMB #CEO #CISO #RiskManagement #DFIR #CIO

Cybercriminals are using Google Ads to hijack accounts, steal data, and clone websites using AI—and it’s happening faster than you think.

Want to keep your company safe? Watch our latest video: Malvertising Attacks: How Google Ad Spoofed Account Attacks Work. You'll learn how these attacks work, why phishing is moving beyond email, and what practical steps you can take to defend your organization. https://youtu.be/Q_qTvyVlGwc

#Cybersecurity #Malvertising #Phishing #Google #GoogleAds #AI #InfoSec #Google #Cyberaware #SMB #RiskManagement #Tech #IT #AI

For our #Utah friends, the Early Bird Discount for our June 10th live Penetration Testing for IT Pros class ends in 2 days!

Join us in Salt Lake City for a full-day, hands-on class that teaches you how to pentest and secure your organization.

Taught by expert instructors @tompohl and @MDurrin, this hands-on training includes lab work and real-world scenarios so you can learn to find your security gaps before attackers do!

Date: Tuesday, June 10, 2025

Location: Salt Lake City, UT

Early Bird Price: $850 until May 2 ($950 after)

Seats are limited—register today: https://www.lmgsecurity.com/event/penetration-testing-for-it-pros-slc-25/

#PenetrationTesting #CyberSecurity #SaltLakeCity #EthicalHacking #Pentest #DataBreach #Utah #ITPros #Infosec #Training #Databreach #DFIR #CybersecurityTraining

Quantum computing is poised to break some of today's popular encryption standards. Is your organization ready?

From e-commerce transactions to email security, quantum advancements threaten to upend how organizations secure information. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin cut through the hype and explain what your organization needs to do now to prepare.

Learn:
• What encryption standards will be broken
• How post-quantum cryptography (PQC) is evolving
• Key steps to protect long-term confidential data
• How to future-proof your encryption strategy

🎥 Watch the full episode: https://youtu.be/MnhAm4f7Bqk

🎧Listen to the podcast: https://www.chatcyberside.com/e/quantum-apocalypse-navigating-cybersecurity-in-the-quantum-era/

#Cybersecurity #QuantumComputing #Quantum #Encryption #PostQuantumCryptography #Infosec #CISO #ITSecurity #CybersideChats #SMB #CEO #CIO

Is your organization prepared for a ransomware attack? Even one weak spot can open the door to data theft, extortion, and operational shutdowns.

Download our free Ransomware Prevention Best Practices Checklist to learn 10 critical steps to reduce your risk. https://www.lmgsecurity.com/resources/ransomware-prevention-best-practices-checklist/

#Cybersecurity #Ransomware #RiskManagement #DataProtection #Infosec #CISO #SMB #CIO #CEO #IT #Security #ITsecurity

What happens when a ransomware attack hits… and you’re also holding a glass of premium whiskey?

We had an incredible evening in Portland co-hosting a live ransomware tabletop and whiskey tasting at the Multnomah Whiskey Library, with our partners at Constangy, Brooks, Smith & Prophete, LLP. Huge thanks to Sean Hoar, CISSP, CIPP for co-presenting and bringing his expert insights as a former DOJ cyber attorney.

With every new twist in the scenario—from vendor compromise to ransom negotiation—we paused to say: “We’re going to need a stiff drink!” …and then poured the next spirit. It was a blast.

The conversations were rich, the energy was high, and one attendee told us it was the “best tabletop I’ve been to in years.” We couldn’t agree more.

More events like this are coming soon—stay tuned.

#Cybersecurity #RansomwareResponse #IncidentResponse #Ransomware #TabletopExercise #WhiskeyTasting #Portland #LMGSecurity #Constangy #CISO

Hybrid cloud environments are now the norm, but they also introduce serious cybersecurity challenges.

In this new blog, Principal Consultant Benjamin Kast breaks down the reality of hybrid cloud security, including how the shared responsibility model is often misunderstood, where attackers are exploiting misconfigurations, and a checklist to help reduce your hybrid cloud security risk.

Read the blog for practical strategies to increase visibility, reduce risk, and secure your hybrid environment before attackers find the gaps: https://www.lmgsecurity.com/where-strategy-meets-reality-hybrid-cloud-security-in-an-era-of-escalating-cyber-risk/

#HybridCloudSecurity #CloudSecurity #Cloud #Cybersecurity #CloudMisconfigurations #Security #Infosec #CISO #CIO #IT #ITsecurity