Schweizer #CISO warnt vor Datenabflüssen bei Einsatz von #Microsoft 365 und sei deshalb von seinen Aufgaben freigestellt worden.
Also, falls ihr euch fragt, warum das da draußen alles so scheiße ist: (Geschmierte?) Dickköpfe an den entscheidenden Stellen schmeißen Mahner und Warner einfach raus - getreu dem Motto: Wenn die Lampe für Ölwechsel brennt, musst du sie nur ausknipsen.
7 типичных ошибок CISO
О том, кто такой Chief Information Security Officer (CISO) написано множество публикаций, поэтому мы лишь напомним, что это директор по информационной безопасности в организации. Этот руководитель отвечает за обеспечение ИБ и его ошибки могут дорого обойтись компании. В этой статье мы рассмотрим несколько наиболее распространенных ошибок, которые допускают руководители ИБ при планировании и организации процессов защиты. Да, эти ошибки хорошо известны, но из года в год множество организаций наступает на одни и те же грабли и об этом мы хотели бы сегодня поговорить. С ростом зависимости от технологий в нашей личной и профессиональной жизни крайне важно иметь надежные меры кибербезопасности для защиты от таких угроз, как хакеры, вредоносное ПО и утечки данных. Ошибки в этой области могут иметь серьезные последствия, включая потерю конфиденциальной информации, финансовый ущерб и ущерб репутации организации.
🔐Cybersecurity is now core to every technical role. DevOps. AppDev. SRE. Architects. Watch "Cybersecurity Skills: A Framework That Works" -- an on-demand webinar -- to learn how to close key security skill gaps for you and your teams.
🎥 Watch now: https://training.linuxfoundation.org/resources/webinars/cybersecurity-skills-framework-webinar/
#CyberSecurity #DevSecOps #SREs #CTO #CISO #SysAdmins #Developers
New survey finds more than 50% of CISOs now oversee 10+ security areas, often with few legal protections and short tenures. Here’s how they are justifying their budgets → https://socket.dev/blog/survey-finds-over-half-of-cisos-manage-10-security-areas #CISO #cybersecurity #infosec
@adfichter @rahel_estermann
Inzwischen hat auch #Heise den Luzerner Konflikt rund um #Microsoft #M365 aufgenommen, was anscheinend zur Entlassung des IT-Sicherheitschefs #CISO geführt hat, weil er sich gegen die Einführung von M365 in #Luzern aussprach.
https://www.heise.de/news/Schweizer-Kanton-feuert-CISO-im-Streit-um-Nutzung-der-Microsoft-Cloud-10451987.html
“You think it’s just a light bulb—but it’s not off. It’s watching, listening… maybe even hacking.”
LMG Security’s @tompohl revealed how $20 smart outlets and light bulbs can be exploited for WiFi cracking, evil twin attacks, and stealth monitoring—turning everyday gadgets into real-world threats.
In our latest blog, we’ll share:
▪ How attackers can exploit everyday IoT gadgets to breach your organization
▪ Advice on how to lock down your smart tech
▪ Tips on segmentation, firmware auditing, and red teaming
Read the blog: https://www.lmgsecurity.com/i-have-the-power-iot-security-challenges-hidden-in-smart-bulbs-and-outlets/
#IoTSecurity #Cybersecurity #SmartDevices #LMGSecurity #Cyberaware #IoT #Cyber #Tech #CISO #IT #PenetrationTesting #RogueDevices #BSidesDesMoines #Infosec #ITsecurity
Ever wonder what’s on a CISO’s desk?
This isn’t a Pinterest-perfect setup—it’s a battle station for clarity, chaos, and caffeine.
• 2x monitors (because 1 isn’t enough)
• Standing desk: your only workout some days
• Lights + mic for non-stop video calls
• Reading glasses for the end-of-day blur
• Tablet: because more screens = more “productivity”
• Notebook for jotting down actual secret stuff
• Ambient alert lamp that turns red when the SHTF
• Coffee cup because: Drink coffee. Do Cool Stuff. ☕
What's your setup look like?
#Cybersecurity #CISO #Leadership #WorkSetup #LimitlessCyber #DrinkCoffeeDoCoolStuff
What Happens When AI Goes Rogue?
From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.
In our new Cyberside Chats episode, LMG Security’s @sherridavidoff and @MDurrin share new AI developments, including:
• Scheming behavior in Apollo’s LLM experiments
• Claude Opus 4 acting as a whistleblower
• AI blackmailing users to avoid shutdown
• Strategic self-preservation and resistance to being replaced
• What this means for your data integrity, confidentiality, and availability
📺 Watch the video: https://youtu.be/k9h2-lEf9ZM
🎧 Listen to the podcast: https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a
#AIsecurity #RogueAI #ZeroTrust #Cybersecurity #CybersideChats #LMGSecurity #AIWhistleblower #AIgoals #LLM #ClaudeAI #ApolloAI #AISafety #CISO #CEO #SMB #Cyberaware #Cyber #Tech
New AI Security Risk Uncovered in Microsoft 365 Copilot
A zero-click vulnerability has been discovered in Microsoft 365 Copilot—exposing sensitive data without any user interaction. This flaw could allow attackers to silently extract corporate data using AI-integrated tools.
If your organization is adopting AI in productivity platforms, it’s time to get serious about AI risk management:
• Conduct a Copilot risk assessment
• Monitor prompt histories and output
• Limit exposure of sensitive data to AI tools
• Update your incident response plan for AI-based threats
AI can boost productivity, but it also opens new doors for attackers. Make sure your cybersecurity program keeps up. Contact our LMG Security team if you need a risk assessment or help with AI policy development.
Read the article: https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/
#AISecurity #Microsoft365 #Copilot #ZeroClick #DataLeak #CyberRisk #LMGSecurity #AItools #ShadowAI #Cybersecurity #RiskManagement #SMB #CEO #CISO #Infosec #IT
“The fact that agents use trusted and untrusted data in the same ‘thought process’ is the basic design flaw that makes them vulnerable.”
Such systemic design flaw should have any #CISO or #ITArchitect immediately ban the use of internet connected #AI #LLM for their orgs.
https://fortune.com/2025/06/11/microsoft-copilot-vulnerability-ai-agents-echoleak-hacking/
Ever wonder how hackers really get in?
We sat down with LMG Security’s Penetration Testing Manager, @tompohl, to get penetration tester secrets from the front lines. From overlooked credentials to forgotten assets, these are the weak spots attackers love—and how to fix them.
We'll cover:
• The top entry points that attackers exploit
• Real-life examples from professional penetration testers
• Actionable tips to eliminate common network vulnerabilities
Don’t miss this behind-the-scenes breakdown: https://www.lmgsecurity.com/penetration-tester-secrets-how-hackers-really-get-in/
#PenetrationTester #Cybersecurity #NetworkSecurity #EthicalHacking #CISO #DFIR #Infosec #RedTeam #Pentesting
Non-Human Identities: The Hidden Risk in Your Stack
Non-human identities (NHIs)—like API keys, service accounts, and OAuth tokens—now outnumber human accounts in many enterprises. But are you managing them securely? With 46% of organizations reporting compromises of NHI credentials just this year, it’s clear: these powerful, often-overlooked accounts are the next cybersecurity frontier.
Read The Hacker News article for more details: https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html
#IdentitySecurity #CyberRisk #APIsecurity #NHIs #DevSecOps #IAM #CISO #Cybersecurity #MachineIdentities #ZeroTrust #RiskManagement #Infosec #IT #ITsecurity
Windows Admins—Don’t Delete That Empty inetpub Folder!
Microsoft has released a PowerShell script to restore the C:\inetpub folder created by the April 2025 security update after many users mistakenly deleted it, not realizing it plays a critical role in mitigating a high-severity privilege escalation vulnerability (CVE-2025-21204).
This seemingly empty folder helps protect against attackers escalating privileges using symbolic link abuse, and deleting it can leave your organization vulnerable. If you have already deleted it, Microsoft has a restoration script.
Read the details: https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-restore-inetpub-folder-you-shouldnt-delete/
#WindowsSecurity #PowerShell #CVE202521204 #PrivilegeEscalation #PatchManagement #Cybersecurity #ITAdmin #Microsoft #CISO #Infosec #IT
AI is the new attack surface—are you ready?
From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.
Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:
▪️ The rise of shadow AI (yes, your team is probably using it!)
▪️ Real-world examples of AI misconfigurations and account takeovers
▪️ What to ask vendors about their AI usage
▪️ How to update your incident response plan for deepfakes
▪️ Actionable steps for AI risk assessments and inventories
Don’t let your AI deployment become your biggest security blind spot.
Watch now: https://youtu.be/R9z9A0eTvp0
#AIsecurity #ShadowAI #Deepfakes #AItools #CyberRisk #AI #Cybersecurity #SMB #CEO #IncidentResponse #GenAI #DataPrivacy #Cyberaware #CISO
Just released! Our Top Cybersecurity Control selection for Q2 2025 is Continuous Vulnerability Management (CVM).
Why CVM? We’ve analyzed the trends, and today’s threat landscape demands more than periodic scans and reactive fixes. Attackers are exploiting new vulnerabilities within hours, sometimes minutes, of disclosure. You need a program that’s always on, and it’s also becoming a compliance necessity.
Read the analysis on why CVM is the top control for Q2 and how to put it into action: https://www.lmgsecurity.com/why-continuous-vulnerability-management-is-the-top-cybersecurity-control-for-q2-2025/?latest
#Cybersecurity #ContinuousVulnerabilityManagement #VulnerabilityManagement #CVM #RiskManagement #AttackSurface #Infosec #IT #Cyberaware #CISO #Compliance #CyberRisk #Security
Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?
These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.
Join us as we unpack:
▪ What “high-agency behavior” means in cutting-edge AI
▪ How API access can expose unpredictable and dangerous model actions
▪ Why these findings matter now for security teams
▪ What it all means for incident response and digital trust
Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!
Register today: https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/
#CybersideChats #AIsecurity #AI #RiskManagement #DFIR #IT #Infosec #Cybersecurity #Security #CyberRisk #CISO #Cyber #Tech #CYberaware #SMB #CEO
How do hackers break into your network? Find out from the pros who do it every day!
In this week’s Cyberside Chats, @tompohl, head of penetration testing at LMG Security, joins @sherridavidoff to reveal how his team gains domain admin access in over 90% of tests.
From outdated Active Directory settings to risky legacy protocols, this episode is packed with real-world insights to help you reduce your organization’s risk. We’ll share:
✅ The hidden vulnerabilities attackers love
✅ Tips to harden your infrastructure
✅ What penetration testers see that most defenders miss
🎥 Watch the full episode: https://youtu.be/VEeWkVBDDP8
🎧 Prefer audio? Listen to the podcast: https://www.chatcyberside.com/e/unveiling-the-secrets-of-penetration-testing/?token=6b16f323d00f32474ccfe6a7952ec47a
#cybersecurity #pentesting #penetrationtesting #DFIR #infosec #CybersideChats #CISO #ITSecurity #ActiveDirectory #RiskManagement #SMB #databreach #pentest
Almost every organization is using some type of AI, but are you securing it?
Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program Updates
From deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.
Check it out: https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/
#Cybersecurity #AIsecurity #AI #GenAI #AIgovernance #CISO #CEO #RiskManagement #Infosec #Cyberaware #Cyber #IT #Security #Cyber #Tech
