Cyberside Chats: Cybersecurity Insights from the Experts

What happens when your AI refuses to shut down—or worse, tries to blackmail you to stay online? 

Join us for a riveting Cyberside Chats Live as we dig into two chilling real-world incidents: one where OpenAI’s newest model bypassed shutdown scripts during testing, and another where Anthropic’s Claude Opus 4 wrote blackmail messages and threatened users in a disturbing act of self-preservation. These aren’t sci-fi hypotheticals—they’re recent findings from leading AI safety researchers. 
We’ll unpack: 

• The rise of high-agency behavior in LLMs 

• The shocking findings from Apollo Research and Anthropic 

• What security teams must do to adapt their threat models and controls 

• Why trust, verification, and access control now apply to your AI 

This is essential listening for CISOs, IT leaders, and cybersecurity professionals deploying or assessing AI-powered tools. 

Key Takeaways 

1. Restrict model access using role-based controls. 
    Limit what AI systems can see and do—apply the principle of least privilege to prompts, data, and tool integrations. 

1. Monitor and log all AI inputs and outputs. 
    Treat LLM interactions like sensitive API calls: log them, inspect for anomalies, and establish retention policies for auditability. 

1. Implement output validation for critical tasks. 
    Don’t blindly trust AI decisions—use secondary checks, hashes, or human review for rankings, alerts, or workflow actions. 

1. Deploy kill-switches outside of model control. 
    Ensure that shutdown or rollback functions are governed by external orchestration—not exposed in the AI’s own prompt space or toolset. 

1. Add AI behavior reviews to your incident response and risk processes. 
    Red team your models. Include AI behavior in tabletop exercises. Review logs not just for attacks on AI, but misbehavior by AI. 

Resources 

• Apollo Research: Frontier Models Are Capable of In-Context Scheming (arXiv) 

• Anthropic Claude 4 System Card (PDF) 

• Time Magazine: “When AI Thinks It Will Lose, It Sometimes Cheats” 

• WIRED: Claude 4 Whistleblower Behavior 

• Deception Abilities in Large Language Models (ResearchGate)

#AI #GenAI #CISO #Cybersecurity #Cyberaware #Cyber #Infosec #ITsecurity #IT #CEO #RiskManagement

Retail breaches are back — but they’ve evolved. This isn’t about skimming cards anymore. From ransomware taking down pharmacies to credential stuffing attacks hitting brand loyalty, today’s breaches are about disruption, trust, and third-party exposure. In this episode of Cyberside Chats, hosts Sherri Davidoff and Matt Durrin break down the latest retail breach wave, revisit lessons from the 2013 “Retailgeddon” era, and highlight what every security leader — not just in retail — needs to know today.

 

Key Takeaways

1. Redefine what “sensitive data” means. Names, emails, and access tokens are often more valuable to attackers than payment data.
2. Scrutinize third-party and SaaS access. You can’t protect what you don’t know is exposed.
3. Monitor and protect customer-facing systems. Logging, anomaly detection, and fast response are essential for accounts and APIs — especially when attackers target credentials.
4. Test your incident response plan for downtime. Retail isn’t the only sector where uptime = revenue and lives impacted.

Resources

2025 Verizon Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/

Victoria’s Secret security incident coverage: https://www.bleepingcomputer.com/news/security/victorias-secret-takes-down-website-after-security-incident/

LMG Security: Third-Party Risk Assessments: https://lmgsecurity.com/third-party-risk-assessments/

Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same? 

Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out-of-the-box settings designed for ease, not security, can quietly open the door for attackers—and what security leaders can do today to shut those doors for good. 

Whether you're preparing for your next pentest or hardening your infrastructure against advanced threats, this is a must-watch for CISOs, IT leaders, and anyone responsible for securing Windows networks. 

 

Takeaways: 

1. Eliminate Default Credentials: Regularly audit and replace default logins on network-connected devices, including UPS units, printers, cameras, and other infrastructure. 
2. Harden AD Certificate Services: Review certificate template permissions and AD CS configurations to block known exploitation paths that enable privilege escalation. 
3. Enforce SMB Signing Everywhere: Enable and enforce both client and server SMB signing via Group Policy to prevent authentication relay attacks. 
4. Clean Up File Shares: Scan internal shares for exposed passwords, scripts, and sensitive data, then implement role-based access control by locking down permissions and eliminating unnecessary access.  
5. Disable Legacy Protocols: Turn off LLMNR, NetBIOS, and similar legacy protocols to reduce the risk of spoofing and name service poisoning attacks. 

 

References: 

“Critical Windows Server 2025 DMSA Vulnerability Exposes Enterprises to Domain Compromise” (The Hacker News) 

https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html 

“Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies” (CISA Alert) 

https://www.cisa.gov/news-events/alerts/2025/05/21/russian-gru-cyber-actors-targeting-western-logistics-entities-and-tech-companies 

LMG Security – Penetration Testing Services (Identify weaknesses before attackers do) 

https://www.lmgsecurity.com/services/penetration-testing/ 

What happens to your digital world when you die? In this episode of Cyberside Chats, LMG Security’s Tom Pohl joins the conversation to discuss the often-overlooked cybersecurity and privacy implications of death. From encrypted files and password managers to social media and device access, we’ll explore how to ensure your loved ones can navigate your digital legacy—without needing a password-cracking expert. Learn practical strategies for secure preparation, policy design, and real-world implementation from a security professional’s perspective. 

Takeaways 

1) Take a Digital Inventory of Your Assets 

• Include details like account recovery options, two-factor authentication settings, and related devices. 

• Update the inventory regularly and store it securely. 

• Create a comprehensive list of your digital assets, including accounts, devices, files, cloud services, and subscriptions. 

2) Implement Emergency Access Protocols in Password Managers 

• Use features like 1Password’s Emergency Kit or designate trusted emergency contacts. 

• Store emergency credentials securely (e.g., safe deposit box) and reference in legal documents. 

• Ensure all critical credentials are actually stored in your password manager—don’t leave them in separate notes or documents.

3) Establish a Digital Executor 

• Choose a trusted individual to manage your digital assets after death or incapacitation. 

• Document access instructions and store them securely, such as in an encrypted file with a shared key. 

• Ensure your digital executor knows where these instructions are located—or give them a copy in advance. 

4) Prepare Recovery Access for Critical Devices 

• Ensure recovery keys and PINs for devices (e.g., smartphones, laptops, smart home hubs) are stored securely and can be accessed by designated individuals. 

• Register a Legacy Contact for Apple and other cloud services. 

5) Create a Plan for Your Online Presence 

• Decide whether your social media and email accounts should be memorialized, deleted, or handed over. 

• Use services like Google Inactive Account Manager or Facebook’s Legacy Contact feature. 

6) At Work, Develop Internal Organizational Policies 

• Implement IT procedures for handling the death or incapacity of key personnel. 

• Regularly audit and securely store credentials for essential systems, especially for sole-proprietor scenarios. 

 

References: 

How to Add a Legacy Contact for Your Apple Account: https://support.apple.com/en-us/102631 

Get To Know Your Emergency Kit: https://support.1password.com/emergency-kit/  

Wayne Crowder’s LinkedIn Page: https://www.linkedin.com/in/wcrowder 

Digital Afterlife Planning Checklist: https://www.lmgsecurity.com/resources/digital-afterlife-planning-checklist/ 

#Cybersecurity #Cyberaware #Cyber #DigitalPlanning

In this explosive episode of Cyberside Chats, we dive into one of the most shocking developments in ransomware history—LockBit got hacked. Join us as we unpack the breach of one of the world’s most notorious ransomware-as-a-service gangs. We explore what was leaked, why it matters, and how this leak compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization. Whether you’re an incident responder or just love cyber drama, this episode delivers. 

Takeaways 

• Stay Tuned for Analysis of LockBit’s Dump: The leak could reshape best practices for negotiations and ransom response. More revelations are expected as researchers dive deeper. 

• Plan for Ransomware: LockBit’s sophisticated infrastructure and quick rebound highlight the need for a solid, regularly updated ransomware response plan. 

• Proactive Measures: Defending against modern ransomware requires: 

• • Robust identity and access management 

• • Secure, offline backups 

• • Continuous employee training on phishing 

• • Timely vulnerability patching 

• Collaboration and Intelligence Sharing: Work with peers and participate in threat intelligence networks to stay ahead of attackers. 

• Test Your Web Applications: LockBit’s breach stemmed from a web panel vulnerability. Regular application testing is essential to avoid similar flaws. 

 Don't forget to like and subscribe for more great cybersecurity content!

Resources 

• Conti Leak Background (Wired) – context on how the Conti gang crumbled after its internal files were leaked 

• Operation Cronos Press Release (UK NCA) – 2024 international takedown of LockBit infrastructure 

• LMG Security Blog on Ransomware Response – stay updated with expert analysis and tips 

 #LMGsecurity #CybersideChats #Ransomware #LockBit #Databreach #IT #CISO #Cyberaware #Infosec #ITsecurity

Cybercriminals are exploiting outdated routers to build massive proxy networks that hide malware operations, fraud, and credential theft—right under the radar of enterprise defenses. In this episode, Sherri and Matt unpack the FBI’s May 2025 alert, the role of TheMoon malware, and how the Faceless proxy service industrializes anonymity for hire. Learn how these botnets work, why they matter for your enterprise, and what to do next. 

Takeaways 

• Replace outdated routers 
    End-of-life routers should be identified and replaced across your organization, including remote offices and unmanaged home setups. These devices no longer receive patches and are prime targets for compromise. 

• Restrict remote administration 
    If remote access is needed, tightly control it—limit by IP address, use VPN access, and require MFA. Avoid exposing admin interfaces directly to the internet unless absolutely necessary. 

• Patch and harden infrastructure 
    Apply all available firmware updates and follow vendor security guidance. Where possible, segment or monitor legacy network devices that can’t be immediately replaced. 

• Don’t trust domestic IPs 
    Traffic from domestic or residential IP ranges is no longer inherently safe. Compromised routers make malicious activity appear to come from trusted regions. 

• Add proxy abuse to threat intel 
    Incorporate indicators of compromise from Lumen and FBI alerts into detection rulesets. Treat proxy abuse as a key TTP for credential theft, fraud, and malware C2. 
• Report suspected compromise 
    If you identify affected infrastructure or suspicious traffic, report it to IC3.gov. Include IPs, timestamps, device types, and any supporting forensic detail. 

#CybersideChats #Cybersecurity #Tech #Cyber #CyberAware #CISO #CIO #FBIalert #FBIwarning #Malware #Router

AI isn’t just revolutionizing business—it’s reshaping the threat landscape. Cybercriminals are now weaponizing AI to launch faster, more convincing, and more scalable attacks. From deepfake video scams to LLM-guided exploit development, the new wave of AI-driven cybercrime is already here. 

In this engaging and eye-opening session, Sherri and Matt share how hackers are using AI tools in the wild—often with frightening success. You'll also hear about original research in which we obtained generative AI tools from underground markets, including WormGPT, and tested their ability to identify vulnerabilities and create working exploits. 

You’ll walk away with practical, field-tested defense strategies your team can implement immediately. 

Takeaways: 

• Deploy AI Defensively: Use AI-powered tools for email filtering, behavioral monitoring, and anomaly detection to keep pace with attackers leveraging generative AI for phishing, impersonation, and malware obfuscation. 

• Enhance Executive Protection Protocols: Implement verification procedures for high-risk communications—especially voice and video—to mitigate deepfake and real-time impersonation threats. 

• Prioritize Recon Risk Reduction: Minimize publicly available details about internal systems and personnel, which attackers can scrape and analyze using AI for more targeted and convincing attacks. 

• Adapt Third-Party Risk Management: Update vendor vetting and due diligence processes to ensure your software providers are proactively using AI to identify vulnerabilities, harden code, and detect malicious behaviors early. 

• Train Your Team on AI Threat Awareness: Educate staff on recognizing AI-enhanced phishing, scam scripts, and impersonation attempts—including across multiple languages and perfect grammar. 

• Update Incident Response Plans: Ensure your IR playbooks account for faster-moving threats, including AI-discovered zero-days, synthetic media like deepfakes, and AI-assisted exploit development and targeting. 

 

References: 

• "WormGPT Easily Finds Software Vulnerabilities” https://www.lmgsecurity.com/videos/wormgpt-easily-finds-software-vulnerabilities 

• AI Will Increase the Quantity—and Quality—of Phishing Scams: https://hbr.org/2024/05/ai-will-increase-the-quantity-and-quality-of-phishing-scams 

• A Voice Deepfake Was Used To Scam A CEO Out Of $243,000: https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000 

#ai #aisecurity #aihacks #aihacking #aihack #wormgpt #cybercrime #cyberthreats #ciso #itsecurity 

 

Quantum computing is advancing rapidly—and with it, the potential to break today’s most widely used encryption standards. In this episode of Cyberside Chats, Sherri and Matt cut through the hype to explore the real-world cybersecurity implications of quantum technology. From the looming threat to encryption to the emerging field of post-quantum cryptography, our experts will explain what security pros and IT teams need to know now. You'll walk away with a clear understanding of the risks, timelines, and concrete steps your organization can take today to stay ahead of the curve. 

 

Takeaways & How to Prepare for Quantum Computing: 

1. Map Your Crypto Use Today 
   Inventory where you use RSA, ECC, and digital signatures across your organization. This is the first step toward identifying high-risk systems and planning your migration strategy. 

1. Ask Vendors the Right Questions 
   Engage vendors now about their crypto agility and post-quantum readiness. Don’t wait for them to tell you—ask what they're doing to prepare and when they'll support PQC standards. 

1. Protect Long-Term Confidential Data 
   Identify and secure data that must stay private for 10+ years—think HR records, contracts, financials, and customer data. Make sure it’s encrypted using symmetric methods or stored on platforms that can adopt PQC. 

1. Track PQC Standards and Test Early 
   Keep up with NIST's progress and consider pilot testing PQC tools in non-production environments. Testing now reduces surprises later when standards are finalized. 

1. Start Using Hybrid Crypto Approaches 
   Hybrid protocols combine classical and quantum-safe algorithms. They provide an easy starting point to future-proof encryption while retaining backward compatibility. 

References: 

“NIST Releases First 3 Finalized Post-Quantum Encryption Standards” 

https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards 

“You need to prepare for post-quantum cryptography now. Here’s why” 

https://www.scworld.com/resource/you-need-to-prepare-for-post-quantum-cryptography-now-heres-why 

#cyptography #quantum #quantumcomputing #quantumcomputers #cybersecurity #ciso #securityawareness #cyberaware #cyberawareness