Cyberside Chats: Cybersecurity Insights from the Experts

Why do so many major cyberattacks happen over holiday weekends? In this episode, Sherri and Matt share their own 4th of July anxiety as security professionals—and walk through some of the most infamous attacks timed to exploit long weekends, including the Kaseya ransomware outbreak, the MOVEit breach, and the Bangladesh Bank heist. From retail breaches around Thanksgiving to a cyber hit on Krispy Kreme, they break down what makes holidays such a juicy target—and how to better defend your organization when most of your team is off the clock.

 

Takeaways:

1. Treat Holiday Weekends as Elevated Threat Windows
   Plan and staff accordingly. Threat actors deliberately strike when visibility and response capacity are lowest—your incident response posture should reflect that heightened risk.
2. Establish and Test Off-Hours Response Plans
   Ensure escalation paths, contact protocols, and technical procedures are defined, reachable, and tested for weekends and holidays. On-call responsibilities should be clearly assigned with appropriate backups.
3. Reduce Your Attack Surface and Harden Perimeter Before the Break
   Conduct targeted patching, vulnerability scans, and privilege reviews in the days leading up to any holiday period. Temporarily disable or restrict non-essential access and remote administration rights.
4. Practice Incident Response Tabletop Exercises With Holiday Timing in Mind
   Simulate scenarios that unfold over weekends or during staff absences to uncover timing-based gaps in coverage, decision-making, or escalation. Make sure playbooks account for limited availability and stress-test your team’s ability to respond under real-world holiday constraints.
5. Communicate Expectations Across the Organization and With 3rd Parties
   Brief relevant teams (not just security) on the increased risk. Reinforce secure behaviors, clarify how to report suspicious activity, and keep business units informed about potential delays or escalation protocols. Talk with your MSP and other 3rd party vendors to ensure they have consistent monitoring and know who to contact if there is an incident (and vice versa).

Resources:

• MOVEit Data Breach Timeline – Rapid7
• Kaseya Ransomware Attack Explained – Varonis
• Bangladesh Bank Heist – Darknet Diaries Episode 72
• Tabletop Exercises & Incident Response Planning – LMG Security

#cybersecurity #dfir #incidentresponse #ciso #cybersidechats #cybersecurityleadership #infosec #itsecurity #cyberaware

In June 2025, the White House issued an executive order that quietly eliminated several key federal cybersecurity requirements. In this episode of Cyberside Chats, Sherri and Matt break down exactly what changed—from the removal of secure software attestations to the rollback of authentication requirements—and what remains in place, including post-quantum encryption support and the FTC’s Cyber Trust Mark. We’ll talk about the practical impact for security leaders, why this mirrors past challenges like PCI compliance, and what your organization should do next.

Key Takeaways (for CISOs and Security Leaders)

1. Don’t Drop SBOMs or Attestations — Build Them Into Contracts Anyway
   Even without a federal requirement, insist on SBOMs and secure development attestations in vendor agreements. Transparency reduces your risk.
2. Re-Evaluate Third-Party Software Risk Practices Now
   With no centralized validation, it's up to you to verify vendors' claims. Strengthen your third-party risk management processes accordingly.
3. Watch for Gaps in MFA, Encryption, and Identity Standards
   Don’t assume basic protections are baked in. Federal rollback may signal declining baseline expectations—so enforce your own.
4. Prepare for Industry-Led Enforcement — From Insurers, Buyers, and Info-Sharing Groups
   Expect cyber insurers, large enterprises, ISACs/ISAOs, and professional groups to lead on software transparency. Get ahead by aligning now.

Resources:

1. Full Text of the June 6, 2025 Executive Order: https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144

2. LMG Security: Software Supply Chain Security – Understanding and Mitigating Major Risks: https://www.lmgsecurity.com/software-supply-chain-security-understanding-and-mitigating-major-risks/

3. The Record’s Breakdown: Trump Order Rolls Back Key Federal Cybersecurity Rules: https://therecord.media/trump-cybersecurity-executive-order-june-2025

Forget everything you thought you knew about ransomware. Today’s threat actors aren’t locking your files—they’re stealing your data and threatening to leak it unless you pay up. 

In this episode, we dive into the rise of data-only extortion campaigns and explore why encryption is becoming optional for cybercriminals. From real-world trends like the rebrand of Hunters International to “World Leaks,” to the strategic impact on insurance, PR, and compliance—this is a wake-up call for security teams everywhere. 

If your playbook still ends with “just restore from backup,” you’re not ready. 

 

Takeaways for Security Teams: 

• Rethink detection: Focus on exfiltration, not just malware. 

• Update tabletop exercises: Include public leaks, media scrutiny, and regulatory responses. 

• Review insurance policies: Ensure data-only extortion is covered, not just encryption events. 

• Prepare execs and PR: Modern extortion targets reputation and compliance pressure points. 

Resources & Mentions: 

• https://www.coveware.com/ransomware-quarterly-reports 

• Security Boulevard: Hunters International Rebrands as World Leaks:  

• https://attack.mitre.org/resources/ 

• LMG Security 

Can your AI assistant become a silent data leak? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down EchoLeak, a zero-click exploit in Microsoft 365 Copilot that shows how attackers can manipulate AI systems using nothing more than an email. No clicks. No downloads. Just a cleverly crafted message that turns your AI into an unintentional insider threat. 

They also share a real-world discovery from LMG Security’s pen testing team: how prompt injection was used to extract system prompts and override behavior in a live web application. With examples ranging from corporate chatbots to real-world misfires at Samsung and Chevrolet, this episode unpacks what happens when AI is left untested—and why your security strategy must adapt. 

 

Key Takeaways 

1. Limit and review the data sources your LLM can access—ensure it doesn’t blindly ingest untrusted content like inbound email, shared docs, or web links. 

1. Audit AI integrations for prompt injection risks—treat language inputs like code and include them in standard threat models. 

1. Add prompt injection testing to every web app and email flow assessment, even if you’re using trusted APIs or cloud-hosted models. 

1. Red-team your LLM tools using subtle, natural-sounding prompts—not just obvious attack phrases. 

1. Monitor and restrict outbound links from AI-generated content, and validate any use of CSP-approved domains like Microsoft Teams. 

 

Resources 

• EchoLeak technical breakdown by Aim Security 

• LMG Security Blog: Prompt Injection in Web Apps 

• Chevrolet chatbot tricked into $1 car deal 

• Microsoft 365 Copilot Overview 

#EchoLeak #Cybersecurity #Cyberaware #CISO #Microsoft #Microsoft365 #Copilot #AI #GenAI #AIsecurity #RiskManagement

What happens when your AI refuses to shut down—or worse, tries to blackmail you to stay online? 

Join us for a riveting Cyberside Chats Live as we dig into two chilling real-world incidents: one where OpenAI’s newest model bypassed shutdown scripts during testing, and another where Anthropic’s Claude Opus 4 wrote blackmail messages and threatened users in a disturbing act of self-preservation. These aren’t sci-fi hypotheticals—they’re recent findings from leading AI safety researchers. 
We’ll unpack: 

• The rise of high-agency behavior in LLMs 

• The shocking findings from Apollo Research and Anthropic 

• What security teams must do to adapt their threat models and controls 

• Why trust, verification, and access control now apply to your AI 

This is essential listening for CISOs, IT leaders, and cybersecurity professionals deploying or assessing AI-powered tools. 

Key Takeaways 

1. Restrict model access using role-based controls. 
    Limit what AI systems can see and do—apply the principle of least privilege to prompts, data, and tool integrations. 

1. Monitor and log all AI inputs and outputs. 
    Treat LLM interactions like sensitive API calls: log them, inspect for anomalies, and establish retention policies for auditability. 

1. Implement output validation for critical tasks. 
    Don’t blindly trust AI decisions—use secondary checks, hashes, or human review for rankings, alerts, or workflow actions. 

1. Deploy kill-switches outside of model control. 
    Ensure that shutdown or rollback functions are governed by external orchestration—not exposed in the AI’s own prompt space or toolset. 

1. Add AI behavior reviews to your incident response and risk processes. 
    Red team your models. Include AI behavior in tabletop exercises. Review logs not just for attacks on AI, but misbehavior by AI. 

Resources 

• Apollo Research: Frontier Models Are Capable of In-Context Scheming (arXiv) 

• Anthropic Claude 4 System Card (PDF) 

• Time Magazine: “When AI Thinks It Will Lose, It Sometimes Cheats” 

• WIRED: Claude 4 Whistleblower Behavior 

• Deception Abilities in Large Language Models (ResearchGate)

#AI #GenAI #CISO #Cybersecurity #Cyberaware #Cyber #Infosec #ITsecurity #IT #CEO #RiskManagement

Retail breaches are back — but they’ve evolved. This isn’t about skimming cards anymore. From ransomware taking down pharmacies to credential stuffing attacks hitting brand loyalty, today’s breaches are about disruption, trust, and third-party exposure. In this episode of Cyberside Chats, hosts Sherri Davidoff and Matt Durrin break down the latest retail breach wave, revisit lessons from the 2013 “Retailgeddon” era, and highlight what every security leader — not just in retail — needs to know today.

 

Key Takeaways

1. Redefine what “sensitive data” means. Names, emails, and access tokens are often more valuable to attackers than payment data.
2. Scrutinize third-party and SaaS access. You can’t protect what you don’t know is exposed.
3. Monitor and protect customer-facing systems. Logging, anomaly detection, and fast response are essential for accounts and APIs — especially when attackers target credentials.
4. Test your incident response plan for downtime. Retail isn’t the only sector where uptime = revenue and lives impacted.

Resources

2025 Verizon Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/

Victoria’s Secret security incident coverage: https://www.bleepingcomputer.com/news/security/victorias-secret-takes-down-website-after-security-incident/

LMG Security: Third-Party Risk Assessments: https://lmgsecurity.com/third-party-risk-assessments/

Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same? 

Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out-of-the-box settings designed for ease, not security, can quietly open the door for attackers—and what security leaders can do today to shut those doors for good. 

Whether you're preparing for your next pentest or hardening your infrastructure against advanced threats, this is a must-watch for CISOs, IT leaders, and anyone responsible for securing Windows networks. 

 

Takeaways: 

1. Eliminate Default Credentials: Regularly audit and replace default logins on network-connected devices, including UPS units, printers, cameras, and other infrastructure. 
2. Harden AD Certificate Services: Review certificate template permissions and AD CS configurations to block known exploitation paths that enable privilege escalation. 
3. Enforce SMB Signing Everywhere: Enable and enforce both client and server SMB signing via Group Policy to prevent authentication relay attacks. 
4. Clean Up File Shares: Scan internal shares for exposed passwords, scripts, and sensitive data, then implement role-based access control by locking down permissions and eliminating unnecessary access.  
5. Disable Legacy Protocols: Turn off LLMNR, NetBIOS, and similar legacy protocols to reduce the risk of spoofing and name service poisoning attacks. 

 

References: 

“Critical Windows Server 2025 DMSA Vulnerability Exposes Enterprises to Domain Compromise” (The Hacker News) 

https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html 

“Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies” (CISA Alert) 

https://www.cisa.gov/news-events/alerts/2025/05/21/russian-gru-cyber-actors-targeting-western-logistics-entities-and-tech-companies 

LMG Security – Penetration Testing Services (Identify weaknesses before attackers do) 

https://www.lmgsecurity.com/services/penetration-testing/ 

What happens to your digital world when you die? In this episode of Cyberside Chats, LMG Security’s Tom Pohl joins the conversation to discuss the often-overlooked cybersecurity and privacy implications of death. From encrypted files and password managers to social media and device access, we’ll explore how to ensure your loved ones can navigate your digital legacy—without needing a password-cracking expert. Learn practical strategies for secure preparation, policy design, and real-world implementation from a security professional’s perspective. 

Takeaways 

1) Take a Digital Inventory of Your Assets 

• Include details like account recovery options, two-factor authentication settings, and related devices. 

• Update the inventory regularly and store it securely. 

• Create a comprehensive list of your digital assets, including accounts, devices, files, cloud services, and subscriptions. 

2) Implement Emergency Access Protocols in Password Managers 

• Use features like 1Password’s Emergency Kit or designate trusted emergency contacts. 

• Store emergency credentials securely (e.g., safe deposit box) and reference in legal documents. 

• Ensure all critical credentials are actually stored in your password manager—don’t leave them in separate notes or documents.

3) Establish a Digital Executor 

• Choose a trusted individual to manage your digital assets after death or incapacitation. 

• Document access instructions and store them securely, such as in an encrypted file with a shared key. 

• Ensure your digital executor knows where these instructions are located—or give them a copy in advance. 

4) Prepare Recovery Access for Critical Devices 

• Ensure recovery keys and PINs for devices (e.g., smartphones, laptops, smart home hubs) are stored securely and can be accessed by designated individuals. 

• Register a Legacy Contact for Apple and other cloud services. 

5) Create a Plan for Your Online Presence 

• Decide whether your social media and email accounts should be memorialized, deleted, or handed over. 

• Use services like Google Inactive Account Manager or Facebook’s Legacy Contact feature. 

6) At Work, Develop Internal Organizational Policies 

• Implement IT procedures for handling the death or incapacity of key personnel. 

• Regularly audit and securely store credentials for essential systems, especially for sole-proprietor scenarios. 

 

References: 

How to Add a Legacy Contact for Your Apple Account: https://support.apple.com/en-us/102631 

Get To Know Your Emergency Kit: https://support.1password.com/emergency-kit/  

Wayne Crowder’s LinkedIn Page: https://www.linkedin.com/in/wcrowder 

Digital Afterlife Planning Checklist: https://www.lmgsecurity.com/resources/digital-afterlife-planning-checklist/ 

#Cybersecurity #Cyberaware #Cyber #DigitalPlanning