Cyberside Chats: Cybersecurity Insights from the Experts

Cybercriminals are exploiting outdated routers to build massive proxy networks that hide malware operations, fraud, and credential theft—right under the radar of enterprise defenses. In this episode, Sherri and Matt unpack the FBI’s May 2025 alert, the role of TheMoon malware, and how the Faceless proxy service industrializes anonymity for hire. Learn how these botnets work, why they matter for your enterprise, and what to do next. 

Takeaways 

• Replace outdated routers 
    End-of-life routers should be identified and replaced across your organization, including remote offices and unmanaged home setups. These devices no longer receive patches and are prime targets for compromise. 

• Restrict remote administration 
    If remote access is needed, tightly control it—limit by IP address, use VPN access, and require MFA. Avoid exposing admin interfaces directly to the internet unless absolutely necessary. 

• Patch and harden infrastructure 
    Apply all available firmware updates and follow vendor security guidance. Where possible, segment or monitor legacy network devices that can’t be immediately replaced. 

• Don’t trust domestic IPs 
    Traffic from domestic or residential IP ranges is no longer inherently safe. Compromised routers make malicious activity appear to come from trusted regions. 

• Add proxy abuse to threat intel 
    Incorporate indicators of compromise from Lumen and FBI alerts into detection rulesets. Treat proxy abuse as a key TTP for credential theft, fraud, and malware C2. 

• Report suspected compromise 
    If you identify affected infrastructure or suspicious traffic, report it to IC3.gov. Include IPs, timestamps, device types, and any supporting forensic detail. 

• Replace outdated routers 
  End-of-life routers should be identified and replaced across your organization, including remote offices and unmanaged home setups. These devices no longer receive patches and are prime targets for compromise. 

• Restrict remote administration 
  If remote access is needed, tightly control it—limit by IP address, use VPN access, and require MFA. Avoid exposing admin interfaces directly to the internet unless absolutely necessary. 

• Patch and harden infrastructure 
  Apply all available firmware updates and follow vendor security guidance. Where possible, segment or monitor legacy network devices that can’t be immediately replaced. 

• Don’t trust “clean” IPs 
  Traffic from U.S.-based or residential IP ranges is no longer inherently safe. Compromised routers make malicious activity appear to come from trusted regions. 

• Add proxy abuse to threat intel 
  Incorporate indicators of compromise from Lumen and FBI alerts into detection rulesets. Treat proxy abuse as a key TTP for credential theft, fraud, and malware C2. 

• Report suspected compromise 
  If you identify affected infrastructure or suspicious traffic, report it to IC3.gov. Include IPs, timestamps, device types, and any supporting forensic details.

#CybersideChats #Cybersecurity #Tech #Cyber #CyberAware #CISO #CIO #FBIalert #FBIwarning #Malware #Router

AI isn’t just revolutionizing business—it’s reshaping the threat landscape. Cybercriminals are now weaponizing AI to launch faster, more convincing, and more scalable attacks. From deepfake video scams to LLM-guided exploit development, the new wave of AI-driven cybercrime is already here. 

In this engaging and eye-opening session, Sherri and Matt share how hackers are using AI tools in the wild—often with frightening success. You'll also hear about original research in which we obtained generative AI tools from underground markets, including WormGPT, and tested their ability to identify vulnerabilities and create working exploits. 

You’ll walk away with practical, field-tested defense strategies your team can implement immediately. 

Takeaways: 

• Deploy AI Defensively: Use AI-powered tools for email filtering, behavioral monitoring, and anomaly detection to keep pace with attackers leveraging generative AI for phishing, impersonation, and malware obfuscation. 

• Enhance Executive Protection Protocols: Implement verification procedures for high-risk communications—especially voice and video—to mitigate deepfake and real-time impersonation threats. 

• Prioritize Recon Risk Reduction: Minimize publicly available details about internal systems and personnel, which attackers can scrape and analyze using AI for more targeted and convincing attacks. 

• Adapt Third-Party Risk Management: Update vendor vetting and due diligence processes to ensure your software providers are proactively using AI to identify vulnerabilities, harden code, and detect malicious behaviors early. 

• Train Your Team on AI Threat Awareness: Educate staff on recognizing AI-enhanced phishing, scam scripts, and impersonation attempts—including across multiple languages and perfect grammar. 

• Update Incident Response Plans: Ensure your IR playbooks account for faster-moving threats, including AI-discovered zero-days, synthetic media like deepfakes, and AI-assisted exploit development and targeting. 

References: 

• "WormGPT Easily Finds Software Vulnerabilities” https://www.lmgsecurity.com/videos/wormgpt-easily-finds-software-vulnerabilities 

• AI Will Increase the Quantity—and Quality—of Phishing Scams: https://hbr.org/2024/05/ai-will-increase-the-quantity-and-quality-of-phishing-scams 

• A Voice Deepfake Was Used To Scam A CEO Out Of $243,000: https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000 

#ai #aisecurity #aihacks #aihacking #aihack #wormgpt #cybercrime #cyberthreats #ciso #itsecurity 

Quantum computing is advancing rapidly—and with it, the potential to break today’s most widely used encryption standards. In this episode of Cyberside Chats, Sherri and Matt cut through the hype to explore the real-world cybersecurity implications of quantum technology. From the looming threat to encryption to the emerging field of post-quantum cryptography, our experts will explain what security pros and IT teams need to know now. You'll walk away with a clear understanding of the risks, timelines, and concrete steps your organization can take today to stay ahead of the curve. 

Takeaways & How to Prepare for Quantum Computing: 

1. Map Your Crypto Use Today 
   Inventory where you use RSA, ECC, and digital signatures across your organization. This is the first step toward identifying high-risk systems and planning your migration strategy. 

1. Ask Vendors the Right Questions 
   Engage vendors now about their crypto agility and post-quantum readiness. Don’t wait for them to tell you—ask what they're doing to prepare and when they'll support PQC standards. 

1. Protect Long-Term Confidential Data 
   Identify and secure data that must stay private for 10+ years—think HR records, contracts, financials, and customer data. Make sure it’s encrypted using symmetric methods or stored on platforms that can adopt PQC. 

1. Track PQC Standards and Test Early 
   Keep up with NIST's progress and consider pilot testing PQC tools in non-production environments. Testing now reduces surprises later when standards are finalized. 

1. Start Using Hybrid Crypto Approaches 
   Hybrid protocols combine classical and quantum-safe algorithms. They provide an easy starting point to future-proof encryption while retaining backward compatibility. 

References: 

“NIST Releases First 3 Finalized Post-Quantum Encryption Standards” 

https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards 

“You need to prepare for post-quantum cryptography now. Here’s why” 

https://www.scworld.com/resource/you-need-to-prepare-for-post-quantum-cryptography-now-heres-why 

#cyptography #quantum #quantumcomputing #quantumcomputers #cybersecurity #ciso #securityawareness #cyberaware #cyberawareness

CISA, the U.S. government’s lead cyber defense agency, just took a major financial hit—and the fallout could affect everyone. From layoffs and ISAC cuts to a near-shutdown of the CVE program, these changes weaken critical infrastructure for cyber defense. In this episode of Cyberside Chats, we unpack what’s been cut, how it impacts proactive services like free risk assessments and scanning, and what your organization should do to stay ahead. 

Takeaways: 

• Don’t wait for Washington—assume support from CISA and ISACs may be slower or scaled back. 

• Map your dependencies on CISA services and plan alternatives for scans, intel, and assessments. 

• Budget for gaps—prepare to replace free services with commercial or internal resources. 

• Subscribe to non-government threat intelligence feeds and monitor them regularly. 

• Prioritize and prepare your response to zero-days and software exploits, knowing CVE and intel delays give attackers more time. 

• Build local and sector connections to share threat info informally if national channels slow down. 

Resources: 

MITRE CVE Program - The central hub for CVE IDs, program background, and tracking published vulnerabilities. 
https://www.cve.org 

The CVE Foundation: https://www.thecvefoundation.org/home  

LMG Security Vulnerability Scanning: https://www.lmgsecurity.com/services/testing/vulnerability-scans 

#cybersecurity #cyber #CVE #riskmanagement #infosec #ciso #security

When a company built on sensitive data collapses, what happens to the information it collected? In this episode of Cyberside Chats, we examine 23andMe’s data breach, its March 2025 bankruptcy, and the uncomfortable parallels with the 2009 Flyclear shutdown. What happens to biometric or genetic data when a vendor goes under? What protections failed—and what should corporate security leaders do differently? 

Drawing from past and present breaches, we offer a roadmap for corporate resilience. Learn practical steps for protecting your data when your vendors can’t protect themselves. 

#Cybersecurity #Databreach #23andMe #CISO #IT #ITsecurity #infosec #DFIR #Privacy #RiskManagement

Unauthorized communication platforms—aka shadow channels—are increasingly used within enterprise and government environments, as demonstrated by the recent Signal scandal. In this week's episode of Cyberside Chats, special guest Karen Sprenger, COO at LMG Security, joins Matt Durrin to delve into the critical issue of shadow IT, focusing on recent controversies involving unauthorized communication tools like Signal and Gmail in sensitive governmental contexts. Matt and Karen discuss the risks associated with consumer-grade apps in enterprise environments, the need to balance usability and security, and how organizations can better manage their communication tools to mitigate these risks.

This episode will cover:

• What platforms like Signal offer—and their limitations in enterprise settings.

• Why users bypass official channels and how it leads to compliance failures.

• Real-world implications from recent incidents, including U.S. officials using unsecured communication tools.

• The broader shadow IT landscape and why it’s a pressing issue for security leaders.

Join us in exploring the headlines and takeaways that can help organizations avoid similar pitfalls!

#Cybersecurity #ShadowChannels #CybersideChats #UnauthorizedPlatforms #Signal #DataLeaks #Compliance #Infosec #ShadowIT #IT #Cyber #Cyberaware ETech #CISO

Governments are pushing for encryption backdoors—but at what cost? In this episode of Cyberside Chats, we break down Apple’s fight against the UK’s demands, the global backlash, and what it means for cybersecurity professionals. Are backdoors a necessary tool for law enforcement, or do they open the floodgates for cybercriminals? Join us as we explore real-world risks, historical backdoor failures, and what IT leaders should watch for in evolving encryption policies.

Stay informed about how these developments affect corporate data privacy and the evolving landscape of cybersecurity legislation. A must-watch for anyone interested in understanding the complex interplay between technology, privacy, and government control.

#cyberthreats #encryptedcommunications #Apple #encryption #encryptionbackdoors #cybersecurity

AI-generated deepfakes and voice phishing attacks are rapidly evolving, tricking even the most tech-savvy professionals. In this episode of Cyberside Chats, we break down real-world cases where cybercriminals used deepfake videos, voice clones, and trusted platforms like YouTube, Google, and Apple to bypass security defenses. Learn how these scams work and what IT and security leaders can do to protect their organizations. 

Takeaways: 

• Educate Staff on Deep Fake & Voice Cloning Threats – Train employees to recognize red flags in AI-generated phishing attempts, including voice calls that sound slightly robotic, rushed password reset requests, and unexpected changes in vendor communications. 

• Verify Before You Trust – Encourage employees to independently verify unexpected requests, even if they appear to come from trusted platforms (e.g., YouTube, Apple, Google). Use known contacts, not the contact information in the suspicious message. 

• Strengthen MFA Policies – Require phishing-resistant MFA methods (e.g., FIDO2 security keys) and educate users on MFA fatigue attacks, where criminals bombard them with authentication requests to wear them down. 

• Limit Publicly Available Information – Reduce exposure by minimizing executives' and employees' personal and professional information online, as attackers use this data to create convincing deepfakes and social engineering schemes. 
• Monitor Trusted Platforms for Abuse – Attackers are exploiting YouTube, Google Forms, and other legitimate services to distribute phishing content. Set up alerts and regularly review security logs for unusual access attempts or fraudulent messages. 

Tune in to understand the impact of digital deception and discover practical steps to safeguard against these innovative yet insidious attacks affecting individuals and businesses alike.

#Deepfakes #Phishing #SocialEngineering #CISO #Cyberattacks #VoicePhishing #Cybersecurity #VoiceCloning #CybersideChats