Shows
Cyberside Chats: Cybersecurity Insights from the ExpertsAmazon's Warning: The New Reality of Initial AccessAmazon released two security disclosures in the same week — and together, they reveal how modern attackers are getting inside organizations without breaking in.
One case involved a North Korean IT worker who entered Amazon’s environment through a third-party contractor and was detected through subtle behavioral anomalies rather than malware. The other detailed a years-long Russian state-sponsored campaign that shifted away from exploits and instead abused misconfigured edge devices and trusted infrastructure to steal and replay credentials.
Together, these incidents show how nation-state attackers are increasingly blending into human and technical systems that organizations already trus...
2025-12-3015 minCyberside Chats: Cybersecurity Insights from the ExpertsAI Broke Trust: Identity Has to Step Up in 2026AI has supercharged phishing, deepfakes, and impersonation attacks—and 2025 proved that our trust systems aren’t built for this new reality. In this episode, Sherri and Matt break down the #1 change every security program needs in 2026: dramatically improving identity and authentication across the organization.
We explore how AI blurred the lines between legitimate and malicious communication, why authentication can no longer stop at the login screen, and where organizations must start adding verification into everyday workflows—from IT support calls to executive requests and financial approvals.
Plus, we discuss what “next-generation” user training looks like when employees can no lon...
2025-12-2332 minCyberside Chats: Cybersecurity Insights from the ExpertsThe 5 New-ish Microsoft Security Features to Roll Out in 2026Microsoft is rolling out a series of new-ish security features across Microsoft 365 in 2026 — and these updates are no accident. They’re direct responses to how attackers are exploiting collaboration tools like Teams, Slack, Zoom, and Google Chat. In this episode, Sherri and Matt break down the five features that matter most, why they’re happening now, and how every organization can benefit from these lessons, even if you’re not a Microsoft shop.
We explore the rise of impersonation attacks inside collaboration platforms, the security implications of AI copilots like Microsoft Copilot and Gemini, and why identity boundarie...
2025-12-1620 minCyberside Chats: Cybersecurity Insights from the ExpertsThe Extension That Spied on You: Inside ShadyPanda’s 7-Year AttackA massive 7-year espionage campaign hid in plain sight. Harmless Chrome and Edge extensions — wallpaper tools, tab managers, PDF converters — suddenly flipped into full surveillance implants, impacting more than 4.3 million users. In this episode, we break down how ShadyPanda built trust over years, then weaponized auto-updates to steal browsing history, authentication tokens, and even live session cookies. We’ll walk through the timeline, what data was stolen, why session hijacking makes this attack so dangerous, and the key steps security leaders must take now to prevent similar extension-based compromises.
Key Takeaways
Audit and restrict browser extensions across t...
2025-12-0920 minCyberside Chats: Cybersecurity Insights from the ExpertsInside Jobs: How CrowdStrike, DigitalMint & Tesla Got BurnedInsider threats are accelerating across every sector. In this episode, Sherri and Matt unpack the CrowdStrike insider leak, the two DigitalMint employees indicted for BlackCat ransomware activity, and Tesla’s multi-year insider incidents ranging from nation-state bribery to post-termination extortion. They also examine the 2025 crackdown on North Korean operatives who used stolen identities and deepfake interviews to get hired as remote workers inside U.S. companies. Together, these cases reveal how attackers are buying, recruiting, impersonating, and embedding insiders — and why organizations must rethink how they detect and manage trusted access.
Key Takeaways
Build a cultu...
2025-12-0223 minCyberside Chats: Cybersecurity Insights from the ExpertsMade in China—Hacked Everywhere?From routers to office cameras to employee phones and even the servers running your network, Chinese-manufactured components are everywhere—including throughout your own organization. In this live Cyberside Chats, we’ll explore how deeply these devices are embedded in modern infrastructure and what that means for cybersecurity, procurement, and third-party risk.
We’ll break down new government warnings about hidden communication modules, rogue firmware, and “ghost devices” in imported tech—and how even trusted brands may ship products with risky components. Most importantly, we’ll share what you can do right now to identify exposure, strengthen procurement and third-party...
2025-11-2525 minCyberside Chats: Cybersecurity Insights from the ExpertsHoliday Hackers—The 2025 AI Fraud BoomHackers are using AI to supercharge holiday scams—flooding the web with fake ads, phishing pages, and credential-stealing bots. This season, researchers predict a record spike in automated attacks and malvertising campaigns that blur the line between human and machine. Sherri Davidoff and Matt Durrin break down what’s new this holiday season—from AI-generated phishing kits and bot-driven account takeovers to the rise of prebuilt “configs” for credential stuffing. We used WormGPT to produce a ready-to-run holiday phishing page—a proof-of-concept that demonstrates how quickly scammers can launch these attacks with evil AI tools. This episode reveals how personal hab...
2025-11-1814 minCyberside Chats: Cybersecurity Insights from the ExpertsLOUVRE Was the Password?! Cybersecurity Lessons from the HeistWhen thieves pulled off a lightning-fast heist at the Louvre on October 19, 2025, the world focused on the stolen jewels. But leaked audit reports soon revealed another story — one of weak passwords, legacy systems, and a decade of ignored warnings.
In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the cybersecurity lessons behind the Louvre’s seven-minute robbery. They explore how outdated infrastructure, poor vendor oversight, and default credentials mirror the same risks plaguing modern organizations — from hospitals to banks.
Listen as Sherri and Matt connect the dots between a world-famous museum and your...
2025-11-1117 minCyberside Chats: Cybersecurity Insights from the ExpertsPoisoned Search: How Hackers Turn Google Results into BackdoorsAttackers are poisoning search results and buying sponsored ads to push malware disguised as trusted software. In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake Microsoft Teams installers. Learn how these attacks exploit everyday user behavior, why they’re so effective, and what your organization can do to stop them.
Whether you’re a security leader, risk manager, or seasoned IT pro, you’ll walk away with clear, practical steps to reduce exposure and strengthen your defenses against the poisone...
2025-11-0421 minCyberside Chats: Cybersecurity Insights from the ExpertsThe AWS Outage and Hidden Fourth-Party RisksWhen Amazon Web Services went down on October 20, 2025, the impact rippled around the world. The outage knocked out Slack messages, paused financial trades, grounded flights, and even stopped people from charging their electric cars. From Coinbase to college classrooms, from food delivery apps to smart homes, millions discovered just how deeply their lives depend on a single cloud provider.
In this episode, Sherri Davidoff and Matt Durrin break down what really happened inside AWS’s U.S.-East-1 region, why one glitch in a database called DynamoDB cascaded across the globe, and what it teaches us about the...
2025-10-2814 minCyberside Chats: Cybersecurity Insights from the ExpertsRansomware in the Fast Lane: Lessons from the Jaguar Land Rover AttackWhen ransomware forced Jaguar Land Rover to halt production for six weeks, the impact rippled through global supply chains — from luxury car lines to small suppliers fighting to stay afloat. In this episode, Sherri Davidoff and Matt Durrin examine what happened, why manufacturing has become ransomware’s top target, and what new data from Sophos and Black Kite reveal about the latest attack trends.
They share practical insights on how organizations can strengthen resilience, secure supply chains, and prepare for the next wave of operational ransomware attacks.
Key Takeaways
Patch and prioritize.
Focu...
2025-10-2119 minCyberside Chats: Cybersecurity Insights from the ExpertsThe Power of “Why” – Communicating Cybersecurity EffectivelyIn this episode of Cyberside Chats, Matt Durrin and his guest explore what makes cybersecurity communication effective — whether you’re leading a sales presentation, a training session, or a tabletop exercise. The discussion dives into how to move beyond technical jargon and statistics to tell stories that resonate. Listeners will learn how understanding and communicating the “why” behind security practices can dramatically improve engagement, retention, and impact across any audience.
Top Takeaways
Lead With Why: Start with impact and consequences before discussing tools or features.
Use Stories, Not Just Stats: Connect technical points to human exp...
2025-10-1424 minCyberside Chats: Cybersecurity Insights from the ExpertsShutdown Fallout: The Cybersecurity Information Sharing Act ExpiresWhen the government shut down, the Cybersecurity Information Sharing Act of 2015 expired with it. That law provided liability protections for cyber threat information sharing and underpinned DHS’s Automated Indicator Sharing (AIS) program, which costs about $1M a month to run. Is it worth the cost? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the value of public-private information sharing, the uncertain future of AIS, and how cybersecurity leaders should adapt as visibility gaps emerge. Along the way, they share a real-world story of how information sharing stopped a ransomware attack in its tracks — and...
2025-10-0717 minCyberside Chats: Cybersecurity Insights from the ExpertsInside the Spider’s Web: What Indictments Reveal About Scattered SpiderScattered Spider is back in the headlines, with two recent arrests — Thalha Jubair in the UK and a teenager in Nevada — bringing fresh attention to one of the most disruptive cybercriminal crews today. But the real story is in the indictments: they offer a rare inside look at the group’s structure, their victims, and the mistakes that led law enforcement to track them down. In this episode, Sherri Davidoff and Matt Durrin break down what the indictments reveal about Scattered Spider’s tactics, roles, and evolution, and what defenders can learn from these cases.
Key Takeaways:
Lock d...
2025-09-3019 minCyberside Chats: Cybersecurity Insights from the ExpertsVibe Hacking: The Dark Side of AI CodingWhat happens when the same AI tools that make coding easier also give cybercriminals new powers? In this episode of Cyberside Chats Live, we explore the rise of “vibe coding” and its darker twin, “vibe hacking.” You’ll learn how AI is reshaping software development, how attackers are turning those vibes into cybercrime, and what it means for the future of security.
Key Takeaways
Establish ground rules for AI use
Even if you don’t have developers, employees may experiment with AI tools. Set a policy for how (or if) AI can be used for coding, auto...
2025-09-2327 minCyberside Chats: Cybersecurity Insights from the ExpertsThe Saga Continues: More Dirt on the Salesforce–Drift BreachWhen we first covered the Salesforce–Drift breach, we knew it was bad. Now it’s clear the impact is even bigger. Hundreds of organizations — including Cloudflare, Palo Alto Networks, Zscaler, Proofpoint, Rubrik, and even financial firms like Wealthsimple — have confirmed they were affected. The root cause? A compromised GitHub account that opened the door to Drift’s AWS environment and gave attackers access to Salesforce and other cloud integrations.
In Part 2, Sherri Davidoff and Matt Durrin dig into the latest updates: what’s new in the investigation, why more victim disclosures are coming, and how the GitHub compro...
2025-09-1616 minCyberside Chats: Cybersecurity Insights from the ExpertsConnected App, Connected Risk: The Salesforce–Drift IncidentA single weak app integration opened the door for attackers to raid data from some of the world’s largest companies. Salesforce environments were hit hardest—with victims like Cloudflare, Palo Alto Networks, and Zscaler—but the blast radius also reached other SaaS platforms, including Google Workspace. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down the Salesforce–Drift breach: how OAuth tokens became skeleton keys, why media headlines about billions of Gmail users were wrong, and what organizations need to do to protect themselves from similar supply chain attacks.
Key Takeaways
Ensure Ven...
2025-09-0913 minCyberside Chats: Cybersecurity Insights from the ExpertsBetrayal, Backdoors, and Payback: When Hackers Become the HackedHackers aren’t untouchable—and sometimes, they become the victims. From North Korean operatives getting exposed at DEF CON, to ransomware gangs like Conti and LockBit crumbling under betrayal and rival leaks, the underground is full of double-crosses and takedowns. Now, Congress is even debating whether to bring back “letters of marque” to authorize cyber privateers to hack back on behalf of the United States. Join LMG Security’s Sherri Davidoff and Matt Durrin for a fast-paced discussion of headline cases, the lessons defenders can learn from these leaks, and what the future of hacker-on-hacker warfare could mean for your organ...
2025-09-0228 minCyberside Chats: Cybersecurity Insights from the ExpertsPrinter Problems: Trump, Putin, and a Costly MistakeOn the eve of the Trump–Putin summit, sensitive U.S. State Department documents were left sitting in a hotel printer in Anchorage. Guests stumbled on pages detailing schedules, contacts, and even a gift list—sparking international headlines and White House mockery.
But the real story isn’t just about geopolitics. It’s about how unmanaged printers—at hotels, in home offices, and everywhere in between—remain one of the most overlooked backdoors for data leaks. In this episode of Cyberside Chats, Sherri and Matt unpack the Alaska incident, explore why printers are still a weak spot in the age of...
2025-08-2615 minCyberside Chats: Cybersecurity Insights from the ExpertsMass Salesforce Hacks: How Criminals Are Targeting the Cloud Supply ChainA wave of coordinated cyberattacks has hit Salesforce customers across industries and continents, compromising millions of records from some of the world’s most recognized brands — including Google, Allianz Life, Qantas, LVMH, and even government agencies.
In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down how the attackers pulled off one of the most sweeping cloud compromise campaigns in recent memory — using no zero-day exploits, just convincing phone calls, malicious connected apps, and gaps in cloud supply chain security.
We’ll explore the attack timeline, parallels to the Snowflake breaches, ties to the Sca...
2025-08-1914 minCyberside Chats: Cybersecurity Insights from the ExpertsNorth Korea’s Deepfake Remote Workers: How They’re Getting Inside U.S. CompaniesOn National Social Engineering Day, we’re pulling the lid off one of the most dangerous insider threat campaigns in the world — North Korea’s fake remote IT worker program.
Using AI-generated résumés, real-time deepfake interviews, and U.S.-based “laptop farms,” DPRK operatives are gaining legitimate employment inside U.S. companies — funding nuclear weapons programs and potentially opening doors to cyber espionage.
We’ll cover the recent U.S. sanctions, the Christina Chapman laptop farm case, and the latest intelligence from CrowdStrike on FAMOUS CHOLLIMA — plus, we’ll give you specific, actionable ways to harden your hi...
2025-08-1214 minCyberside Chats: Cybersecurity Insights from the ExpertsThe Amazon Q AI Hack: A Wake-Up Call for Developer Tool SecurityA silent compromise, nearly a million developers affected, and no one at Amazon knew for six days. In this episode of Cyberside Chats, we’re diving into the Amazon Q AI Hack, a shocking example of how vulnerable our software development tools have become.
Join hosts Sherri Davidoff and Matt Durrin as they unpack how a misconfigured GitHub token allowed a hacker to inject destructive AI commands into a popular developer tool. We’ll walk through exactly what happened, how GitHub security missteps enabled the attack, and why this incident is a critical wake-up call for supply chai...
2025-08-0521 minCyberside Chats: Cybersecurity Insights from the ExpertsIran’s Cyber Surge: Attacks Intensify in 2025Iranian cyber operations have sharply escalated in 2025, targeting critical infrastructure, defense sectors, and global businesses—especially those linked to Israel and the U.S. From destructive malware and coordinated DDoS attacks to sophisticated hack-and-leak campaigns leveraging generative AI, Iranian threat actors are rapidly evolving. Join us to explore their latest tactics, notable incidents, and essential strategies to defend your organization.
Hosts Sherri Davidoff and Matt Durrin break down wiper malware trends, AI-powered phishing, the use of deepfakes for psychological operations, and the critical role of patching and MFA in protecting against collateral damage.
Key Takeaways for C...
2025-07-2928 minCyberside Chats: Cybersecurity Insights from the ExpertsLeaked and Loaded: DOGE’s API Key CrisisOn July 13, 2025, a developer at the Department of Government Efficiency—DOGE—accidentally pushed a private xAI API key to GitHub. That key unlocked access to 52 unreleased LLMs, including Grok‑4‑0709, and remained active long after discovery.
In this episode of Cyberside Chats, we examine how a single leaked credential became a national-level risk—and how it mirrors broader API key exposures at BeyondTrust and across GitHub. LMG Security’s Director of Penetration Testing, Tom Pohl, shares red team insights on how embedded secrets give attackers a foothold—and what CISOs must do now to reduce their exposure.
Key T...
2025-07-2215 minCyberside Chats: Cybersecurity Insights from the ExpertsHoliday Horror Stories: Why Hackers Love Long WeekendsWhy do so many major cyberattacks happen over holiday weekends? In this episode, Sherri and Matt share their own 4th of July anxiety as security professionals—and walk through some of the most infamous attacks timed to exploit long weekends, including the Kaseya ransomware outbreak, the MOVEit breach, and the Bangladesh Bank heist. From retail breaches around Thanksgiving to a cyber hit on Krispy Kreme, they break down what makes holidays such a juicy target—and how to better defend your organization when most of your team is off the clock.
Takeaways:
Treat Holiday Weekends as Eleva...
2025-07-1522 minCyberside Chats: Cybersecurity Insights from the ExpertsFederal Cybersecurity Rollbacks: What Got Cut—And What Still StandsIn June 2025, the White House issued an executive order that quietly eliminated several key federal cybersecurity requirements. In this episode of Cyberside Chats, Sherri and Matt break down exactly what changed—from the removal of secure software attestations to the rollback of authentication requirements—and what remains in place, including post-quantum encryption support and the FTC’s Cyber Trust Mark. We’ll talk about the practical impact for security leaders, why this mirrors past challenges like PCI compliance, and what your organization should do next.
Key Takeaways (for CISOs and Security Leaders)
Don’t Drop SBOMs or Attestations — Build Them I...
2025-07-0819 minCyberside Chats: Cybersecurity Insights from the ExpertsNo Lock, Just LeakForget everything you thought you knew about ransomware. Today’s threat actors aren’t locking your files—they’re stealing your data and threatening to leak it unless you pay up.
In this episode, we dive into the rise of data-only extortion campaigns and explore why encryption is becoming optional for cybercriminals. From real-world trends like the rebrand of Hunters International to “World Leaks,” to the strategic impact on insurance, PR, and compliance—this is a wake-up call for security teams everywhere.
If your playbook still ends with “just restore from backup,” you’re not ready.
2025-07-0114 minCyberside Chats: Cybersecurity Insights from the ExpertsThe AI Insider Threat: EchoLeak and the Rise of Zero-Click ExploitsCan your AI assistant become a silent data leak? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down EchoLeak, a zero-click exploit in Microsoft 365 Copilot that shows how attackers can manipulate AI systems using nothing more than an email. No clicks. No downloads. Just a cleverly crafted message that turns your AI into an unintentional insider threat.
They also share a real-world discovery from LMG Security’s pen testing team: how prompt injection was used to extract system prompts and override behavior in a live web application. With examples ranging from corporate chatbots to...
2025-06-2413 minCyberside Chats: Cybersecurity Insights from the ExpertsWhen AI Goes Rogue: Blackmail, Shutdowns, and the Rise of High-Agency MachinesWhat happens when your AI refuses to shut down—or worse, tries to blackmail you to stay online?
Join us for a riveting Cyberside Chats Live as we dig into two chilling real-world incidents: one where OpenAI’s newest model bypassed shutdown scripts during testing, and another where Anthropic’s Claude Opus 4 wrote blackmail messages and threatened users in a disturbing act of self-preservation. These aren’t sci-fi hypotheticals—they’re recent findings from leading AI safety researchers.
We’ll unpack:
The rise of high-agency behavior in LLMs
The shocking findings from Apollo Research and Anthropic
What...
2025-06-1726 minCyberside Chats: Cybersecurity Insights from the ExpertsRetailgeddon Reloaded: Beyond Card Theft, Into ChaosRetail breaches are back — but they’ve evolved. This isn’t about skimming cards anymore. From ransomware taking down pharmacies to credential stuffing attacks hitting brand loyalty, today’s breaches are about disruption, trust, and third-party exposure. In this episode of Cyberside Chats, hosts Sherri Davidoff and Matt Durrin break down the latest retail breach wave, revisit lessons from the 2013 “Retailgeddon” era, and highlight what every security leader — not just in retail — needs to know today.
Key Takeaways
Redefine what “sensitive data” means. Names, emails, and access tokens are often more valuable to attackers than payment data.
Sc...
2025-06-1017 minCyberside Chats: Cybersecurity Insights from the ExpertsHow Hackers Get In: Penetration Testing Secrets from the Front LineThink your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same?
Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out...
2025-06-0326 minCyberside Chats: Cybersecurity Insights from the ExpertsAfterlife Access: Cybersecurity Planning for When You’re GoneWhat happens to your digital world when you die? In this episode of Cyberside Chats, LMG Security’s Tom Pohl joins the conversation to discuss the often-overlooked cybersecurity and privacy implications of death. From encrypted files and password managers to social media and device access, we’ll explore how to ensure your loved ones can navigate your digital legacy—without needing a password-cracking expert. Learn practical strategies for secure preparation, policy design, and real-world implementation from a security professional’s perspective.
Takeaways
1) Take a Digital Inventory of Your Assets
Include details like account recovery options, tw...
2025-05-2716 minCyberside Chats: Cybersecurity Insights from the ExpertsThe LockBit Leak: When Hackers Get a Taste of Their Own MedicineIn this explosive episode of Cyberside Chats, we dive into one of the most shocking developments in ransomware history—LockBit got hacked. Join us as we unpack the breach of one of the world’s most notorious ransomware-as-a-service gangs. We explore what was leaked, why it matters, and how this leak compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization. Whether you’re an incident responder or just love cyber drama, this episode delivers.
Takeaways
Stay Tuned for Analysis of LockB...
2025-05-2012 minCyberside Chats: Cybersecurity Insights from the ExpertsNetwork for Rent: The Criminal Market Built on Outdated RoutersCybercriminals are exploiting outdated routers to build massive proxy networks that hide malware operations, fraud, and credential theft—right under the radar of enterprise defenses. In this episode, Sherri and Matt unpack the FBI’s May 2025 alert, the role of TheMoon malware, and how the Faceless proxy service industrializes anonymity for hire. Learn how these botnets work, why they matter for your enterprise, and what to do next.
Takeaways
Replace outdated routers
End-of-life routers should be identified and replaced across your organization, including remote offices and unmanaged home setups. These devices no longer receive patches and are...
2025-05-1309 minCyberside Chats: Cybersecurity Insights from the ExpertsHacker AI: Smarter Attacks, Faster Exploits, Higher StakesAI isn’t just revolutionizing business—it’s reshaping the threat landscape. Cybercriminals are now weaponizing AI to launch faster, more convincing, and more scalable attacks. From deepfake video scams to LLM-guided exploit development, the new wave of AI-driven cybercrime is already here.
In this engaging and eye-opening session, Sherri and Matt share how hackers are using AI tools in the wild—often with frightening success. You'll also hear about original research in which we obtained generative AI tools from underground markets, including WormGPT, and tested their ability to identify vulnerabilities and create working exploits.
You’ll wal...
2025-05-0619 minCyberside Chats: Cybersecurity Insights from the ExpertsQuantum Shift: How Cybersecurity Must Evolve NowQuantum computing is advancing rapidly—and with it, the potential to break today’s most widely used encryption standards. In this episode of Cyberside Chats, Sherri and Matt cut through the hype to explore the real-world cybersecurity implications of quantum technology. From the looming threat to encryption to the emerging field of post-quantum cryptography, our experts will explain what security pros and IT teams need to know now. You'll walk away with a clear understanding of the risks, timelines, and concrete steps your organization can take today to stay ahead of the curve.
Takeaways & How to Pre...
2025-04-2920 minCyberside Chats: Cybersecurity Insights from the ExpertsRed Alert: CISA's Budget Cuts and the Fallout for DefendersCISA, the U.S. government’s lead cyber defense agency, just took a major financial hit—and the fallout could affect everyone. From layoffs and ISAC cuts to a near-shutdown of the CVE program, these changes weaken critical infrastructure for cyber defense. In this episode of Cyberside Chats, we unpack what’s been cut, how it impacts proactive services like free risk assessments and scanning, and what your organization should do to stay ahead.
Takeaways:
Don’t wait for Washington—assume support from CISA and ISACs may be slower or scaled back.
Map your dependencies on CISA services...
2025-04-2216 minCyberside Chats: Cybersecurity Insights from the Experts23andMe: Breaches, Bankruptcy, and SecurityWhen a company built on sensitive data collapses, what happens to the information it collected? In this episode of Cyberside Chats, we examine 23andMe’s data breach, its March 2025 bankruptcy, and the uncomfortable parallels with the 2009 Flyclear shutdown. What happens to biometric or genetic data when a vendor goes under? What protections failed—and what should corporate security leaders do differently?
Drawing from past and present breaches, we offer a roadmap for corporate resilience. Learn practical steps for protecting your data when your vendors can’t protect themselves.
#Cybersecurity #Databreach #23andMe #CISO #IT #ITsecurit...
2025-04-1513 minCyberside Chats: Cybersecurity Insights from the Experts"Unmasking Shadow IT: Navigating Unauthorized Communication Tools Like Signal"Unauthorized communication platforms—aka shadow channels—are increasingly used within enterprise and government environments, as demonstrated by the recent Signal scandal. In this week's episode of Cyberside Chats, special guest Karen Sprenger, COO at LMG Security, joins Matt Durrin to delve into the critical issue of shadow IT, focusing on recent controversies involving unauthorized communication tools like Signal and Gmail in sensitive governmental contexts. Matt and Karen discuss the risks associated with consumer-grade apps in enterprise environments, the need to balance usability and security, and how organizations can better manage their communication tools to mitigate these risks.
This...
2025-04-0817 minCyberside Chats: Cybersecurity Insights from the ExpertsThe Encryption Battle: Security Savior or Cyber Risk?Governments are pushing for encryption backdoors—but at what cost? In this episode of Cyberside Chats, we break down Apple’s fight against the UK’s demands, the global backlash, and what it means for cybersecurity professionals. Are backdoors a necessary tool for law enforcement, or do they open the floodgates for cybercriminals? Join us as we explore real-world risks, historical backdoor failures, and what IT leaders should watch for in evolving encryption policies.
Stay informed about how these developments affect corporate data privacy and the evolving landscape of cybersecurity legislation. A must-watch for anyone interested in unders...
2025-04-0125 minCyberside Chats: Cybersecurity Insights from the ExpertsDeepfakes & Voice Phishing: The New Frontier of CybercrimeAI-generated deepfakes and voice phishing attacks are rapidly evolving, tricking even the most tech-savvy professionals. In this episode of Cyberside Chats, we break down real-world cases where cybercriminals used deepfake videos, voice clones, and trusted platforms like YouTube, Google, and Apple to bypass security defenses. Learn how these scams work and what IT and security leaders can do to protect their organizations.
Takeaways:
Educate Staff on Deep Fake & Voice Cloning Threats – Train employees to recognize red flags in AI-generated phishing attempts, including voice calls that sound slightly robotic, rushed password reset requests, and unexpected changes in vend...
2025-03-2513 minCyberside Chats: Cybersecurity Insights from the ExpertsWiretapped: How Hackers Infiltrated Global Telecom NetworksRecent telecom breaches have exposed a critical security risk for businesses everywhere. Nation-state hackers and cybercriminals are stealing metadata, tracking high-profile targets, and even intercepting calls—all without breaking into corporate networks. In this episode, we analyze major telecom hacks, including the Salt Typhoon breach, and share practical strategies for IT leaders to protect their organizations from targeted attacks using telecom data.
Key Takeaways:
Strengthen authentication for financial transactions. Don’t rely on the phone!
Train staff to recognize spoofed calls and phishing texts that mimic trusted partners. Stay aware – assume telecom metadata can be weaponized
Limit what...
2025-03-1814 minCyberside Chats: Cybersecurity Insights from the ExpertsWhen Microsoft Goes Down: Cyber Risk & ResilienceThe March 2025 Microsoft Outlook outage left thousands of organizations scrambling. But this wasn’t just an isolated event—recent outages from CrowdStrike, AT&T, and UK banks highlight the systemic risks businesses face. In this episode, we break down the latest Microsoft outage, discuss its impact on cyber insurance, and provide actionable steps to help organizations reduce the risk of business disruption.
Join Sherri Davidoff and Matt Durrin as they discuss the broader implications of such outages, emphasizing the importance of effective risk management, especially for organizations heavily reliant on cloud services.
Actionable Takeaways:
Develop a Comm...
2025-03-1114 minCyberside Chats: Cybersecurity Insights from the ExpertsAbandoned S3 Buckets – A Goldmine for HackersDo you think your old cloud storage is harmless? Think again. This week on Cyberside Chats, Sherri and Matt dive into shocking new research from Watchtowr that reveals how hackers can take over abandoned Amazon S3 buckets—and use them to infiltrate government agencies, Fortune 500 companies, and critical infrastructure. We’ll break down real-world examples of how this risk can be exploited, including malware-laced software updates, hijacked VPN configurations, and compromised open-source dependencies. Plus, we’ll share practical strategies to protect your organization from this growing cybersecurity threat!
Links & Resources:
Watchtowr’s Research on Abandoned S3 Buckets...
2025-03-0425 minCyberside Chats: Cybersecurity Insights from the ExpertsRansomware Watch: Ghost, RansomHub, and the Latest TrendsIn this episode of Cyberside Chats, we dive into the world of ransomware, focusing on the notorious Ghost Ransomware Gang. Recently flagged by the FBI and CISA, Ghost has targeted organizations in over 70 countries. We explore their methods of infiltration, with a spotlight on outdated software vulnerabilities, and discuss how organizations can fortify their defenses.
We'll also provide insights into the broader ransomware landscape, including trends and statistics for 2024, and offer practical advice on protecting against these cyber threats. Lastly, we delve into the operations of the RansomHub group, revealing their so-called 'ethical' hacking practices.
...
2025-02-2514 minCyberside Chats: Cybersecurity Insights from the ExpertsSoftware Exploits – The Fast-Paced Threat Landscape of 2025Zero-day exploits are hitting faster than ever—are you ready? This week, we dive into the U.S. Treasury breach, which we now know involved multiple zero-days, including a newly discovered flaw in BeyondTrust’s security software. Attackers aren’t just targeting IT systems anymore—they’re coming for security tools themselves to gain privileged access.
We also cover new zero-days in Microsoft, Apple, and Android, and why time-to-exploit has dropped from 32 days to just 5. Plus, we’ll share key defensive strategies to help you stay ahead.
The race between attackers and defenders is accelerating—don’t get left b...
2025-02-1812 minCyberside Chats: Cybersecurity Insights from the ExpertsThe OPM Security Debacle: Rogue Servers, Data Risks & What’s NextIn this episode of Cyberside Chats, Sherri and Matt dive into a shocking new cybersecurity controversy at the Office of Personnel Management (OPM). A rogue email server, installed outside normal security controls, has raised alarms about data security risks to millions of federal employees.
We compare this developing situation to the infamous 2015 OPM hack, in which state-sponsored attackers stole the personal records of over 22 million individuals. Are we witnessing history repeat itself—this time with even more catastrophic consequences?
Topics Covered:
Flashback to 2015: How weak security and stolen credentials led to one of the wors...
2025-02-1113 minCyberside Chats: Cybersecurity Insights from the ExpertsDeepSeek or Deep Risk? The AI Power Play With ChinaDeepSeek or DeepRisk?
A new AI powerhouse is making waves—DeepSeek has skyrocketed in popularity, rivaling top AI models at a fraction of the cost.
But with data stored in China and unknown security safeguards, is your organization at risk? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down the cybersecurity implications of AI tools like DeepSeek. You'll learn about:
▪ DeepSeek's unique IP exposure risks and cybersecurity challenges.
▪ The growing threat of "Shadow AI" in your organization and supply chain.
▪ How to update your policies, vet vendors, and prot...
2025-02-0413 minCyberside Chats: Cybersecurity Insights from the ExpertsThe Silk Road, a Pardon, and the Future of CybercrimeIn this episode of Cyberside Chats, we dive into the surprising pardon of Ross Ulbricht, creator of the infamous Silk Road dark web marketplace. What does this decision mean for the future of cybercrime enforcement and your organization’s security? We’ll explore the potential policy shift, how it could embolden criminals, and actionable steps you can take to stay ahead of evolving threats. Don't miss these critical insights!
Takeaways:
Anticipate Increased Cybercrime Activity. The pardon of Ross Ulbricht could embolden cybercriminals. Proactively strengthen your organization’s defenses by updating incident response plans and running tabletop exercises...
2025-01-2812 minCyberside Chats: Cybersecurity Insights from the ExpertsWhen the FBI Becomes Your IT DepartmentIn this episode of Cyberside Chats, we explore the FBI’s daring takedown of PlugX malware. By commandeering the malware’s command-and-control infrastructure, the FBI forced PlugX to uninstall itself from over 4,200 devices globally. This bold move echoes similar actions from 2021, such as the removal of malicious web shells from Exchange servers.
We unpack the legal, ethical, and operational implications of these law enforcement actions and provide actionable advice for IT and security leadership to prepare for similar events.
Key topics include:
How the FBI executed the PlugX takedown and what it means for orga...
2025-01-2113 minCyberside Chats: Cybersecurity Insights from the ExpertsCyber Trust or Bust? The New FTC Cyber Trust MarkIn Episode 2 of CyberSide Chats, Sherri Davidoff and Matt Durrin dive into the launch of the U.S. Cyber Trust Mark, a new security initiative aimed at making Internet of Things (IoT) devices more secure for consumers. As the number of connected devices continues to rise, the U.S. Cyber Trust Mark promises to help users make informed decisions about the security of products like cameras, smart locks, and voice assistants.
Sherri and Matt will discuss the potential impacts of the Cyber Trust Mark and discuss the ongoing challenges of securing IoT devices. They also tackle the...
2025-01-1412 minCyberside Chats: Cybersecurity Insights from the Experts2025 Cybersecurity Priorities: The Top 3 Moves to MakeJoin hosts Sherri Davidoff and Matt Durrin in this first engaging episode of CyberSide Chats, as they dive into the top cybersecurity priorities for 2025. This insightful discussion was recorded with a live Q & A, and it covers the pervasive influence of AI, the emerging threats of deepfakes, and the complexities of managing third-party risks in an increasingly digital world.
This episode not only prepares listeners for the potential challenges of 2025 but also equips them with the knowledge to enhance their cybersecurity measures effectively. Tune in to stay informed and ready for the future!
2024-12-1723 min