LMG Security
@lmgsecurity.bsky.social
LMG Security is a top cybersecurity firm providing penetration testing, advisory services, training, & more. Our experts speak at conferences like Black Hat and RSA, and have been featured in The Wall Street Journal, The New York Times, & many other pubs.
75% percent of #manufacturers are carrying critical OT #vulnerabilities, often buried inside proprietary equipment and aging software that keeps production moving but limits security options. Sherri Davidoff and Matt Durrin share more in this quick video: https://www.youtube.com/watch?v=cETaSkOb5kw
November 28, 2025 at 6:25 PM
75% percent of #manufacturers are carrying critical OT #vulnerabilities, often buried inside proprietary equipment and aging software that keeps production moving but limits security options. Sherri Davidoff and Matt Durrin share more in this quick video: https://www.youtube.com/watch?v=cETaSkOb5kw
This Thanksgiving, we’re feeling grateful for the clients, partners, and colleagues who make our work meaningful all year long.
Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday.
Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday.
November 27, 2025 at 6:20 PM
This Thanksgiving, we’re feeling grateful for the clients, partners, and colleagues who make our work meaningful all year long.
Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday.
Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday.
Chinese-made #IoT devices are turning up with hidden radios, undocumented modems, and opaque update channels—and organizations need faster ways to assess the risk. More on our blog: https://www.lmgsecurity.com/made-in-china-hacked-everywhere-what-organizations-need-to-know-now/ #SupplyChainSecurity
Made in China—Hacked Everywhere? What Organizations Need to Know Now | LMG Security
The stories sound like something out of a cyber-thriller: a city tests a Chinese-made electric bus in a decommissioned mine to see if it can be remotely shut down. U.S. ports discover hidden cellular modems inside massive cargo cranes. A common hospital patient monitor reveals an undeclared backdoor that allows…
www.lmgsecurity.com
November 26, 2025 at 4:05 PM
Chinese-made #IoT devices are turning up with hidden radios, undocumented modems, and opaque update channels—and organizations need faster ways to assess the risk. More on our blog: https://www.lmgsecurity.com/made-in-china-hacked-everywhere-what-organizations-need-to-know-now/ #SupplyChainSecurity
A single “smart” device can quietly tunnel out of your network. Today on #CybersideChats: real-world scenarios where hidden radios, #cloud paths, and offshore update servers slipped in through routine #hardware purchases.
Listen: www.chatcyberside.com/e/chinas-hid...
Watch: youtu.be/WYq6YTqanA4
Listen: www.chatcyberside.com/e/chinas-hid...
Watch: youtu.be/WYq6YTqanA4
November 25, 2025 at 3:43 PM
A single “smart” device can quietly tunnel out of your network. Today on #CybersideChats: real-world scenarios where hidden radios, #cloud paths, and offshore update servers slipped in through routine #hardware purchases.
Listen: www.chatcyberside.com/e/chinas-hid...
Watch: youtu.be/WYq6YTqanA4
Listen: www.chatcyberside.com/e/chinas-hid...
Watch: youtu.be/WYq6YTqanA4
#MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options. In this 1-minute video, we break down the most common gaps. www.youtube.com/watch?v=x290...
#Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices
#Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices
MFA Reality Check: Are you Vulnerable to Fatigue & Fallback Abuse?
YouTube video by LMG Security
www.youtube.com
November 24, 2025 at 3:35 PM
#MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options. In this 1-minute video, we break down the most common gaps. www.youtube.com/watch?v=x290...
#Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices
#Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices
#Holiday season scams now hit businesses as hard as consumers. This checklist highlights practical steps #security teams can take now—from enforcing strong #MFA to tuning #botdetection rules & more: www.lmgsecurity.com/resources/ho...
#Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing
#Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing
November 21, 2025 at 5:29 PM
#Holiday season scams now hit businesses as hard as consumers. This checklist highlights practical steps #security teams can take now—from enforcing strong #MFA to tuning #botdetection rules & more: www.lmgsecurity.com/resources/ho...
#Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing
#Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing
Attackers are now using #maliciousAI to launch #holidayscams at scale. We just published a breakdown of this year’s AI-driven holiday #fraud surge—plus an actionable checklist: https://www.lmgsecurity.com/holiday-hackers-how-ai-is-supercharging-seasonal-fraud-and-what-your-organization-must-do-now/
Holiday Hackers: How AI Is Supercharging Seasonal Fraud—and What Your Organization Must Do Now | LMG Security
Holiday fraud is surging 520% this season, and consumer scams are becoming enterprise breaches. Find out how this happens, and download our checklist to reduce your organization’s risk.
www.lmgsecurity.com
November 19, 2025 at 5:39 PM
Attackers are now using #maliciousAI to launch #holidayscams at scale. We just published a breakdown of this year’s AI-driven holiday #fraud surge—plus an actionable checklist: https://www.lmgsecurity.com/holiday-hackers-how-ai-is-supercharging-seasonal-fraud-and-what-your-organization-must-do-now/
#AI driven #fraud is hitting holiday shoppers at machine speed. Today on #CybersideChats, Sherri & Matt discuss how #phishing kits, prebuilt configs, and bot-driven takeovers enable #CredentialAbuse.
Podcast: www.chatcyberside.com/e/holiday-ha...
Video: youtu.be/TpMD5v5JUNc
#Cybersecurity
Podcast: www.chatcyberside.com/e/holiday-ha...
Video: youtu.be/TpMD5v5JUNc
#Cybersecurity
November 18, 2025 at 1:23 PM
#AI driven #fraud is hitting holiday shoppers at machine speed. Today on #CybersideChats, Sherri & Matt discuss how #phishing kits, prebuilt configs, and bot-driven takeovers enable #CredentialAbuse.
Podcast: www.chatcyberside.com/e/holiday-ha...
Video: youtu.be/TpMD5v5JUNc
#Cybersecurity
Podcast: www.chatcyberside.com/e/holiday-ha...
Video: youtu.be/TpMD5v5JUNc
#Cybersecurity
When #security assessments leak, the fallout can eclipse the incident. In our latest #CybersideChats on the #Louvre heist, we dig into how exposed #audit findings fueled scrutiny. Listen to hear how a seven-minute #robbery turned into a reputational firestorm: www.chatcyberside.com/e/louvre-hei...
November 17, 2025 at 3:55 PM
When #security assessments leak, the fallout can eclipse the incident. In our latest #CybersideChats on the #Louvre heist, we dig into how exposed #audit findings fueled scrutiny. Listen to hear how a seven-minute #robbery turned into a reputational firestorm: www.chatcyberside.com/e/louvre-hei...
Your #network may be locked down—but what about the circuitry inside your devices? Join us on November 19th for Cyberside Chats: Live! on how #hardware choices and opaque sourcing can introduce #risk + steps to spot red flags. https://www.lmgsecurity.com/event/cyberside-chats-live-november-2025/
Cyberside Chats Live! Made in China — Hacked Everywhere?
www.lmgsecurity.com
November 14, 2025 at 2:10 PM
Your #network may be locked down—but what about the circuitry inside your devices? Join us on November 19th for Cyberside Chats: Live! on how #hardware choices and opaque sourcing can introduce #risk + steps to spot red flags. https://www.lmgsecurity.com/event/cyberside-chats-live-november-2025/
Last week, LMG Security had the pleasure of speaking with the Las Vegas ISSA chapter! Matt Durrin led a thought-provoking session on “ #DeepFakes & AI: The New Frontier of #Cybercrime.” He explored how rapidly evolving #AI tools are transforming #SocialEngineering, fraud, and digital trust.
November 12, 2025 at 7:00 PM
Last week, LMG Security had the pleasure of speaking with the Las Vegas ISSA chapter! Matt Durrin led a thought-provoking session on “ #DeepFakes & AI: The New Frontier of #Cybercrime.” He explored how rapidly evolving #AI tools are transforming #SocialEngineering, fraud, and digital trust.
When the #Louvre was robbed, most people blamed the thieves. But leaked audit reports told a story of weak passwords, ignored warnings, & outdated systems. Hear more from Sherri & Matt on Cyberside Chats.
Podcast: www.chatcyberside.com/e/louvre-hei...
Video: youtu.be/3ErXdXv_bN8
#cybersecurity
Podcast: www.chatcyberside.com/e/louvre-hei...
Video: youtu.be/3ErXdXv_bN8
#cybersecurity
November 11, 2025 at 2:53 PM
When the #Louvre was robbed, most people blamed the thieves. But leaked audit reports told a story of weak passwords, ignored warnings, & outdated systems. Hear more from Sherri & Matt on Cyberside Chats.
Podcast: www.chatcyberside.com/e/louvre-hei...
Video: youtu.be/3ErXdXv_bN8
#cybersecurity
Podcast: www.chatcyberside.com/e/louvre-hei...
Video: youtu.be/3ErXdXv_bN8
#cybersecurity
The #CISA #AIS program delivered real-time, machine-readable threat intelligence across sectors. With participation disrupted, defense is at risk. In this video, we explain how AIS worked, why it mattered, and what your organization can do to stay protected post-AIS. www.youtube.com/watch?v=qFPC...
What Is The Automated Indicator Sharing Program (AIS) & Why Does It Matter?
YouTube video by LMG Security
www.youtube.com
November 7, 2025 at 2:47 PM
The #CISA #AIS program delivered real-time, machine-readable threat intelligence across sectors. With participation disrupted, defense is at risk. In this video, we explain how AIS worked, why it mattered, and what your organization can do to stay protected post-AIS. www.youtube.com/watch?v=qFPC...
A great #PenetrationTest doesn’t just find vulnerabilities—it shows how attackers could exploit them and exposes the gaps behind technical issues. That’s why #PenetrationTesting is our Top #Cybersecurity Control of Q4: https://www.lmgsecurity.com/top-control-of-q4-2025-penetration-testing/
Top Control of Q4 2025: Penetration Testing | LMG Security
Discover why LMG Security named Penetration Testing the Top Control of Q4 2025. Learn how real-world testing uncovers attack paths, strengthens defenses, and turns vulnerabilities into lasting resilience.
www.lmgsecurity.com
November 6, 2025 at 4:54 PM
A great #PenetrationTest doesn’t just find vulnerabilities—it shows how attackers could exploit them and exposes the gaps behind technical issues. That’s why #PenetrationTesting is our Top #Cybersecurity Control of Q4: https://www.lmgsecurity.com/top-control-of-q4-2025-penetration-testing/
What can a jewel heist teach us about #cybersecurity? When Hank Green sat down with Sherri Davidoff to analyze the #Louvre theft, striking parallels between physical and digital breaches were revealed. youtu.be/NIGbQ9NHFEg?... #RiskManagement #IncidentResponse #InformationSecurity #DataProtection
The Genius of the Louvre Heist
YouTube video by Hank Green
youtu.be
November 5, 2025 at 4:34 PM
What can a jewel heist teach us about #cybersecurity? When Hank Green sat down with Sherri Davidoff to analyze the #Louvre theft, striking parallels between physical and digital breaches were revealed. youtu.be/NIGbQ9NHFEg?... #RiskManagement #IncidentResponse #InformationSecurity #DataProtection
Attackers are turning Google results into #malware delivery systems, using fake software installers and sponsored ads to plant backdoors inside organizations. Podcast: www.chatcyberside.com/e/search-res...
Video: youtu.be/xKKA1ikoZ-4
#SEOpoisoning #Malvertising #Cybersecurity #Software #Phishing
Video: youtu.be/xKKA1ikoZ-4
#SEOpoisoning #Malvertising #Cybersecurity #Software #Phishing
November 4, 2025 at 3:16 PM
Attackers are turning Google results into #malware delivery systems, using fake software installers and sponsored ads to plant backdoors inside organizations. Podcast: www.chatcyberside.com/e/search-res...
Video: youtu.be/xKKA1ikoZ-4
#SEOpoisoning #Malvertising #Cybersecurity #Software #Phishing
Video: youtu.be/xKKA1ikoZ-4
#SEOpoisoning #Malvertising #Cybersecurity #Software #Phishing
What happens when you mix a high-stakes #cybersecurity #tabletopexercise with top-shelf whiskey? An unforgettable night.
LMG Security & Constangy hosted an exclusive #AI Fraud Tabletop & Whiskey Tasting where guests tackled a live #IncidentResponse scenario.
Thanks to everyone who joined us!
LMG Security & Constangy hosted an exclusive #AI Fraud Tabletop & Whiskey Tasting where guests tackled a live #IncidentResponse scenario.
Thanks to everyone who joined us!
October 31, 2025 at 2:19 PM
What happens when you mix a high-stakes #cybersecurity #tabletopexercise with top-shelf whiskey? An unforgettable night.
LMG Security & Constangy hosted an exclusive #AI Fraud Tabletop & Whiskey Tasting where guests tackled a live #IncidentResponse scenario.
Thanks to everyone who joined us!
LMG Security & Constangy hosted an exclusive #AI Fraud Tabletop & Whiskey Tasting where guests tackled a live #IncidentResponse scenario.
Thanks to everyone who joined us!
Hackers don’t need to email you anymore—they just need you to search. SEO poisoning & fake ads are spreading #malware and stealing credentials. Learn how to defend against the poisoned web: https://www.lmgsecurity.com/poisoned-search-how-hackers-turn-google-results-into-backdoors/ #Phishing #AI
Poisoned Search: How Hackers Turn Google Results into Backdoors | LMG Security
Hackers are poisoning Google search results with fake ads and malware. We share the new malvertising attack trends and how to protect your organization.
www.lmgsecurity.com
October 30, 2025 at 3:31 PM
Hackers don’t need to email you anymore—they just need you to search. SEO poisoning & fake ads are spreading #malware and stealing credentials. Learn how to defend against the poisoned web: https://www.lmgsecurity.com/poisoned-search-how-hackers-turn-google-results-into-backdoors/ #Phishing #AI
We had a great time at #BSidesPDX connecting with the local security community! Matt Durrin took the stage to present “Hackers + #AI: Faster, Smarter, More Dangerous,” a demo showing how criminals are using tools like #WormGPT to uncover vulnerabilities, generate exploits, and weaponize zero-days.
October 29, 2025 at 2:37 PM
We had a great time at #BSidesPDX connecting with the local security community! Matt Durrin took the stage to present “Hackers + #AI: Faster, Smarter, More Dangerous,” a demo showing how criminals are using tools like #WormGPT to uncover vulnerabilities, generate exploits, and weaponize zero-days.
When #AWS went offline, the outage exposed a global web of dependencies. Sherri & Matt explore what really happened, how fourth-party risks can undermine resilience, and practical steps to take on Cyberside Chats.
Listen: www.chatcyberside.com/e/when-the-c...
Watch: youtu.be/Djz-_VblMAw
#cloud
Listen: www.chatcyberside.com/e/when-the-c...
Watch: youtu.be/Djz-_VblMAw
#cloud
October 28, 2025 at 1:41 PM
When #AWS went offline, the outage exposed a global web of dependencies. Sherri & Matt explore what really happened, how fourth-party risks can undermine resilience, and practical steps to take on Cyberside Chats.
Listen: www.chatcyberside.com/e/when-the-c...
Watch: youtu.be/Djz-_VblMAw
#cloud
Listen: www.chatcyberside.com/e/when-the-c...
Watch: youtu.be/Djz-_VblMAw
#cloud
When the #Cybersecurity Information Sharing Act lapsed, organizations lost a key federal threat feed. Watch this video to learn how to strengthen private intel networks, manage legal exposure, and integrate intel loss scenarios into your #IncidentResponse plans: www.youtube.com/watch?v=2JeB... #CISA
How to Protect Your Organization After the Loss of CISA Threat Intelligence Sharing
YouTube video by LMG Security
www.youtube.com
October 27, 2025 at 3:06 PM
When the #Cybersecurity Information Sharing Act lapsed, organizations lost a key federal threat feed. Watch this video to learn how to strengthen private intel networks, manage legal exposure, and integrate intel loss scenarios into your #IncidentResponse plans: www.youtube.com/watch?v=2JeB... #CISA
Diversity builds resilience — especially in the #cloud. Matt Durrin reminds us that spreading workloads across multiple clouds isn’t just a best practice, it’s a safeguard against systemic risk.
More on our blog: www.lmgsecurity.com/beyond-aws-h...
#AWS #DNS #CloudSecurity #FourthPartyRisk
More on our blog: www.lmgsecurity.com/beyond-aws-h...
#AWS #DNS #CloudSecurity #FourthPartyRisk
October 24, 2025 at 12:49 PM
Diversity builds resilience — especially in the #cloud. Matt Durrin reminds us that spreading workloads across multiple clouds isn’t just a best practice, it’s a safeguard against systemic risk.
More on our blog: www.lmgsecurity.com/beyond-aws-h...
#AWS #DNS #CloudSecurity #FourthPartyRisk
More on our blog: www.lmgsecurity.com/beyond-aws-h...
#AWS #DNS #CloudSecurity #FourthPartyRisk
The #AWS outage exposed a threat: #FourthPartyRisk. When your vendors’ vendors go down, so do you. Learn what the #outage revealed & how to strengthen your #cloud resilience before the next disruption: https://www.lmgsecurity.com/beyond-aws-how-hidden-fourth-party-risks-threaten-digital-resilience/
Beyond AWS: How Hidden Fourth-Party Risks Threaten Digital Resilience | LMG Security
Discover how the October 2025 AWS outage exposed hidden fourth-party risks that threaten digital resilience across every industry. In this blog, LMG Security’s experts unpack how one faulty DNS update triggered a global ripple effect—and what your organization can do to identify and mitigate unseen dependencies in your cloud supply chain.
www.lmgsecurity.com
October 23, 2025 at 4:29 PM
The #AWS outage exposed a threat: #FourthPartyRisk. When your vendors’ vendors go down, so do you. Learn what the #outage revealed & how to strengthen your #cloud resilience before the next disruption: https://www.lmgsecurity.com/beyond-aws-how-hidden-fourth-party-risks-threaten-digital-resilience/
Attackers are exploiting search results and online ads to spread #malware through fake software installers—and it’s working. In our next Cyberside Chats: Live! on 10/29, we'll uncover the latest #SEOpoisoning & #malvertising techniques & how they evade defenses. www.lmgsecurity.com/event/cybers...
Cyberside Chats: Live! Poisoned Search: How Hackers Turn Google Results into Backdoors
In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake installers. Lear...
www.lmgsecurity.com
October 22, 2025 at 2:43 PM
Attackers are exploiting search results and online ads to spread #malware through fake software installers—and it’s working. In our next Cyberside Chats: Live! on 10/29, we'll uncover the latest #SEOpoisoning & #malvertising techniques & how they evade defenses. www.lmgsecurity.com/event/cybers...
When #ransomware halted Jaguar Land Rover’s production, it disrupted entire supply chains. In our latest #CybersideChats, we discuss what made this attack so impactful and share insights on how to strengthen resilience.
Podcast: www.chatcyberside.com/e/manufactur...
Video: youtu.be/LTW59YBJe-Q
Podcast: www.chatcyberside.com/e/manufactur...
Video: youtu.be/LTW59YBJe-Q
October 21, 2025 at 3:10 PM
When #ransomware halted Jaguar Land Rover’s production, it disrupted entire supply chains. In our latest #CybersideChats, we discuss what made this attack so impactful and share insights on how to strengthen resilience.
Podcast: www.chatcyberside.com/e/manufactur...
Video: youtu.be/LTW59YBJe-Q
Podcast: www.chatcyberside.com/e/manufactur...
Video: youtu.be/LTW59YBJe-Q