Cyberside Chats: Cybersecurity Insights from the Experts

When thieves pulled off a lightning-fast heist at the Louvre on October 19, 2025, the world focused on the stolen jewels. But leaked audit reports soon revealed another story — one of weak passwords, legacy systems, and a decade of ignored warnings. 

In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the cybersecurity lessons behind the Louvre’s seven-minute robbery. They explore how outdated infrastructure, poor vendor oversight, and default credentials mirror the same risks plaguing modern organizations — from hospitals to banks. 

Listen as Sherri and Matt connect the dots between a world-famous museum and your own IT environment — and share practical steps to keep your organization from becoming the next headline. 

Key Takeaways 

• Audit for weak and shared passwords. Regularly scan for shared, default, or vendor credentials. Replace them with strong, unique, role-based passwords and enforce MFA across administrative and vendor accounts. 

• Conduct regular penetration tests and track remediation. Perform annual or semiannual pen tests that include internal movement and segmentation checks. Assign owners for every finding, set deadlines, and verify fixes. 

• Vet and contractually bind third-party vendors. Require patching and OS update clauses in vendor contracts, and verify each vendor’s security practices through audits or reports such as SOC 2. 

• Integrate IT and physical security. Coordinate teams so camera, badge, and alarm systems receive the same cybersecurity oversight as IT systems. Check for remote access exposure and outdated credentials. 

• Plan for legacy system containment. Identify unsupported systems, isolate them on segmented networks, and add compensating controls. Build a phased replacement roadmap tied to budget and risk. 

• Create a continuous audit and feedback loop. Assign clear ownership for all audit findings and track progress. Escalate unresolved risks to leadership to maintain visibility and accountability. 

• Control your media communications. Limit access to sensitive reports and train staff to prevent leaks. Manage breach-related communications strategically to protect reputation and trust. 

Don't forget to follow us for weekly expert cybersecurity insights on today's threats.

Resources 

Libération / CheckNews – “Louvre as a password, outdated software, impossible updates…” (Nov. 1, 2025) 

CNET – “You probably have a better password than the Louvre did — learn from its mistake.” (Nov. 2025) 

YouTube – Hank Green interviews Sherri Davidoff on the Louvre Heist 

LMG Security – “How Hackers Turned Cameras into Crypto Miners” (Scientific American) 

#louvreheist #cybersecurity #cyberaware #password #infosec #ciso 

Attackers are poisoning search results and buying sponsored ads to push malware disguised as trusted software. In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake Microsoft Teams installers. Learn how these attacks exploit everyday user behavior, why they’re so effective, and what your organization can do to stop them. 

Whether you’re a security leader, risk manager, or seasoned IT pro, you’ll walk away with clear, practical steps to reduce exposure and strengthen your defenses against the poisoned web. 

 

KEY TAKEAWAYS  

1. Block and filter ad content at the enterprise level. Use enterprise web proxies, browser controls, and DNS filtering to block sponsored results and malicious domains tied to critical business tools or portals.  
2. Establish and enforce trusted download paths. Require that all software come from signed, verified, or internal repositories — not search results.  Enforce application whitelisting so only verified executables can run — this blocks malicious installers even if a user downloads them. 
3. Incorporate poisoned-search scenarios into training and awareness materials. Teach staff to type trusted URLs, use bookmarks, or access internal portals directly rather than searching. 
4. Assess search behavior across your organization. Track how users find tools and portals — are they typing URLs, using bookmarks, or searching externally? Use this data to identify high-risk departments or roles and tailor awareness campaigns accordingly. Over time, shift culture toward safer, more deliberate browsing habits.  
5. Expand monitoring and detection. Hunt for persistence artifacts linked to poisoned-download infections, such as new scheduled tasks, DLL registrations, or rundll32.exe activity. Flag software installs originating from search-referral URLs in your EDR and SIEM. 
6. Conduct tabletop exercises that include search poisoning. Simulate incidents where employees download fake software or fall for poisoned ads. Practice tracing attacks back to SEO poisoning, identifying other potential victims, and developing plans to block future attacks through technical and policy controls. 

Please like and subscribe for more cybersecurity content, and visit us at www.LMGsecurity.com if you need help with cybersecurity, training, testing, or policy development. 

Resources & References 

• Blackpoint Cyber SOC: Malicious Teams Installers Drop Oyster Malware 

• BleepingComputer: Fake Microsoft Teams Installers Push Oyster Malware via Malvertising 

• Netskope: Cloud & Threat Report 2025 

• Netskope Press Release: Phishing Clicks Nearly Tripled in 2024 

• Malwarebytes: Scammers Hijack Websites of Bank of America, Netflix, Microsoft, and More to Insert Fake Phone Numbers 

• Silent Push: Payroll Pirates: How Attackers Hijack Employee Payments 

• KnowBe4: Phishing Attacks Hijack Employee Payments 

When Amazon Web Services went down on October 20, 2025, the impact rippled around the world. The outage knocked out Slack messages, paused financial trades, grounded flights, and even stopped people from charging their electric cars. From Coinbase to college classrooms, from food delivery apps to smart homes, millions discovered just how deeply their lives depend on a single cloud provider. 

In this episode, Sherri Davidoff and Matt Durrin break down what really happened inside AWS’s U.S.-East-1 region, why one glitch in a database called DynamoDB cascaded across the globe, and what it teaches us about the growing risk from invisible “fourth-party” dependencies that lurk deep in our digital supply chains. 

Key Takeaways 

1. Map and monitor your vendor ecosystem — Identify both third- and fourth-party dependencies and track their health. 
2. Require vendors to disclose key dependencies — Request a “digital bill of materials” that identifies their critical cloud and service providers. 
3. Diversify critical workloads — Don’t rely on a single hyperscaler region or platform for mission-critical services. 
4. Integrate vendor outages into incident response playbooks — Treat SaaS and cloud downtime as security events with defined response paths. 
5. Test your resilience under real-world conditions — Simulate large-scale SaaS or cloud failures in tabletop exercises. 

Resources: 

• https://www.wired.com/story/what-that-huge-aws-outage-reveals-about-the-internet 

• https://www.LMGsecurity.com/our-q3-2024-top-control-is-third-party-risk-management-lessons-from-the-crowdstrike-outage/ 

• https://www.pandasecurity.com/en/mediacenter/aws-outage-cybersecurity-risk/ 

• https://ccianet.org/wp-content/uploads/2003/09/cyberinsecurity%20the%20cost%20of%20monopoly.pdf

#cybersecurity #thirdpartyrisk #riskmanagement #infosec #ciso #cyberaware #Fourthpartyrisk #cybersidechats #lmgsecurity #aws #awsoutage

When ransomware forced Jaguar Land Rover to halt production for six weeks, the impact rippled through global supply chains — from luxury car lines to small suppliers fighting to stay afloat. In this episode, Sherri Davidoff and Matt Durrin examine what happened, why manufacturing has become ransomware’s top target, and what new data from Sophos and Black Kite reveal about the latest attack trends. 

They share practical insights on how organizations can strengthen resilience, secure supply chains, and prepare for the next wave of operational ransomware attacks. 

 

Key Takeaways 

1. Patch and prioritize. 
   Focus on fixing known exploited vulnerabilities (CISA KEV) and critical  flaws before attackers do. 

1. Monitor your vendors continuously. 
   Move beyond annual questionnaires — use ongoing, data-driven monitoring to identify risk in your supply chain. 

1. Segment IT and OT networks. 
   Strong isolation can contain ransomware and prevent complete production shutdowns. 

1. Invest in detection and response. 
   Around-the-clock monitoring (MDR or SOC) can detect early-stage activity before encryption starts. 

1. Practice recovery. 
   Test isolation, backup, and restoration processes regularly — and include your leadership team in realistic tabletop exercises. 

 

References & Further Reading 

• Sophos – State of Ransomware 2025 (June 2025) 

• Black Kite – Manufacturing TPRM Report 2025 

• The Guardian – “Jaguar Land Rover Hack Shuts Factories After Cyberattack” 

• Reuters – “JLR to Restart Some Manufacturing After Six-Week Shutdown” 

• Dark Reading – Ransomware in Manufacturing: An Escalating Battle 

• LMG Security – Ransomware Prevention Best Practices Checklist 

In this episode of Cyberside Chats, Matt Durrin and his guest explore what makes cybersecurity communication effective — whether you’re leading a sales presentation, a training session, or a tabletop exercise. The discussion dives into how to move beyond technical jargon and statistics to tell stories that resonate. Listeners will learn how understanding and communicating the “why” behind security practices can dramatically improve engagement, retention, and impact across any audience.

 

Top Takeaways

• Lead With Why: Start with impact and consequences before discussing tools or features.
• Use Stories, Not Just Stats: Connect technical points to human experiences that make the message memorable.
• Run the “So What?” Test: Always link facts and advice to why they matter for that specific audience.
• Balance Fear With Agency: Create urgency without hopelessness — show clear, achievable actions.
• Mix Communication Methods: Blend stories, visuals, simulations, and discussion to sustain engagement.
• Communication is a Security Control: If people don’t understand why something matters, adoption and compliance will suffer.

#cybersecurity #cyberawareness #cyberaware #training #technicaltraining #ciso #cybersecuritytraining #CybersideChats #LMGsecurity

When the government shut down, the Cybersecurity Information Sharing Act of 2015 expired with it. That law provided liability protections for cyber threat information sharing and underpinned DHS’s Automated Indicator Sharing (AIS) program, which costs about $1M a month to run. Is it worth the cost? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the value of public-private information sharing, the uncertain future of AIS, and how cybersecurity leaders should adapt as visibility gaps emerge. Along the way, they share a real-world story of how information sharing stopped a ransomware attack in its tracks — and what could happen if those pipelines dry up. 

Key Takeaways: 

• Strengthen threat intelligence pipelines: Don’t rely solely on AIS or your vendor. Ask providers how they source threat intel and diversify feeds. 

• Review liability exposure: With CISA expired, safe harbors are gone — consult counsel before sharing. 

• Plan for reduced visibility: Run tabletop exercises simulating loss of upstream intel. 

• Get proactive about information exchange: Join ISACs, ISAOs, or local peer groups — and contribute, not just consume. 

Resources: 

• Reuters: Industry groups worry about cyber info-sharing as key U.S. law set to expire 

• U.S. Chamber of Commerce: Letter to Congress on CISA 2015 

• Baker McKenzie: CISA Liability Protections Terminate — What Legal & Infosec Need to Know 

• Cyberside Chats: Executive Order Shockwave: The Future of Cybersecurity Unveiled 

#CybersideChats #CISA #CISO #cybersecurity #infosec

Scattered Spider is back in the headlines, with two recent arrests — Thalha Jubair in the UK and a teenager in Nevada — bringing fresh attention to one of the most disruptive cybercriminal crews today. But the real story is in the indictments: they offer a rare inside look at the group’s structure, their victims, and the mistakes that led law enforcement to track them down. In this episode, Sherri Davidoff and Matt Durrin break down what the indictments reveal about Scattered Spider’s tactics, roles, and evolution, and what defenders can learn from these cases. 

Key Takeaways: 

• Lock down your help desk. Require strong, multi-step verification before resetting accounts, and monitor for suspicious or unusual requests. 

• Prepare for ransom decisions. Develop playbooks that model both paying and refusing, so leadership understands the financial and operational tradeoffs before an incident hits. 

• Get proactive on insider risk. Teens and early-career workers are being recruited in open forums like Telegram and Discord — build awareness and detection into your insider risk program. 

• Pressure-test your MFA. Don’t just roll it out — simulate how attackers might bypass or trick staff into resetting it. 

• Educate your team on voice social engineering. Scattered Spider relied on phone-based tactics; training staff to recognize and resist them is critical. (LMG Security offers targeted social engineering training to help your team prepare.) 

Resources: 

• BleepingComputer: “US charges UK teen over Scattered Spider hacks including US Courts” https://www.bleepingcomputer.com/news/security/uk-arrests-scattered-spider-teens-linked-to-transport-for-london-hack/ 

• “The Rabbit Hole Beneath the Crypto Couple is Endless” https://www.vice.com/en/article/the-rabbithole-beneath-the-crypto-couple-is-endless 

• MGM Breach: A Wake-up Call for Better Social Engineering Training for Employees https://www.lmgsecurity.com/2023-mgm-breach-a-wake-up-call-for-better-social-engineering-training-for-employees/ 

• DOJ press release on the indictment of five Scattered Spider members (Nov 2024) – https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text  

• DOJ press release on UK national Thalha Jubair charged in multiple attacks (Sept 2025) – https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical  

#cyberattack #cybersecurity #cybercrime #informationsecurity #infosec #databreach #databreaches #ScatteredSpider 

What happens when the same AI tools that make coding easier also give cybercriminals new powers? In this episode of Cyberside Chats Live, we explore the rise of “vibe coding” and its darker twin, “vibe hacking.” You’ll learn how AI is reshaping software development, how attackers are turning those vibes into cybercrime, and what it means for the future of security. 

 

Key Takeaways 

1. Establish ground rules for AI use  
   • Even if you don’t have developers, employees may experiment with AI tools. Set a policy for how (or if) AI can be used for coding, automation, or day-to-day tasks.  
   • Make sure staff understand not to paste sensitive data (like credentials or customer info) into AI tools. 
2. Strengthen your software supply chain  
   • If you rely on vendors or contractors, ask them whether they use AI in their development process and how they vet the resulting code.  
   • Request (or create) an inventory of software components and dependencies (SBOMs) so you know what’s inside the software you buy.  
   • Stay alert to supply chain risks from open-source code or third-party add-ons. 
3. Treat your endpoints like crown jewels  
   • Limit what software employees can install, especially IT staff.  
   • Provide a safe “sandbox” machine for testing unfamiliar tools instead of using production systems.
   • Apply strong endpoint protection and restrict administrative privileges. 
4. Prepare for AI-related incidents  
   • Include scenarios where AI is part of the attack, such as compromised development tools, malicious packages, or data fed into rogue AI systems.  
   • Plan for vendor incidents, since third-party software providers may be the first link in a compromise.  
   • Test these scenarios through tabletop exercises so your team knows how to respond. 

References 

• Malwarebytes — Claude AI chatbot abused to launch cybercrime spree (Aug 2025): https://www.malwarebytes.com/blog/news/2025/08/claude-ai-chatbot-abused-to-launch-cybercrime-spree 

• Trend Micro / Industrial Cyber — EvilAI malware campaign exploits AI-generated code to breach global critical sectors (Aug 2025): https://industrialcyber.co/ransomware/evilai-malware-campaign-exploits-ai-generated-code-to-breach-global-critical-sectors/ 

• The Hacker News — Cursor AI code editor flaw enables silent code execution on developer systems (Sept 2025): https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html 

• PCWorld — I saw how an “evil” AI chatbot finds vulnerabilities. It’s as scary as you think (May 2025): https://www.pcworld.com/article/2424205/i-saw-how-an-evil-ai-chatbot-finds-vulnerabilities-its-as-scary-as-you-think.html 

#AIhacking #AIcoding #vibehacking #vibecoding #cyberattack #cybersecurity #infosec #informationsecurity #datasecurity