![LMG Security](/img/default-banner.jpg)
- 205
- 706 277
LMG Security
United States
Приєднався 27 тра 2013
LMG Security is an internationally recognized leader in cybersecurity. It is a full-service consulting firm, delivering proactive cybersecurity solutions, advisory and compliance services, penetration testing, training, and more. The LMG Security team has published game-changing cybersecurity research, written books on network forensics and data breaches, and routinely speaks or trains at Black Hat, RSA, and many other security conferences. With a wide range of clients, including government agencies, financial institutions, health care organizations, law firms, academia, Fortune 500 companies and more, the LMG Security team has also had their expertise noted on the TODAY show and in The New York Times.
If you like our videos, check out our on-demand incident response IT Bootcamp classes for IT professionals at LMGsecurity.com/classes !
If you like our videos, check out our on-demand incident response IT Bootcamp classes for IT professionals at LMGsecurity.com/classes !
The Difference Between Penetration Testing and Vulnerability Scanning
Some companies try to position penetration testing and vulnerability scanning as the same service. We'll share the difference between penetration testing and vulnerability scanning, and explain why you need both. We'll also dive into:
- Why vulnerabilities often don’t show up right away in scans
- The critical differences between vulnerability scanning and penetration testing, and why both are essential for robust cybersecurity
- The importance of knowing your network and patches
- Real-world examples, including an F5 vulnerability overview
#CyberSecurity #VulnerabilityManagement #PenetrationTesting #LMGSecurity #InfoSec #PatchManagement
- Why vulnerabilities often don’t show up right away in scans
- The critical differences between vulnerability scanning and penetration testing, and why both are essential for robust cybersecurity
- The importance of knowing your network and patches
- Real-world examples, including an F5 vulnerability overview
#CyberSecurity #VulnerabilityManagement #PenetrationTesting #LMGSecurity #InfoSec #PatchManagement
Переглядів: 25
Відео
How the Dark Web Works 2024
Переглядів 45616 годин тому
What makes the dark web so dark? Watch this deep dive into the inner workings of the darkest corners of the internet. We’ll take you on a guided tour of how the dark web works 2024 for a peek into the criminal underground. We'll show how hackers and criminals use the anonymity of the dark web to sell their goods and hide their crimes. We’ll also share the latest bleeding-edge developments, incl...
How to Run an Effective Vulnerability Management Program
Переглядів 8021 день тому
In this 6-minute video, we dive into the highlights of how to run an effective vulnerability management program. Learn pro tips for how to identify, remediate, and track security issues effectively to protect your organization from potential threats. We’ll cover key strategies including: 🔹 Establishing a formal management program 🔹 Maintaining an accurate asset inventory 🔹 Regular and continuou...
Why You Need Continuous External Vulnerability Scanning
Переглядів 3728 днів тому
In today's fast-paced threat environment, monthly vulnerability scans are no longer enough. We'll share the data on software vulnerabilities and why you need continuous vulnerability scanning to keep your organization safe. You may also enjoy our video on how to use Shodan to better understand your attack surface: ua-cam.com/video/UzV5IAt8ijo/v-deo.html or take a deep dive into incident respons...
How You and Attackers Can Use Shodan to Understand Your Network's Attack Surface
Переглядів 4328 днів тому
In this 3-minute video, we'll show you how you and attackers can use Shodan to understand your network's attack surface. This hands-on video shows you how to leverage this tool to strengthen your attack surface management program. If you'd like a deep dive into incident response tools and trends watch our 1-hour on-demand video: ua-cam.com/video/iKU_mt5sb_w/v-deo.html . Whether you're a cyberse...
Quick Tips for Better Attack Surface Management
Переглядів 3928 днів тому
Attack surface management (ASM) is a cybersecurity practice focused on identifying, analyzing, and reducing the potential points of entry (or "attack surface") that an attacker can exploit to gain unauthorized access to your organization's systems and data. Watch our video for quick and actionable tips to help you enhance your attack surface management strategy. You may also enjoy our video on ...
Navigating the Storm: Effective Incident Response in the Modern Cyber Landscape
Переглядів 54Місяць тому
In today’s rapidly evolving cyber landscape, effective incident response is more critical than ever. Watch our in-depth, on-demand webinar where we explore advanced strategies and best practices for managing cyber incidents, with a special focus on cloud and SaaS environments. We’ll dive into the complexities of handling modern cyber threats, from cryptojacking and data theft in AWS to signific...
The Human Firewall: Cybersecurity Staffing and Training
Переглядів 762 місяці тому
Cybersecurity is about so much more than just technology-fundamentally, it’s about people, and from the boardroom to the server room, everyone plays a critical role. Join our webinar to learn the best practices in cybersecurity training and staffing to build a “human firewall” to help protect your organization against cybersecurity threats and reduce your risk of a data breach.
Black Hat 2024 360° Ransomware Response Bootcamp Training Class Teaser - Taught by LMG Security
Переглядів 3592 місяці тому
Ransomware can devastate your organization's finances and reputation. In the blink of an eye, everything from financial records to emails can be encrypted, possibly never to be seen again. Learn to quickly identify and effectively respond to ransomware, and you can dramatically reduce the damage to your organization. In our Black Hat 2024 hands-on 360° Ransomware Response Bootcamp, we'll show y...
2024 Change Healthcare Breach Case Study
Переглядів 1572 місяці тому
The 2024 Change Healthcare data breaches had ripple effects that caused disruptions throughout the healthcare ecosystem and resulted in the organization paying a $22 million ransom. Some offices closed for the week and had to furlough their staff, and it is estimated that one in three Americans’ sensitive healthcare information was leaked. Sadly, this attack likely could have been prevented at ...
2024 Ransomware Attack Trends
Переглядів 7612 місяці тому
Watch this quick recap of 2024 Ransomware Attack Trends to learn the latest developments shaping the ransomware landscape (you can watch the full talk here: ua-cam.com/video/BW5kXQ3l61g/v-deo.html). Ransomware attack tactics have evolved and our cybersecurity experts highlight the top 4 ransomware attack trends observed so far in 2024, You'll also hear quick, practical advice and actionable str...
Ransomware Reshaped: Evolving Your Defenses
Переглядів 2023 місяці тому
Ransomware is evolving! High-profile law enforcement takedowns are making cybercriminals change their strategies, and your old prevention methods don’t work like they used to. Attackers are using sneaky new tactics to stay under the radar longer, target your cloud data, and cause massive disruptions to your business. Watch this on-demand webinar for a deep dive into the modern methods that crim...
What is WormGPT? The Evil AI for Cybercriminals.
Переглядів 6483 місяці тому
Join us for a dive into the dark realms of artificial intelligence. In this video, we take you behind the scenes and answer the question, "What is WormGPT?" WormGPT isn't your average AI - it's an "Evil AI" with all ethical and legal precautions removed. We'll show you how criminals are leveraging WormGPT to quickly create new malware, phishing attacks that are harder to detect, and more! Don't...
Demystifying Cryptography and Cryptocurrency
Переглядів 974 місяці тому
Is your encrypted data really safe? How does cryptocurrency work? What makes digital contracts secure? These critical questions, and many more, will all be answered when you understand the fundamentally simple concepts of public key cryptography. In this jam-packed session, we’ll demystify cryptography, cryptocurrency, and encryption, as we cover: - The magic of public key cryptography - Ransom...
Securing Your Attack Surface
Переглядів 1525 місяців тому
Every hack starts with a point of entry: a weakness that enables a hacker to gain a foothold in your technology environment. In this on-demand webinar, we'll discuss securing your attack surface. Cybercriminals exploit software vulnerabilities in your Internet-facing systems, send phishing emails to staff, or target your cloud infrastructure. We’ll show you how to identify your attack surface a...
Business Email Compromise Case Study
Переглядів 3145 місяців тому
Business Email Compromise Case Study
Demo of the ConnectWise ScreenConnect Vulnerability
Переглядів 1,9 тис.5 місяців тому
Demo of the ConnectWise ScreenConnect Vulnerability
How Voice Cloning is Used in Social Engineering and MFA Bypass Attacks
Переглядів 1636 місяців тому
How Voice Cloning is Used in Social Engineering and MFA Bypass Attacks
How Criminals Bypass Multi-Factor Authentication (MFA)
Переглядів 8896 місяців тому
How Criminals Bypass Multi-Factor Authentication (MFA)
How Passwordless Authentication Solutions Work
Переглядів 2686 місяців тому
How Passwordless Authentication Solutions Work
Tom's Pentest Hack of the Week #10: Watch the Flipper Zero in a Physical Penetration Test
Переглядів 5597 місяців тому
Tom's Pentest Hack of the Week #10: Watch the Flipper Zero in a Physical Penetration Test
Tom's Pentest Hack of the Week #8: Using Default Credentials for UPS Battery Backup
Переглядів 967 місяців тому
Tom's Pentest Hack of the Week #8: Using Default Credentials for UPS Battery Backup
Forget Your Password: Voice Cloning, MFA Attacks, and Our Passwordless Future
Переглядів 1597 місяців тому
Forget Your Password: Voice Cloning, MFA Attacks, and Our Passwordless Future
Tom's Pentest Hack of the Week #9: Unrestricted Custom Active Directory Templates
Переглядів 497 місяців тому
Tom's Pentest Hack of the Week #9: Unrestricted Custom Active Directory Templates
Common Types of Business Email Compromise Attacks & What It Costs Organizations
Переглядів 1078 місяців тому
Common Types of Business Email Compromise Attacks & What It Costs Organizations
What Should You Do When You Get An Email From A Colleague's Hacked Account?
Переглядів 438 місяців тому
What Should You Do When You Get An Email From A Colleague's Hacked Account?
What is a Cloud Configuration Assessment?
Переглядів 238 місяців тому
What is a Cloud Configuration Assessment?
Weaponar: How Hackers Go From Zero to Takeover
Переглядів 2528 місяців тому
Weaponar: How Hackers Go From Zero to Takeover
My view is any payments to hackers like this should be a crime. This will only keep rising if they get the incentives. That needs to stop. Organisations need to securs their networks and systems, educate their staff very regularly, also about social engineering, and back up, back up and back up, so they can restore their systems rather quickly. There is no guarantee that paying ransom will get their stuff back. Maybe in 10-15 years we will look back and see how ridiculous we were for rewarding criminals wih ransom payments.
very informative briefing! thanks for spreading awareness! Subscribed!
Are there any free options for a llm i could install on Linux?
Hi, The problem with installing your own Linux LLM is that it requires a huge amount of training data and processing power to function well. The open-source options are really cool, but they're a lot of work to start up and maintain. There are posts and blogs of different user experiences available if you search on Linux LLM. Best of luck with your journey!
@@LMGsecurity thanks. Yeah I've downloaded a few ollama models. They do run super slow on my laptop. Even the smaller 8 billion parameter ones. It has 32g ram but only 2gb ddr. I'm trying to find a way to force it to use the GPU more than the CPU.
Any uncensored model could be considered "evil" with that kind of definition.
Perhaps that is the point i.e. having something like this without controls is inherently reckless, because of its high potential for misuse. Or to put another way, those of us who aren't planning to do anything evil have no need for such a model in the first place.
Wild. AI is going to revolutionize every aspect of hacking, including social engineering. Our civilization is not ready.
Thank you so much for this video. I have sent it along to a couple of clients.
FIXED
That is insane. Just wow.
couldnt you just remove that file from the screen connect directory?
Beta testing it now on my 2 vm's...so far looks promising
Hi man! May be you able to advice how to fix problem when I am trying tp create Filter I recieve error Forbidden?
Even large companies like Microsoft can slip up, sometimes not all departments fully implement information security standards.
For personal use: Turn off the printer when you don't need it, and you won't have the problem most of the time. You will also protect the environment and your wallet.
This is fascinating, and terrifying. Well done. Thank you!
I'm just surprised they had that level of filtering to begin with.
It was really professional and useful, I highly appreciate this video! The presentation style is just the icing on the cake.
I've never understood how these things happen, they're so easy to avoid, I avoid crap like this without even thinking about it. Blows my mind that this is being done anywhere.
This is insane. I have never just asked if it will give me passwords, this is like sneaking in through the window when the front door is open and they are inviting you in.
i want this ppt for my college presentation how can i get this 🙄
I love your facial expressions
On Xerox machines it forces you to re-enter your credentials if you change the server address.
Thank you very much for the interesting webinar! Lively presented and very well understandable for laymen.
Hi Sherri awesome video!!! Question for you. Knowing that bad actors can circumvent MFA to perform account takeovers, how do we protect our networks against that? What are you thought on physical tokens like Yubikeys?
thanks, this should get more exposure .
What would you think the cost of this ubers breach of 2022 would amount to ? No legitimate sources online, at least google searches, shows any costs or data that uber has faced. I would like to know if the extent of the damages were similar to their 2016 breach.
Thanks for sharing videos like this despite the low view count
interesting and scary at the same time
It is very relevant video
Um can you put a link to the virus in the comments or desc for educational purposes ?
Beautiful trailer
good job duo.....keep it up
Thank you for the presentation
Is it possible to filter the duplicate error messages? If there are many identical error messages, that this is then only displayed once?
Dayne holly/ love will bring you back
Thanks guys, I'm glad we got that out of the way. I can get back to my drink.
thanks for explain what happened.
I forgot my macpass password, do you know how can I retrieve it?
Would you please provide all the links you have on your slides? Thank you.
I want to create data tables for multiple/all indices. What to do for that?
Good demo! How do you filter the message field? I mean, that field has a json message
Nice to hear from pro's as the MSP's handling companies networks have no idea what they are doing.
Great Video, and better tips, a very comprehensive look at what system security does and what we can and can't do in this cat and mouse game. It unfortunately comes down to user awareness since the first click is the one that shoots your foot. And I have encountered versions that are "sleepers" and don't get active immediately but wait for an update deployment to also get more easily distributed. Thanks again for this wake-up call.
Dunno if you guys respond to comments, but let's give it a shot. Do you know of a list somewhere of executables I could add to the metering setup of sccm to look for cobol strike etc? I use pstools myself, so I can find those, but I don't know the other commonly used pieces of software and thus not what their binaries are called (or if they're always called the same in the first place). I very much assume our AV software takes care of the known malicious stuff, but I know it doesn't react to psexec, cause I use that quite frequently. (We run 3 different AV solutions depending on system, and none of them flag psexec as an issue).
really great, any chance of doing Conti as well?
Hey thank you for this video really helped me get a better understanding!
Brilliant. Best examination of WS out there
Outstanding stuff, after watching this video I am now bit comfortable. what other are showing is just the bad side of dark web. I like how you are highlighting both sides but more positives and more ethical stuff 👍🏽👍🏽
What does RPM93P
I don't know what that means
Good to know.
Thank you!
These are excellent discussions. Please continue the awesome work!,
Kennedy Oath breach of contract by US VERIZON PROVIDERS.