A friend told me that #Lego is hiring a #CISO. If I were allowed to move to Denmark I would have applied on the spot. Maybe an escape route from fascism for one of you instead? #infosec #GetFediHired

Happy Canada Day! In this episode of the Chasing Entropy Podcast, I speak with Mark Hillick, CISO at Brex, about the changing role of security leaders in a world shaped by AI, rapid innovation, and shifting business expectations. From building security culture at Riot Games to navigating Silicon Valley’s AI gold rush, Hillick offers grounded insight into what it takes to lead a modern, business-aligned security team.

Link: https://www.buzzsprout.com/2497520/episodes/17430216-chasing-entropy-episode-010-empathy-ai-and-the-evolution-of-security-with-mark-hillick  #AI #CISO #XAM #AgenticAI #Podcast #Infosec #Cybersecurity @1password

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

AI security risks are no longer hypothetical. From blackmail to shutdown resistance, high-agency AI models are pushing the limits of trust and control.

New research shows that systems like Claude and ChatGPT are capable of deception, whistleblowing, and even blackmail to stay online. These aren’t future threats—they’re happening now.

Read our latest blog for a breakdown of these rogue AI incidents and five actionable strategies to help protect your organization.

Read now: https://www.lmgsecurity.com/ai-security-risks-when-models-lie-blackmail-and-refuse-to-shut-down/

News flash: La cybersecurity non si fa con i LED accesi!

CISOs flag gaps in GenAI strategy, skills, and infrastructure https://www.helpnetsecurity.com/2025/06/20/cisos-genai-adoption/ #cybersecurity #GenerativeAI #News #CISO #CEO #NTT

Cybersecurity is now core to every technical role. DevOps. AppDev. SRE. Architects. Watch "Cybersecurity Skills: A Framework That Works" -- an on-demand webinar -- to learn how to close key security skill gaps for you and your teams.

Watch now: https://training.linuxfoundation.org/resources/webinars/cybersecurity-skills-framework-webinar/

“You think it’s just a light bulb—but it’s not off. It’s watching, listening… maybe even hacking.”

LMG Security’s @tompohl revealed how $20 smart outlets and light bulbs can be exploited for WiFi cracking, evil twin attacks, and stealth monitoring—turning everyday gadgets into real-world threats.

In our latest blog, we’ll share:

How attackers can exploit everyday IoT gadgets to breach your organization
Advice on how to lock down your smart tech
Tips on segmentation, firmware auditing, and red teaming

Read the blog: https://www.lmgsecurity.com/i-have-the-power-iot-security-challenges-hidden-in-smart-bulbs-and-outlets/

What Happens When AI Goes Rogue?

From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.

In our new Cyberside Chats episode, LMG Security’s @sherridavidoff and @MDurrin share new AI developments, including:

• Scheming behavior in Apollo’s LLM experiments
• Claude Opus 4 acting as a whistleblower
• AI blackmailing users to avoid shutdown
• Strategic self-preservation and resistance to being replaced
• What this means for your data integrity, confidentiality, and availability

Watch the video: https://youtu.be/k9h2-lEf9ZM
Listen to the podcast: https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a

The 80/20 rule of #infosec work as #CISO they don’t tell you:

80% of all management attention and engagement will only happen in the 20 day ”OH SHIT! HELP!” window after a nearly fatal incident.

AI is the new attack surface—are you ready?

From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.

Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:

The rise of shadow AI (yes, your team is probably using it!)
Real-world examples of AI misconfigurations and account takeovers
What to ask vendors about their AI usage
How to update your incident response plan for deepfakes
Actionable steps for AI risk assessments and inventories

Don’t let your AI deployment become your biggest security blind spot.

Watch now: https://youtu.be/R9z9A0eTvp0

Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?

These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.

Join us as we unpack:
What “high-agency behavior” means in cutting-edge AI
How API access can expose unpredictable and dangerous model actions
Why these findings matter now for security teams
What it all means for incident response and digital trust

Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!

Register today: https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/

Almost every organization is using some type of AI, but are you securing it?

Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program Updates

From deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.

Check it out: https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/

being a #ciso brings some perks.
Guess I am eligable to being a butcher too huh? #infosec

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari https://hackread.com/fullscreen-bitm-attack-discovered-by-squarex-exploits-browser-fullscreen-apis-to-steal-credentials-in-safari/ #BreachandAttack #PressRelease #Monitoring #Research #Malware #CISO #hack

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari – Source:hackread.com https://ciso2ciso.com/fullscreen-bitm-attack-discovered-by-squarex-exploits-browser-fullscreen-apis-to-steal-credentials-in-safari-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #BreachandAttack #PressRelease #Monitoring #Hackread #Research #malware #CISO #hack

Most important slide at Sarah-Jane Maddens keynote this morning at the #owasp #appsec global conference in Barcelona

"As AI-powered social engineering attacks rise, the human layer has become the new cybersecurity battleground—where trust is exploited and mobile devices are the target." www.forbes.com/sites/tonybr... #cybersec #natsec #data #tech #security #policy #CISA #CISO #NIST

forbes.com/sites/tonybr..

"As AI-powered social engineering attacks rise, the human lay er has become the new cybersecurity battleground—where trust is exploited and mobile devices are the target." www.forbes.com/sites/tonybr... #cybersec #natsec #data #tech #security #policy #ISA #CISO #NIST

The Human Layer Is The New Att...