Sherri Davidoff

@sherridavidoff@infosec.exchange
177 Followers
139 Following
76 Posts
CEO of @LMGsecurity, author of “Data Breaches” & “Ransomware & Cyber Extortion.” The hacker known as Alien. Loves to mountain bike. Most important role: mom.
Webhttps://LMGsecurity.com
Text editorEmacs
Sherri DavidoffJan 11, 2024
I know this is dorky, but it’s been a really exciting 48 hours in #crypto ! Pretty sure me and Monkey (our cat) had the same expression this morning in the kitchen, except he was watching hermit crabs, and I was watching live #bitcoin price fluctuations…
Sherri DavidoffMar 30, 2023
I’m super excited to watch @tompohl’s new “weaponar” on printer hacking! Watch him show 3 ways that his red team goes from zero to full network takeover, all starting with your printer. Our pentest team does this regularly on real-world tests-- is your printer vulnerable? Find out! https://www.lmgsecurity.com/event/weaponar-how-i-met-your-printer/?latest #pentest #hacker #cybersecurity  
Weaponar: How I Met Your Printer

LMG Security
Sherri DavidoffJan 18, 2023
Tom PohlJan 18, 2023
Sorry everybody … I broke Chat GPT
Sherri DavidoffJan 16, 2023
Freedom and security go hand-in-hand. On this day each year, my children and I watch MLK’s “I Have a Dream” speech. All great accomplishments start with great vision— that is the first step. We aren’t done, but we’ve come a long way. https://youtu.be/smEqnnklfYs
Martin Luther King - I Have A Dream Speech - August 28, 1963

YouTube
Sherri DavidoffJan 16, 2023
h4shJan 15, 2023

Every company saying that their data is encrypted at rest with "strong encryption" is saying nothing. It's a free, effortless and shameless statement to boost the org's false security posture to the untrained masses. It's even worse when they say it to justify that their security was sufficient after a breach.

Encrypted data at rest just means they use the cloud. It's standard cloud practise. They give it basically for free at a button toggle. "Using military grade encryption" yes I know it's AES. That shouldn't make you feel any safer. Optus even said their unauthenticated API was protected by double layers of encryption! (TLS in transit and AES at rest!). That meant nothing, and did nothing to protect their breach. Why?

Because the threat models that encryption at rest protects against is someone walking into some data center and grabbing hard drives. And no one does that. Every piece of encrypted information stored by your business is constantly decrypted at some point for use - especially customer and production data. Any attacker who compromises your employees with access to cloud resources, or an application/system with access to those cloud resources will have credentials and permission to decrypt the data. Because at the end of the day encrypted data is just as useless to you as it is to the attacker.

Sherri DavidoffJan 13, 2023
Hackers are leveraging ChatGPT, an #AI chatbot, to write #malware. Researchers have spotted threat actors on the dark web sharing code for AI-generated malware strains that steal files, install covert backdoors, or encrypt files. Read more here: https://www.darkreading.com/attacks-breaches/attackers-are-already-exploiting-chatgpt-to-write-malicious-code
Attackers Are Already Exploiting ChatGPT to Write Malicious Code

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.

Dark Reading
Sherri DavidoffJan 7, 2023
LMG SecurityJan 5, 2023
SBOMs are emerging as a requirement in some Federal and private contracts, & Gartner is predicting a sharp rise among #criticalinfrastructure organizations. Learn more about #SBOMs and how they can reduce risk: http://ow.ly/CjVM50MjihY
#infosec #cybersecurity #CISO #riskmanagement
Do You Have an SBOM Strategy? Gartner Predicts Sharp Rise as a Critical Infrastructure Requirement.

SBOMs are now a requirement for some Federal & private contracts. Learn about SBOM security benefits & why you should require them for your organization.

LMG Security
Sherri DavidoffJan 6, 2023
Holly CumminsJan 5, 2023

TIL there's a technical name for why ideas happen in the shower: the "default mode network" is a pattern of brain activity, measurable using fMRI, that happens when we're unfocussed. When the brain goes into idle mode (reduced activity), this part of the brain actually becomes *more* active. What does the default mode network do? Research is ongoing, but part of it definitely seems to be making connections, which is associated with curiosity and creativity.

More here: https://www.nationalgeographic.co.uk/history-and-civilisation/2022/08/the-science-of-why-you-have-great-ideas-in-the-shower

The science of why you have great ideas in the shower

It has nothing to do with getting clean—and everything to do with your state of mind.

National Geographic
Sherri DavidoffJan 5, 2023
Lenny ZeltserJan 4, 2023

Too often security teams feel that we're not only fighting threat actors but are also at odds with our colleagues. It doesn't need to be this way: https://zeltser.com/cybersecurity-vs-everyone/

#security #cybersecurity #CISO

Cybersecurity: No Longer the “Department of No”

Sherri DavidoffJan 4, 2023
Martijn GrootenJan 4, 2023
A group of Chinese researchers claims it can break 2048-bit RSA using a quantum-ish computer and it's worth reading Schneier's comments https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
Breaking RSA with a Quantum Computer - Schneier on Security