Security Intelligence

Could you break into an office armed with nothing more than a coffee-stained resume and some charisma? Meet someone who can. Today’s bonus episode of Security Intelligence features an in-depth interview with Stephanie Carruthers, Global Head of Cyber Range and Chief People Hacker at IBM X-Force.  Stephanie shares the harrowing tale of one of her most daring physical security assessments. Along the way, we discuss why physical security and cybersecurity are two sides of the same coin, highlight common physical security gaps and reveal why your office trash is a criminal’s treasure.  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Learn more about physical security in cybersecurity: https://www.ibm.com/think/insights/physical-cybersecurity

Guests Dave McGinnis, an expert in threat detection; J.R. Rao, a security architecture specialist; and Suja Viswesan, a VP of security products, discuss the alarming risks associated with AI browsers like ChatGPT Atlas. They explore security measures needed to protect these platforms, including prompt sanitization and observability. The conversation shifts to a ghost network on YouTube, fueled by fake tutorials that distribute malware. Finally, they examine the implications of emerging malware like Glassworm and the importance of resilient cloud architectures.

Is Windows 10 dead? This week, panelists Michelle Alvarez, Sridhar Muppidi and Jeff Crume join host Bryan Clark to discuss support for Windows 10 coming to an end. We also talk AI use in SOCs, automated code repair and the battle against payroll pirates coming after your next paycheck. 00:00 – Intro 01:10 – RIP Windows 10 08:38 – The future of SOCs 19:41 – AI code repair 31:27 – Plundering payroll pirates The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Join experts Jeff Crume, an IBM Distinguished Engineer focused on AI and data security, Nick Bradley, a hands-on incident response practitioner, and Claire Nuñez, Creative Director for IBM X-Force Cyber Range, as they delve into fascinating topics. Discover alarming new methods to trick AI agents, the resurgence of DDoS attacks targeting tech startups, and the complicated legacy of zero trust security. They also debunk persistent cybersecurity myths and explore the trade-offs of privacy in the digital age, making for an insightful discussion.

An AI security CEO thinks we’re six months away from an “AI vulnerability cataclysm.” Is this a legitimate threat, or just fear-mongering? On this week’s episode, host Matt Kosinski and panelists Cris Thomas, Suja Viswesan and Troy Bettencourt debate whether we're headed straight for an AI security disaster. We also react to reports on Scattered Spider’s return (surprise!), a potential new strain of the devastating Petya ransomware and a survey of common cloud misconfigurations. Plus: Hot takes on dumb cybersecurity rules. All this and more, on Security Intelligence.    00:00 – Intro  01:02 – The AI apocalypse 12:53 – Scattered Spider’s back 23:41 – Misconfiguration risks 32:35 – What is HybridPetya? 42:46 – Dumb cybersecurity rules  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Learn more about cybersecurity: https://www.ibm.com/think/security 

Has the most notorious cybercrime gang of the moment really hung up its keyboards? In this episode of Security Intelligence, host Matt Kosinski along with panelists Dave Bales, Michelle Alvarez and Sridhar Muppidi discuss Scattered Lapsus$ Hunters’ retirement announcement, the ethics of ransomware research, software supply chain security lessons from the npm hack, the state of OT security, and hiring fraud.  Plus: Dave takes on CVSS scores. All this and more, on Security Intelligence.  00:00 – Intro  02:12 – Scattered Lapsus$ Hunters retire 8:05 – AI ransomware is here 15:43 – npm hijacking 24:51 – X-Force on OT threats 35:27 – AI hiring fraud 41:36 – A hacker and Huntress EDR The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Learn more about cybersecurity: https://www.ibm.com/think/security 

Have we made cybercrime too easy? In the very first episode of Security Intelligence, panelists Jeff Crume, Suja Viswesan and Nick Bradley join host Matt Kosinski to discuss the invention of vibe hacking and HexStrike AI, an offensive security framework that threat actors are co-opting to command their own AI agent armies. We also discuss Scattered Lapsus$ Hunters’ unconventional new ransom demand and the rise of the RATs, or remote access trojans. Plus: A game of “Would You Rather?"   00:00 – Intro 1:40 – Introducing vibe hacking 9:28 – HexStrike AI fuels AI agent crime 14:42 – AI agent cyber attacks vs. Human cyber attacks 18:16 – Scattered Lapsus$ Hunters want Google to fire employees 26:03 – Remote Access Trojans on the rise  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Learn more about cybersecurity: https://www.ibm.com/think/security 

Cybersecurity moves fast: Old vulnerabilities are patched as new exploits appear. Cybercrime gangs form and strike and fade, disappearing with millions of ransom dollars. What protected the organization yesterday might leave it hopelessly exposed today. At the same time, cybersecurity pros rely on core principles—like the CIA triad of infosec, the principle of least privilege, zero trust architectures—to help them navigate this shifting terrain.  Security Intelligence addresses both of these angles in a single, exciting, and digestible podcast episode every week. Listeners learn both the latest news and timeless insights, all from experts they can trust. This format speaks directly to the needs and preferences of cybersecurity practitioners, who want frequent, granular and technical content that gives need-to-know information.