Security Intelligence

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on. This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical. We also dive into: 13:01 -- Whether malicious LLMs like WormGPT live up to the hype 23:40 -- How hackers can lock you out of your Gmail account by changing your age 34:09 -- What happens when two different threat actors attack you at the same time 42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights All that and more on Security Intelligence.  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Being a malware reverse engineer isn’t always glamorous work. You spend a lot of time digging through junk emails.   But when you find something in there—well, that’s a whole different story.   On this episode of Security Intelligence, X-Force Malware Reverse Engineer Raymond Joseph Alfonso tells us about the time he discovered a curious new malware loader in the honeypot. And that leads to a bigger conversation about how hackers hide malicious code from view—and some of the new techniques they’re cooking up to stay hidden.  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  Learn more about QuirkyLoader → https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader   Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence 

Join Nick Bradley, a threat analysis expert, Suja Viswesan, a VP of security products, and Dave McGinnis, a global partner in cyber threat management, as they delve into the thriving dark web job market and the skyrocketing AI fraud schemes that accompany the holiday shopping season. They share practical tips for safer online shopping and dissect an intriguing case of insider threat involving wind turbines. The conversation highlights how AI is reshaping both scams and the job landscape in cybersecurity.

Anthropic says it disrupted a nearly fully autonomous espionage campaign carried out by AI agents. But some cybersecurity pros are skeptical of the framing.On the latest episode of Security Intelligence, host Matt Kosinski is joined by Ryan Anschutz, Evelyn Anderson, Seth Glasgow and Mixture of Experts podcast fixture Chris Hay to dig into Anthropic’s report and the range of responses to it. Plus: The newest OWASP Top 10 is here, the ransomware landscape is cracking up and does cyber insurance just encourage hackers? All that and more on Security Intelligence.00:00 -- Introduction01:29 -- Anthropic’s AI spy ring bust15:44 -- OWASP Top 10 202524:41 -- Small ransomware gangs33:45 -- Is cyber insurance worth it? The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligenceSubscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Have we lost the plot when it comes to AI malware?  This week, host Matt Kosinski and panelists Claire Nunez, Austin Zeizel and Dave Bales discuss the growing trend of cybersecurity pros pushing back on AI malware “research.” Is it all puffery? Genuine threat? Some secret third thing?  Plus: How hackers are stealing real-world cargo, time-delayed malware, the Louvre’s weak password and why don't more people patch their OT systems?   00:00 – Introduction 01:15 – The IT-OT gap 11:18 – Digital cargo thieves 20:12 – Time-delayed logic bombs 25:53 – AI malware vs. AI slop 33:47 – The Louvre’s passwordThe opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.   Learn more about AI malware → https://www.ibm.com/think/insights/defend-against-ai-malware Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence  

What do AI agents, the stock market and behavior-based threat detection tools have in common? You’ll need to listen to this week’s episode of Security Intelligence to find out. Join host Matt Kosinski and panelists Sridhar Muppidi and Cris Thomas for a jam-packed conversation, including new ways to build malicious AI agents, a malware strain that types like a person, a social engineering scheme that manipulates stock prices and a banner year for bug bounties. Plus: When it comes to new tech, why does governance always lag so far behind implementation? All that and more on Security Intelligence.  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Read more about the AI governance gap → https://www.ibm.com/think/insights/cios-ai-risk-governance-gap Check out our new special edition episode → https://www.ibm.com/think/podcasts/security-intelligence/social-engineering-expert-talks-physical-securityExplore the podcast → https://www.ibm.com/think/podcasts/security-intelligenceSubscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52954

Could you break into an office armed with nothing more than a coffee-stained resume and some charisma? Meet someone who can. Today’s bonus episode of Security Intelligence features an in-depth interview with Stephanie Carruthers, Global Head of Cyber Range and Chief People Hacker at IBM X-Force.  Stephanie shares the harrowing tale of one of her most daring physical security assessments. Along the way, we discuss why physical security and cybersecurity are two sides of the same coin, highlight common physical security gaps and reveal why your office trash is a criminal’s treasure.  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Learn more about physical security in cybersecurity: https://www.ibm.com/think/insights/physical-cybersecurity

Guests Dave McGinnis, an expert in threat detection; J.R. Rao, a security architecture specialist; and Suja Viswesan, a VP of security products, discuss the alarming risks associated with AI browsers like ChatGPT Atlas. They explore security measures needed to protect these platforms, including prompt sanitization and observability. The conversation shifts to a ghost network on YouTube, fueled by fake tutorials that distribute malware. Finally, they examine the implications of emerging malware like Glassworm and the importance of resilient cloud architectures.

Is Windows 10 dead? This week, panelists Michelle Alvarez, Sridhar Muppidi and Jeff Crume join host Bryan Clark to discuss support for Windows 10 coming to an end. We also talk AI use in SOCs, automated code repair and the battle against payroll pirates coming after your next paycheck. 00:00 – Intro 01:10 – RIP Windows 10 08:38 – The future of SOCs 19:41 – AI code repair 31:27 – Plundering payroll pirates The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120