Welcome to The Threat Show powered by Fletch! In order to effectively secure your organization, your physical and cyber security measures must work in tandem, something our guest this week understands very well. We're joined by Smith Tennyson, a physical security expert with three decades of experience in both the physical and cybersecurity industries, working with clients around the world.
For the past 7 years, Smith has served as the founder of Harbinger Solutions Group, a security operations service that provides comprehensive physical and cybersecurity solutions, threat and risk assessments, gap analysis and global operational strategies for their client base.
Smith explains how cyber and physical security run parallel to each other, why communication between the two fields is crucial, and more. He also helps the team break down the threat landscape and five major threats you need to know about.
Threat Landscape (02:19)
Darien, Chris, and Smith break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Chrome 111 Update Patches High-Severity Vulnerabilities (06:01)
A new round of Google Chrome fixes includes a patch for a vulnerability within Google Chrome’s built-in password manager. An attacker can steal information by pulling sensitive credentials out of the password manager without users realizing.
Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant (08:58)
Mandiant has released an analysis of zero day vulnerabilities over the past year, which included a look at vulnerabilities leveraged by nation-state threat groups. While it may seem like small/medium businesses shouldn’t need to be concerned with these attacks, once these tactics used by nation-state threat groups become known, they are often leveraged by less sophisticated groups who do target SMEs.
Privacy fail: Pictures cropped, redacted by Google Pixel phones can be recovered (14:02)
A security flaw in Google Pixel phones allows for recipients of cropped pictures shared from a Pixel to restore the original image.
Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure (14:02)
Windows 11 and 10 snipping tools faced the same problem as the Google Pixel phone, allowing recipients of screenshotted images to recover all of the images original information. This is being called the aCropalypse.
Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets (18:09)
A new malware variant is targeting android phones through popular messaging apps like WhatsApp and Telegram. Attackers are now employing optical character recognition to scan all of the photos on the device after compromise and ship the data from the photos back to the attacker. This is largely being used to steal cryptocurrency funds.
Interview with Smith Tennyson (28:09)
Smith Tennyson explains how cyber and physical security run parallel to each other, why communication between the two fields is crucial, and much more.
