In today’s cybersecurity news…
Cybercom-NSA leadership nominee to assess dual-hat role
Army Lt. Gen. Joshua Rudd, the presidential nominee for Director of the National Security Agency, Chief of Central Security Service, and Command of U.S. Cyber Command, stated in a confirmation hearing on Thursday, that he would “evaluate the efficiency of the dual-hat leadership role between U.S. Cyber Command and the National Security Agency if he’s confirmed to the job.” He would replace Gen. Timothy Haugh who had been Cybercom commander and NSA director until his termination in April of last year, at which he was replaced by current acting head of both organizations, Lt. Gen. William Hartman.
Two-thirds of third-party applications access sensitive data without justification, says report
The report, released this month by researchers at Reflectiz, analyzed 4,700 leading websites over a 12-month period ending in November of last year. It suggests that 64% of third-party applications access sensitive data without business justification, up from 51% in 2024. Government sector and education sites showed the most active compromise, with Google Tag Manager, Shopify and Facebook Pixel showing up consistently as “specific offenders.” The report highlights “a growing governance gap termed unjustified access referring to instances where third-party tools are granted access to sensitive data without a demonstrable business need.” A link to the report is available in the show notes to this episode.
GhostPoster browser extensions up to 840,000 installs
Following up on and updating a story we covered one month ago, 17 more malicious extensions linked to the GhostPoster campaign have been discovered in Chrome, Firefox, and Edge stores, and have currently accumulated 840,000 installations. Discovered and reported by researchers at Koi Security last month, the GhostPoster campaign delivers malicious JavaScript code inside its logo images. This code monitors browser activity and implants a backdoor, “hijacks affiliate links on major e-commerce platforms, and injects invisible iframes for ad fraud and click fraud.” These newly identified extensions are no longer present in the add-on stores belonging to Mozilla and Microsoft.
Police turn the screws on Black Basta
Ukrainian and German law enforcement authorities have “identified two Ukrainians suspected of working for the Russia-linked ransomware group Black Basta and have placed the group’s alleged leader, a Russian national, on an international wanted list.” This according to officials speaking on Thursday. The two suspects, were described by police as hash crackers, “responsible for recovering passwords from stolen data using specialized software.” The hunt is now on for Oleg Nefedov, a 36-year-old Russian national identified as the group’s ringleader, and may also have ties to the Conti gang.
Huge thanks to our sponsor, Dropzone AI
Dropzone AI changes that math. Their AI SOC agents autonomously investigate every alert, no playbooks or code required, in three to ten minutes flat.
Stop triaging. Start defending. Book a demo at dropzone.ai.
Anchorage Police Department suffers cyberattack
An incident that occurred on January 7 appears to have been the result of a cyberattack on a third-party vendor conducting software upgrade. The vendor, Utah-based White Box Technologies Inc., supports multiple agencies nationwide. Representatives of the Anchorage Police Department officials state they don’t “believe any systems were compromised or sensitive data stolen by the event.”
Canadian investment regulator suffers data breach
The Canadian Investment Regulatory Organization (CIRO) “confirmed on Friday that approximately 750,000 investors were impacted by a cyber incident last year.” The organization “oversees all investment and mutual fund dealers in the country, alongside trading activity on Canada’s debt and equity marketplaces.” It is not an arm of the Canadian government. The data breach followed a “sophisticated phishing attack” that was detected in August.” The data at risk includes PII and financial information but not login details.
Grubhub confirms data stolen in recent security breach
The food delivery platform says hackers accessed its systems and are now sending the company extortion demands. Further details about the breach, including when it occurred, and what data may have been taken, have not been released. It is also unclear as to whether this incident is related to a wave of scam emails that had been sent from its b.grubhub.com subdomain, promoting a cryptocurrency scam.
Carlsberg brewer visitor wristbands expose visitor data
Visitors to the Carlsberg exhibition in Copenhagen – a popular attraction for beer lovers – are being warned that photos made of them as part of a memento service may not be secure. Offered as a complement to beer-themed activities for visitors, the photos were intended to be made available by entering their visitor wristband ID onto the company’s website, however researchers revealed that through a brute forcing technique, “anyone could access the names and images belonging to the many hundreds of beer enthusiasts who visit the brewery each month.” This fact was discovered by one visitor to the attraction, Alan Monie, of Pen Test Partners who succeeded in doing just that and submitted a report to the brewer on August 19. According to The Register, Carlsberg has yet to resolve this issue.