Cybersecurity Roundup: Leadership Shifts, Third-Party Risks, and Emerging Threats
Recent developments in cybersecurity highlight evolving threats, regulatory breaches, and structural changes in U.S. defense leadership.
U.S. Cyber Command-NSA Leadership Under Review
Army Lt. Gen. Joshua Rudd, nominated to lead the National Security Agency (NSA), U.S. Cyber Command (CYBERCOM), and the Central Security Service, announced during a confirmation hearing that he will assess the efficiency of the dual-hat leadership structure currently held by acting head Lt. Gen. William Hartman if confirmed. Rudd would succeed Gen. Timothy Haugh, who departed in April 2023.
Third-Party Apps Exploit Sensitive Data Without Justification
A report by Reflectiz analyzing 4,700 major websites over the past year found that 64% of third-party applications access sensitive data without a legitimate business need, up from 51% in 2024. Government and education sectors were most affected, with tools like Google Tag Manager, Shopify, and Facebook Pixel frequently implicated. The findings underscore a growing "governance gap" in data access controls.
GhostPoster Malware Expands, Infects 840,000 Users
Researchers at Koi Security identified 17 additional malicious browser extensions tied to the GhostPoster campaign, bringing total installations to 840,000 across Chrome, Firefox, and Edge. The extensions embed malicious JavaScript in logo images to monitor browsing activity, hijack affiliate links, and execute ad fraud. While removed from official stores, the campaign’s reach highlights persistent supply-chain risks.
Law Enforcement Targets Black Basta Ransomware Operatives
Ukrainian and German authorities have identified two Ukrainian suspects linked to the Russia-affiliated Black Basta ransomware group, accusing them of cracking passwords from stolen data. A 36-year-old Russian national, Oleg Nefedov, was named as the alleged leader and placed on an international wanted list, with potential ties to the Conti gang.
Incidents Impacting Critical Sectors
- Anchorage Police Department: A January 7 cyberattack on third-party vendor White Box Technologies Inc. disrupted operations, though officials stated no sensitive data was compromised.
- Canadian Investment Regulatory Organization (CIRO): A sophisticated phishing attack in August 2023 exposed 750,000 investors’ PII and financial data, though login credentials were unaffected.
- Grubhub: Hackers breached systems and issued extortion demands, though details on timing and compromised data remain undisclosed. The incident may be linked to a separate cryptocurrency scam using Grubhub’s subdomain.
- Carlsberg Brewery: A vulnerability in visitor wristband systems allowed unauthorized access to hundreds of attendees’ photos and names via brute-force attacks. The issue, reported in August 2023, remains unresolved.
Carlsberg Group cybersecurity rating report: https://www.rankiteo.com/company/carlsberg-group
Canadian Institute for Cybersecurity cybersecurity rating report: https://www.rankiteo.com/company/canadian_institute_cybersecurity
White Hat Agency cybersecurity rating report: https://www.rankiteo.com/company/white-hat-agency
"id": "CARCANWHI1768827977",
"linkid": "carlsberg-group, canadian_institute_cybersecurity, white-hat-agency",
"type": "Vulnerability",
"date": "4/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Law Enforcement',
'location': 'Anchorage, USA',
'name': 'Anchorage Police Department',
'type': 'Government'},
{'customers_affected': 'Anchorage Police Department',
'industry': 'Technology',
'name': 'White Box Technologies Inc.',
'type': 'Third-party vendor'},
{'customers_affected': '750,000 investors',
'industry': 'Finance',
'location': 'Canada',
'name': 'Canadian Investment Regulatory Organization '
'(CIRO)',
'type': 'Regulatory Organization'},
{'industry': 'Food Delivery',
'location': 'USA',
'name': 'Grubhub',
'type': 'Corporation'},
{'customers_affected': 'Hundreds of attendees',
'industry': 'Beverage',
'name': 'Carlsberg Brewery',
'type': 'Corporation'},
{'industry': ['Government', 'Education'],
'name': 'Major websites using third-party apps',
'type': 'Various'}],
'attack_vector': ['Malicious browser extensions',
'Phishing',
'Brute-force attack',
'Third-party vendor compromise'],
'data_breach': {'number_of_records_exposed': ['750,000 (CIRO)',
'Hundreds (Carlsberg)'],
'personally_identifiable_information': ['Yes (CIRO, '
'Carlsberg)'],
'sensitivity_of_data': ['High (PII, financial data)',
'Medium (browsing activity, photos)'],
'type_of_data_compromised': ['PII',
'Financial data',
'Browsing activity',
'Photos and names']},
'description': 'Recent developments in cybersecurity highlight evolving '
'threats, regulatory breaches, and structural changes in U.S. '
'defense leadership, including third-party data exploitation, '
'GhostPoster malware expansion, Black Basta ransomware '
'operations, and incidents impacting critical sectors.',
'impact': {'brand_reputation_impact': ['Carlsberg Brewery', 'Grubhub', 'CIRO'],
'data_compromised': ['PII',
'Financial data',
'Browsing activity',
'Photos and names',
'Affiliate links'],
'identity_theft_risk': ["750,000 investors' PII exposed"],
'operational_impact': ['Disrupted operations (Anchorage Police '
'Department)',
'Unauthorized access to sensitive systems'],
'systems_affected': ['Third-party applications',
'Browser extensions',
'Visitor wristband systems',
'Investment regulatory systems']},
'motivation': ['Financial gain', 'Data exfiltration', 'Ad fraud', 'Extortion'],
'ransomware': {'ransomware_strain': 'Black Basta'},
'references': [{'source': 'Reflectiz report'},
{'source': 'Koi Security research'}],
'response': {'law_enforcement_notified': ['Ukrainian and German authorities '
'(Black Basta)']},
'threat_actor': ['GhostPoster campaign',
'Black Basta ransomware group',
'Conti gang affiliates',
'Unknown hackers'],
'title': 'Cybersecurity Roundup: Leadership Shifts, Third-Party Risks, and '
'Emerging Threats',
'type': ['Third-party data exploitation',
'Malware',
'Ransomware',
'Phishing',
'Data breach',
'Extortion'],
'vulnerability_exploited': ['Supply-chain risks',
'Governance gap in data access controls',
'Unpatched vulnerabilities in third-party '
'applications']}