Daily Cyber Threat Brief – Episode 1049
Date: January 19, 2026
Host: Dr. Gerald Auger, Simply Cyber Media Group
Main Theme:
A fast-paced rundown and in-depth analysis of the top cybersecurity news for January 19, 2026, with practical takeaways for professionals across the cybersecurity field, delivered with engaging commentary, relatable analogies, and a strong community vibe.
Key Segments and Insights
1. NSA/CyberCom Leadership – Dual Hat Role
[11:02]
- Background: Lt. General Joshua Rudd is nominated to lead both US Cyber Command and the NSA, succeeding General Timothy Hogg.
- Discussion:
- “Is that a good idea or is it a bad idea? Should there be two different people in those roles? Well, if this guy gets confirmed as that role, he'll confirm it. I mean, he'll investigate it.” – Dr. Auger
- Dr. Auger notes Rudd’s Special Forces background and high-level execution skills, emphasizing trust in his ability to evaluate organizational governance and structure.
- Takeaway:
- While critical at the federal level, this leadership shuffle has limited direct impact for most commercial sector cybersecurity professionals and is primarily of general industry interest.
2. Third-Party Applications Accessing Sensitive Data
[15:16]
- Report Highlights:
- 64% of leading websites allow unjustified third-party access to sensitive data—up from 51% in 2024.
- Government and education sectors are particularly affected; Google Tag Manager and Facebook Pixel are leading offenders.
- “Words have meaning and you know, if we're talking about what's going on globally in certain Countries… That might qualify as crisis. 64% of third party apps accessing data without justification. The crisis, like calm, calm down first of all…” – Dr. Auger at [16:15]
- Insights:
- Data is gold; both lazy developer practices and marketing department priorities are at the root of excessive permissions.
- “I’m stunned. It’s only 64%.” – Dr. Auger
- Remediation Recommendations:
- Inventory and audit data trackers (noting this is difficult in practice).
- Automate monitoring of tag managers/pixels.
- Improve IT/Marketing collaboration and awareness of risks.
- Practical Advice:
- Use this as an opportunity to work with your Marketing department—frame it as a GRC initiative rather than an urgent crisis.
3. Ghost Poster Browser Extensions – Ongoing Malicious Campaign
[25:17]
- Story:
- 17 more malicious extensions (Firefox, Chrome, Edge) in the Ghost Poster campaign now total 840,000 installs, using images to deliver malicious JavaScript.
- Functionality:
- Monitors browser activity, performs affiliate link hijacking, and click fraud via invisible iframes.
- Memorable Quote:
- “If you had an extension on your machine that overwrote someone's affiliate link with their affiliate link, would you care? ...It doesn’t impact you personally. And I think that’s an important distinction.” – Dr. Auger at [26:15]
- Context:
- While not directly harming end users, these attacks undermine content creators. Dr. Auger draws parallels with IoT botnet issues where user impact is indirect.
- Mentions similar (though overt, not malicious) behavior by companies like Honey, generating discussion around affiliate fraud.
- Action Point:
- Remove any listed malicious extensions from browsers and alert user bases accordingly.
4. Law Enforcement Action against Black Basta Ransomware Operators
[31:18]
- Headline:
- Ukrainian and German authorities have identified and arrested two Ukraine-based members and are seeking the Russian leader, Oleg Nefedov, suspected of being involved with Black Basta and possibly Conti.
- Insightful Take:
- “The only way to really curb the ransomware threat...is you have to get the snake’s head, period.” – Dr. Auger at [32:01]
- Context:
- Arrest of key ransomware operators is required for systemic impact, as technical and defensive improvements alone won’t deter financially motivated, skilled criminals.
- Recalls the fragmentation and data leaks from the pro-Russian/Conti gang post-Ukraine invasion, demonstrating the complexity of ransomware ecosystems.
5. Anchorage Police Department – Third-Party Upgrade Triggers Breach
[41:45]
- Incident:
- Attack during a scheduled upgrade by third-party White Box Technologies; systems and data reportedly secure.
- Key Lesson:
- “Sometimes during maintenance… it's not uncommon for the configuration and infrastructure of your environment to be configured to be less secure...You must ensure that it gets back to a known secure state.” – Dr. Auger at [42:16]
- Practical Takeaway:
- Always perform risk assessment before, during, and after maintenance or upgrades.
- Confirm rollback to secure configurations post-upgrade.
6. Canadian Investor Data Breach (CIRO)
[47:25]
- Impact:
- Data breach affected approx. 750,000 investors; PII and financial info at risk, but not credentials.
- Analysis:
- “What—it’s a day that ends in Y. Company had your PII stolen. Company not impacted financially. They’ll continue to do what they do.” – Dr. Auger at [48:05]
- Standard breach response; the lack of evidence of misuse means little, as criminals typically operate with stealth before monetizing.
- A reminder that compromise is always possible, even for diligent organizations.
7. Grubhub Hack & Extortion
[50:52]
- Incident:
- Hackers exfiltrated data from Grubhub, now issuing extortion demands.
- Shiny Hunters likely responsible, leveraging credentials stolen in a prior Salesloft/Drift breach (from mid-2025).
- Takeaway:
- Highlights the danger of not resetting credentials following the compromise of a supplier/partner platform, especially when API keys and OAuth tokens are involved.
- “Whenever a system is compromised, it’s a pain in the butt, but you have to refresh creds. You are… exposed…” – Dr. Auger at [51:25]
- Analogized to losing keys – you should always rekey after theft.
8. Carlsberg Brewery Visitor Dataleak
[57:11]
- Discovery:
- Photos tied to wristband IDs at Carlsberg’s Copenhagen brewery could be brute-forced, exposing visitor images and names.
- Explained:
- Classic case of insecure direct object reference (IDOR), with incrementing IDs in URLs enabling easy enumeration.
- “If you’re interested in, you know, getting some personal branding, getting your company or yourself… doing a hack and then blogging about it or sharing it is one good way.” – Dr. Auger at [58:09]
- Risk Assessment:
- No sensitive or private data—public images from a public attraction, so low real-world impact but a good illustration of basic security lapses.
Memorable Quotes & Moments
- “Ideas are easy, execution's hard. Special Forces people, they execute with, you know, very high precision and very high efficacy.” ([12:00] on NSA/Cybercom leadership)
- “Data is gold… these third party apps that have data all over the place… can be weaponized. So it's super valuable.” ([16:15])
- “You have to get the snake's head, period.” ([32:01])
- “You must ensure that it gets back to a known secure state.” ([42:16])
- “What—it’s a day that ends in Y. Company had your PII stolen…” ([48:05])
- “Whenever a system is compromised… you have to refresh creds.” ([51:25])
- “This is…an idor. Indirect object reference or insecure direct object reference… just iterating…” ([58:09])
Community Highlights
- Community Member of the Week:
- Sean Washington (“cyber shin and gummy”) honored for contributions and MFA advocacy, including creation of the “Wu MFA Forever” shirt, participation in interview series.
- Raffles & Giveaways:
- Live prizes included high-value Arcanum Security training vouchers, reinforcing the show’s community-oriented atmosphere.
- Live Engagement:
- Regular encouragement for chat, first-timers, and cross-team support (“Team Solo” shout-out).
Actionable Recommendations
- Operationalizing Third-Party Tracker Audit: Schedule regular reviews of all marketing/analytics plugins and review data permissions.
- Extension Monitoring: Disseminate lists of malicious browser extensions for organization-wide removal.
- Credential Hygiene: Whenever a related platform in your tech stack is breached, proactively rotate all secrets, tokens, and API keys.
- Upgrade/Maintenance Security: Always validate restoration of tight security post-change, and consider buddy-checks during critical changes.
Episode Tone and Style
Dr. Gerald Auger blends practical, jargon-friendly insights with analogies (like “leaving your window open after baking bread” and “losing your house keys”) to make concepts memorable. He’s direct but encouraging (“Let’s go!”), frequently addresses both newcomers and experienced professionals, and adopts a “we’re all in this together” community tone—reflective, inclusive, and at times, humorously skeptical of industry PR spin.
Final Note
To participate live, interact with the community, or claim CPEs, join the Simply Cyber Daily Cyber Threat Brief stream each weekday at 8 AM Eastern.
Stay secure!