A (0:00)

A Workday breach is tied to Salesforce in a social engineering campaign. A Windows update risks bricking storage drives, hackers seize control of a Norwegian Dam, Google keeps tripping up on Gmail and AI security, and Apple wins a privacy victory as the UK backs off encryption backdoor mandates. This is Cybersecurity today. I'm your host Jim Love. Workday, one of the world's largest human resources technology providers, said it was hit by a data breach earlier this month, but the attackers didn't get in through its core systems. On August 6, the company discovered hackers had slipped in through a third party customer relationship management platform, not using Workday's customer tenant environments. The entry point was facilitated through social engineering, with attackers impersonating HR or IT in calls and text messages to fool staff into handing over credentials. The exposed data was limited to business contact details such as names, emails and phone numbers, and Workday emphasized there's no sign its customer tenants or sensitive HR data were touched. Investigators linked the breach to Shiny Hunters, a well known hacking group active since 2020. They've built a reputation for credential theft and selling corporate data on underground markets with past victims including Microsoft and dozens of others. In this case, Workday joins a long list of firms including Google, Adidas, Qantas and Pandora, whose Salesforce CRM instances were targeted in the same campaign. Workday said it cut off access quickly and added new safeguards. It also reminded users that it never asks for passwords or sensitive details over the phone. The lesson is that even limited contact information can be weaponized for more targeted attacks. And with groups like Shiny Hunters specializing in blending phishing with stolen SaaS access the weakest link is often trust in familiar platforms. Microsoft's August Patch Tuesday for Windows 11 version 24H2 included a Defender Update KB5063878, meant to fight the llama stealer malware. But it's causing unexpected trouble. Several users report that under heavy file write operations like copying 50 gigabytes or more, solid state and hard drives can vanish from the system or even suffer data corruption. In some cases, the system smart telemetry goes unreadable and the drive becomes inaccessible until a reboot, and even then they may not recover. The issue tends to affect devices using Phison based SSD controllers, particularly dramless models. Though HDDs have also been implicated, gamers and users doing large software installs are especially vulnerable. The cause appears tied to how Windows handles cached write operations post update, possibly stressing firmware edge cases in certain drives While Microsoft has yet to confirm the issue, some strategies to cope includes pausing the update, limiting big file transfers, ensuring full data backups, and waiting for official fixes from Microsoft or SSD vendors. I say these because they're recommended, but none of these are particularly great options. And here lies the conundrum. Businesses have to patch systems fast. Vulnerabilities are exploited within hours or days after being discovered or after patches are released. Yet in this case, applying the patch may physically damage hardware and data. It's a challenge, but we simply have to get better at this. We've warned for years that one day cybercriminals would breach a major piece of critical infrastructure. We've done some programs on this. Well, that day has arrived. On April 7, attackers remotely accessed the Bremeninger dam in western Norway and forced open a floodgate. Water poured out at a rate of 500 liters and for our American audience that's about 132 gallons every second for four hours being before the breach was stopped. Thankfully, water levels were low so there was no flooding and no injuries. But Norwegian authorities confirmed that Russian or pro Russian hackers were behind the attack. A three minute video of the dam's control panel, watermarked with the group's insignia was later posted to Telegram. Investigators verified the video as authentic. The head of Norway's police security service boat Genghis said the purpose wasn't physical damage, but psychological to influence and cause fear and chaos among the general population. Okay, you got our attention. But we've seen the degree to which foreign actors are embedded in the operational technology that runs everything from telecommunications to water treatment. And it is time to take this seriously. I won't speak for the U.S. but for Canada, where I live. Our Prime Minister has declared it's time to build, baby build. And I'm going to say we have a challenge that we have to add to that. It should be build and secure, baby, build and secure. I don't want everybody to think we only pick on Microsoft about updates. Google, long seen as a leader in cloud and AI security, is also showing some cracks. Researchers recently found that Gmail's AI generated email summaries could be manipulated to hide phishing links, bypassing the very spam and security filters businesses rely on. The rollout of Gemini AI into Gmail and Google Docs introduced a new weakness for prompt injection attacks. Hackers can craft malicious inputs to trick Gemini into leaking sensitive information or or ignoring its built in safeguards. On mobile, Google's own August security update patched three zero day vulnerabilities in Android, one of which was already being actively exploited on Pixel phones before the fix arrived. For years, Google set the bar with safe browsing in Project Zero, but now flaws are appearing in the very core of its productivity and AI platforms. Now, if Microsoft's updates are unreliable and Google's safeguards are slipping, enterprises are left asking a hard question, who can you still trust? And I will suggest that the company that successfully answers that question may find themselves benefiting from it commercially. And in a major win for digital privacy, the UK has backed off its demand that Apple build a backdoor into its encrypted cloud services. US Director of National Intelligence Tulsi Gabbard confirmed on August 19 that after months of behind the scenes talks, including interventions from President Trump and Vice President Vance, the UK has agreed to drop its requirement for Apple to weaken encryption. Earlier this year, Apple removed its high security Advanced Data Protection, or ADP, feature from iCloud in the UK rather than comply with the order issued under the Investigatory Powers Act. Privacy groups welcome the UK's reversal, warning that a backdoor creates a vulnerability governments or hackers can exploit. This isn't just a win for Apple, it's a global statement. Backdoors may help one agency, but by definition they weaken the system for everyone. Apple argued that encryption must be absolutely not negotiable, and it appears in this case, they won. That's our show for today. You can reach me with tips, comments and even constructive criticism if you like. And if you're enjoying the return of our programs on Google and Alexa, a reminder that paying contractors to deal with tech problems is just another of our expenses, one that you could help us with by going to Tech Newsday.com and clicking on Donate. The cost of a cup of coffee per month makes a big difference when it's spread over a lot of listeners. And you may have noticed, we won't compromise to get corporate sponsorship. So we do depend a lot on our listeners and we thank you for it. I'm your host Jim Love. Thanks for listening.