Cybersecurity Today
Episode: Cybersecurity Breaches: Salesforce, Workday, and Critical Infrastructure Hacked
Host: Jim Love
Date: August 20, 2025
Episode Overview
In this episode, host Jim Love covers a turbulent week in cybersecurity: data breaches involving Workday and Salesforce, a dangerous Windows update, a striking cyberattack on Norwegian infrastructure, cracks in Google's AI defenses, and Apple’s victory against government-mandated encryption backdoors. Listeners receive in-depth explanations of attack vectors, the ongoing increase in sophisticated social engineering, and the growing challenges facing both businesses and technology vendors.
Key Discussion Points & Insights
1. Workday and Salesforce Breach via Social Engineering
[00:00–03:39]
-
Incident Summary:
- On August 6, Workday detected a breach not through their own systems but via a compromised third-party CRM platform (Salesforce).
- Hackers engaged in social engineering, impersonating HR or IT to trick staff into sharing credentials.
- Exposed data: limited to business contact info (names, emails, phone numbers); no sensitive HR/customer data accessed.
- Attacks linked to “Shiny Hunters,” a notorious group recognized for targeting big brands (Microsoft, Google, Adidas, Qantas, Pandora).
-
Implications:
- Even seemingly “safe” data (contact info) can be exploited in future, more targeted phishing attacks.
- Key lesson: Organizations must recognize trust in familiar platforms (like Salesforce) is often the weakest link.
-
Notable Quote:
- “The lesson is that even limited contact information can be weaponized for more targeted attacks. And with groups like Shiny Hunters specializing in blending phishing with stolen SaaS access, the weakest link is often trust in familiar platforms.”
— Jim Love [02:55]
- “The lesson is that even limited contact information can be weaponized for more targeted attacks. And with groups like Shiny Hunters specializing in blending phishing with stolen SaaS access, the weakest link is often trust in familiar platforms.”
-
Response Measures:
- Workday swiftly blocked access, implemented new security measures, and reminded users never to give credentials via phone.
2. Dangerous Windows Update - Patch vs. Hardware Risk
[03:40–06:06]
-
Incident Summary:
- Microsoft’s Windows 11 update (KB5063878) intended to patch Llama Stealer malware, now bricking SSDs and HDDs, especially those with Phison-based controllers.
- Typical symptoms: Disappearing drives, data corruption, drives becoming unreadable or failing post-update, especially under heavy file operations.
- Issue appears tied to changes in how Windows manages write operations post-update.
-
Businesses Face a Dilemma:
- Need to patch quickly due to increasing zero-day exploits.
- In this case, the patch itself risks business continuity and data integrity.
-
Workarounds & Cautions:
- Pause updates, limit large file operations, ensure comprehensive backups, and await further fixes from Microsoft/vendors.
-
Notable Quote:
- “Here lies the conundrum. Businesses have to patch systems fast… Yet in this case, applying the patch may physically damage hardware and data. It's a challenge, but we simply have to get better at this.”
— Jim Love [05:25]
- “Here lies the conundrum. Businesses have to patch systems fast… Yet in this case, applying the patch may physically damage hardware and data. It's a challenge, but we simply have to get better at this.”
3. Critical Infrastructure Attacked: Norwegian Dam Breach
[06:07–08:21]
-
Incident Summary:
- On April 7, Russian/pro-Russian hackers accessed the Bremeninger dam in Norway, forcing open a floodgate (500 liters/132 gallons per second leaked for four hours).
- No flooding or injuries, but a three-minute video of the dam’s control panel (with attackers’ watermark) was posted to Telegram.
- Norwegian authorities confirm authenticity; the motive is psychological—causing fear and demonstrating capability.
-
Broader Context:
- Highlights the vulnerability of operational technology in critical infrastructure (water, power, telecom).
- Urges governments and businesses to prioritize not just building but securing infrastructure.
-
Notable Quote:
- “It should be build and secure, baby. Build and secure.”
— Jim Love [07:50]
- “It should be build and secure, baby. Build and secure.”
4. Google’s AI and Gmail Security Weaknesses
[08:22–10:05]
-
Newly Discovered Issues:
- Gmail’s AI-generated summaries can be manipulated, hiding phishing links from users and security systems.
- Integration of Gemini AI in Gmail and Google Docs has opened doors to prompt injection attacks; attackers can trick Gemini into revealing sensitive info or bypassing safeguards.
- In August, three Android zero-days patched, one actively exploited on Pixel devices.
- Google, long regarded as a security leader (e.g., Project Zero, Safe Browsing), now confronting serious flaws in its flagship products.
-
Larger Question:
- With Microsoft updates failing and Google showing cracks, who can enterprises trust?
-
Notable Quote:
- “If Microsoft's updates are unreliable and Google's safeguards are slipping, enterprises are left asking a hard question—who can you still trust? And I’ll suggest that the company that successfully answers that question may find themselves benefiting from it commercially.”
— Jim Love [09:50]
- “If Microsoft's updates are unreliable and Google's safeguards are slipping, enterprises are left asking a hard question—who can you still trust? And I’ll suggest that the company that successfully answers that question may find themselves benefiting from it commercially.”
5. Apple’s Privacy Win: No Backdoor for UK
[10:06–11:24]
-
Situation Summary:
- The UK government abandoned its demand for Apple to implement a backdoor in iCloud’s end-to-end encryption after behind-the-scenes negotiations.
- Earlier, Apple had removed Advanced Data Protection from UK iCloud instances to avoid compliance.
- US political pressure (including from President Trump and Vice President Vance) influenced the UK’s decision.
- Privacy advocates and Apple argue: Backdoors weaken overall security and threaten both user privacy and system integrity.
-
Significance:
- Victory for global digital privacy—sets a precedent for tech companies standing up to government overreach.
-
Notable Quote:
- “Backdoors may help one agency, but by definition, they weaken the system for everyone. Apple argued that encryption must be absolutely not negotiable, and it appears in this case, they won.”
— Jim Love [11:15]
- “Backdoors may help one agency, but by definition, they weaken the system for everyone. Apple argued that encryption must be absolutely not negotiable, and it appears in this case, they won.”
Memorable Moments
- Challenging the industry:
- “We’ve warned for years that one day cybercriminals would breach a major piece of critical infrastructure. Well, that day has arrived.” [06:10]
- Concise call to action for infrastructure:
- “Build and secure, baby. Build and secure.” [07:50]
Timestamps for Important Segments
| Timestamp | Topic | |------------|--------------------------------------------------------------------------------------------| | 00:00 | Workday & Salesforce data breach, Shiny Hunters campaign | | 03:40 | Dangerous Windows 11 update bricks drives, business dilemma | | 06:07 | Norwegian dam breached by Russian hackers – first critical infrastructure warning realized | | 08:22 | Google AI—phishing via Gmail summaries, Gemini prompt injection risks | | 10:06 | Apple wins in privacy fight against UK encryption backdoor |
Conclusion
This episode highlights how interconnected and fragile the digital ecosystem remains—from SaaS platforms and HR tech to operational infrastructure and the arms race between vendor updates and threat actors. Jim Love’s analysis emphasizes the need for vigilance, better incident response, and above all, a renewed focus on secure innovation.
Host: Jim Love
Original air date: August 20, 2025