This Week in Cybersecurity:SaaS Breaches, Ghost-Tapping, AI Deepfakes, and Espionage Risks
- Glen Armes
- Aug 19
- 3 min read
Cybersecurity threats continue to evolve rapidly, with new attack vectors emerging what feels like daily. This week, four major news stories stand out to me with each offering important lessons for businesses, leaders, and security teams.
Workday Data Breach Tied to Salesforce Hack
The news:
Workday has confirmed a data breach and it is being reported that the breach is linked to the same attack campaign that targeted Salesforce customers earlier this summer. The attackers exploited access to Salesforce environments to pivot into Workday, exposing sensitive HR and financial data.
Why it matters:
The incident highlights the hidden risks of platform and service interdependencies. A single SaaS breach can enable attackers to cascade across a companies critical business applications like HR, finance, and CRM.
Actions:
Ensure your company audits all third-party SaaS connections for least privilege access into your environment.
Enable multi-factor authentication (MFA) for all logins everywhere all the time.
Test your SIEM to ensure it is configured with the proper event searches to identify malicious activity.
Ensure your vendor contracts include notification of a breach within a reasonable timeframe.
News source(s):
“Ghost-Tapping” Scams Target Mobile Wallets
The news:
A new near field communication (NFC) relay attack enables criminals to make fraudulent purchases using stolen Apple Pay or Google Pay credentials. Known as "ghost-tapping", the scam relies on real-time payments being made between a phone and a point-of-sale terminal.
Why it matters:
Ghost-tapping is another sign that digital wallets are becoming prime fraud targets. As consumer adoption grows, attackers are innovating around physical-digital fraud success.
Actions:
Disable near field communication (NFC) when not in use.
Set mobile wallets to require biometric re-authentication at every tap.
Monitor card activity closely with text message or email transaction alerts.
News source(s):
North Korea’s AI-Powered Remote Work Scams
The news:
Reports indicate that North Korean operatives continue with posing as remote IT and tech workers, using stolen identities and AI tools to land jobs in U.S. firms. The goal is to gain insider access to corporate systems and funnel earnings back to the regime.
Why it matters:
This is cyber-espionage disguised as employment. It highlights how geopolitical adversaries exploit remote work trends to infiltrate private companies and it is only picking up and not slowing down.
Actions:
Ensure full background checks are being done for employees, especially for remote hires, along with identity verification.
Apply least privilege access to all remote connections.
Implement geographic security controls to know where an employees equipment is located at all times and if that location correlates with the employees home of record.
Watch for red flags such as workers avoiding video or voice calls and heavy use of AI for all work product.
News source(s):
Surge in AI Deepfake “CEO Impersonator” Scams
The news:
AI generated deepfakes are responsible for the current spike in executive impersonation scams. In one case, fraudsters used a video deepfake to trick a finance team into transferring $25M. Losses from deepfake CEO scams have already surpassed $200M in Q1 alone, as reported by The Wall Street Journal.
Why it matters:
Deepfake fraud demonstrates the weaponization of generative AI. As tools become more realistic, businesses must double down in documented workflows and processes.
Actions:
Require callback verification for all financial requests, regardless of apparent sender.
Train employees to spot red flags in video/voice communication.
Research AI powered detection tools for suspicious audio/video calls.
News source(s):
From SaaS supply chain risks to deepfake fraud, these stories reinforce a single truth that if your cybersecurity strategy is about defending networks it's time to take action quickly to adopt layered defenses, strengthen employee awareness, and embrace least trust strategies to stay ahead. If you need any help with cybersecurity please consider reaching out to us here at Armes Vantage.
Author: Glen E. Armes
Comments