Security and Integrity Leftovers

posted by Roy Schestowitz on Sep 06, 2025

• LWN ☛ Security updates for Friday

  Security updates have been issued by Fedora (udisks2), Oracle (httpd:2.4 and kernel), Red Hat (python-requests), and SUSE (chromium, gn, dcmtk, firefox, himmelblau, nginx, perl-Authen-SASL, perl-Crypt-URandom, postgresql15, python-Django, and python-maturin).

• Security Week ☛ Recent SAP S/4HANA Vulnerability Exploited in Attacks

  A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild.

• Security Week ☛ More Cybersecurity Firms Hit by Salesfarce-Salesloft Drift Breach

  Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesfarce instances.

• Security Week ☛ In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked

  Noteworthy stories that might have slipped under the radar: Surveillance Giant Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack.

• Taiwan News ☛ 2025-08-28 [Older] Taiwanese associated with Chinese group behind cyberattacks arrested

• Dutch News ☛ 2025-08-29 [Older] EuroFins cancer screening hack far bigger than thought, agency says

• The Record ☛ 2025-08-29 [Older] CISA steps in to help Nevada state government recover from cyberattack

• Security Boulevard ☛ 2025-09-03 [Older] Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others

• BBC ☛ 2025-09-03 [Older] Jaguar Land Rover production impacted by cyberattack; Scattered Spider/ShinyHunters claims responsibility

• Security Affairs ☛ U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

  U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog.

• Integrity/Availability/Authenticity

  • Security Week ☛ North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks

    The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure.

  • ALM ☛ 2025-08-29 [Older] 3rd Circuit Clarifies Scope of Computer Fraud Abuse Act With Employer’s Policies

  • 2025-09-02 [Older] Watchdog orders Lotte Card to compensate victims of hack

  • SCMP ☛ 2025-09-02 [Older] Bail for 2 Hong Kong doctors accused of leaking data to implicate surgeon

• Confidentiality

  • J D Supra LLC ☛ 2025-09-03 [Older] District of Arizona Clarifies Causes of Action Available for Breach of Health Data

  • 2025-08-28 [Older] We Get Privacy For Work — Episode 8: The Surge in Data Breach Lawsuits: Trends and Tactics

  • 2025-08-28 [Older] TransUnion notifying more than 4.4 U.S. million consumers of data breach

  • 2025-08-28 [Older] South Korea fines SK Telecom US$97M over data breach

  • Lexology ☛ 2025-08-30 [Older] Huge Fines Imposed by Thailand’s PDPC: A Major Alert on Data Privacy Violations (Thailand)

• Windows TCO / Windows Bot Nets

  • 2025-09-03 [Older] Texas sues PowerSchool over breach compromising info of over 880,000 students, teachers