>The attackers impersonate IT support personnel, requesting the target employee accept a connection to Salesforce Data Loader, a client application...

"The application supports OAuth and allows for direct "app" integration via the "connected apps" functionality in Salesforce," explains the researchers.

"Threat actors abuse this by persuading a victim over the phone to open the Salesforce connect setup page and enter a "connection code," thereby linking the actor-controlled Data Loader to the victim's environment.

... app is used to export data stored in Salesforce instances and then used the access to move laterally through connected platforms such as Okta, Microsoft 365, and Workplace.

Accessing these additional cloud platforms allows the threat actors to access more sensitive information stored on those platforms, including sensitive communications, authorization tokens, documents, and more.

These legal cases are just theatre with professional actors.

‘Justice being seen to be done’

Trust in the bbc has been nosediving, and up pops this case of the BBC holding the state to account… and the judges giving appearance of impartiality…