A sophisticated phishing campaign targeted a U.K.-based insurance firm, using a trusted sender's compromised email to deploy a deletion rule, evade detection, and trick users into credential theft via a fake Microsoft login page.

The vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).

RMM tools have become essential in managing remote devices, but they also pose risks if exploited by threat actors. Attackers can gain remote access to devices, exfiltrate data, and remain undetected.

These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data loss prevention, and SIEMs, by hiding downloads as less suspicious access and sync events.

Attackers can use stolen NTLM v2 hashes for offline brute-force attacks or authentication relay attacks, potentially compromising user accounts and gaining unauthorized access.

Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.