The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers.

Links to UNC1069

On March 31, 2026, unknown attackers managed to publish two backdoored Axios npm packages after gaining access to a maintainer’s npm account.

The malicious versions introduced a hidden dependency containing a post-install script, and this script executed automatically during installation and attempted to download and run additional payloads from the attacker-controlled infrastructure.

The goal was to deploy malware capable of remote access and system compromise, potentially allowing attackers to steal sensitive data or move laterally within affected environments.

The stealth and sophistication of the attack pointed to skilled attackers. The injected code was minimal and designed to evade detection and the malicious behavior was offloaded to the external dependency and remote payload, which made it harder for developers or automated tools to quickly identify the compromise.

The attribution of the attack was made by Google Threat Intelligence Group (GTIG) researchers and Mandiant analysts, based on the backdoor that was deployed on victim systems and the command and control (C2) infrastructure used.

“The platform-specific payloads ultimately deploy variants of a backdoor tracked by GTIG as WAVESHAPER.V2, a backdoor written in C++ that targets macOS to collect system information, enumerate directories, or execute additional payloads and that connects to the C2 provided via command-line arguments,” the researchers noted.

Additional variants of WAVESHAPER.V2 have been written in PowerShell and Python to target Windows and Linux environments, respectively. The backdoor acts as a remote access trojan and is capable of system reconnaissance, file system enumeration, and code execution.

Previous versions of the backdoor were used by a North Korea-nexus threat actor GTIG calls UNC1069, which has been active since at least 2018 and is known for targeting organizations to steal cryptocurrency.

“Analysis of the C2 infrastructure (sfrclak[.]com resolving to 142.11.206.73) revealed connections from a specific AstrillVPN node previously used by UNC1069. Additionally, adjacent infrastructure hosted on the same ASN has been historically linked to UNC1069 operations,” they added.

Further breaches expected

The exposure window was short – the malicious Axios npm versions were available less than three hours before being removed – but even such a short-lived compromise is expected to have a wide impact.

“This compromise is particularly significant because Axios is a widely used library and is often included as a transitive dependency across millions of applications,” noted Andres Ramos, Senior Threat Intelligence Researcher at Arctic Wolf.

“Organisations that install npm packages in CI/CD pipelines may have automatically pulled the malicious versions into build environments during the ~3-hour window Even systems that did not directly install Axios could be indirectly impacted if another package in the environment depended on the compromised versions, highlighting the broader downstream risk across modern JavaScript ecosystems.”

Various security companies have offered remediation advice for potentially affected developers and organizations, as well as threat detection rules, and advice aimed at preventing similar attacks affecting them in the future.

Similarly, many companies have provided advice for those affected by the other supply chain attacks that happened in the last few days and targeted open-source projects like the Trivy security scanner, the LiteLLM library, and Telnyx on PyPI.

Those attacks have all been attributed to the financially-motivated TeamPCP – or, as GTIG calls them, UNC6780 – and there’s reports that the secrets harvested in those attacks will be used by “partnering” groups like the Vect ransomware-as-a-service (RaaS) and extortion groups like Lapsus$.

“Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks. This could enable further software supply chain attacks, software as a service (SaaS) environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term,” GTIG researchers warned.

“Defenders should pay close attention to these campaigns, and enterprises should initiate dedicated efforts to assess the existing impact, remediate compromised systems, and harden environments against future attacks.”

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!

from Help Net Security https://ift.tt/W5DpYdr

Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they query, what data they share, how frequently they interact, and from where, organizations cannot establish a baseline for normal AI behavior, investigate potential misuse, or detect emerging agentic insider threats.

New support to detect agent behavior in OpenAI ChatGPT and Microsoft Copilot, alongside existing visibility into Google Gemini, transforms these agentic services into rich sources of behavior telemetry that feed directly into Exabeam threat detection, investigation, and response (TDIR) workflows.

“AI agents are evolving from simple chatbots into autonomous digital workers,” said Steve Wilson, Chief AI and Product Officer at Exabeam. “They authenticate, access systems, and execute real business processes. When compromised, their activity will often look legitimate. Guardrails designed to catch prompt injection or hallucinations do not address that risk. Securing digital workers requires deep visibility into baseline behavior and the ability to detect subtle deviations before they become material incidents.”

“AI is rapidly reshaping how organizations operate, compete and grow, creating a new, digital workforce that helps them move faster and at scale,” said Pete Harteveld, CEO at Exabeam. “As this transformation accelerates leaders are compelled to understand how these systems operate inside the enterprise. Our expansion of Agent Behavior Analytics helps organizations stay protected from emerging risks while adopting AI with confidence and maintaining the oversight and accountability required to proliferate these capabilities across an enterprise.”

To address these, Exabeam has delivered five new capabilities that work together to provide coverage of the agentic attack surface:

• AI behavior baselining. Exabeam builds dynamic behavior profiles for users and their AI agents, tracking patterns across request volumes, token usage, tool invocations, web sessions, and outbound activity. When behavior deviates from established norms, such as sudden spikes in API calls or token consumption. Exabeam flags the anomaly, helping security teams detect misuse before it escalates.
• Prompt and model abuse detection. Exabeam detects prompt injection, model manipulation, and tool exploitation before attacks escalate. A new detection library, five times larger than the previous version, covers the full threat spectrum: prompt manipulation, and shadow AI activity. All surfaced at the point of entry, not after the damage is done.
• Identity and privilege monitoring. While baselining tracks how agents behave, identity and privilege monitoring governs what they’re allowed to do. Exabeam detects anomalies across AI platform roles, users, and permissions — including first-time role assignments, unexpected privilege escalations, and unusual permission changes, ensuring AI identities are governed with the same rigor as traditional enterprise identities.
• Agent lifecycle monitoring. Exabeam provides full visibility into the creation, modification, and usage of AI agents, surfacing first-agent-creation and invocation events as discrete, auditable signals. Security teams can now track the complete lifecycle of every agent operating in their environment, closing the governance gap that has made agent activity invisible to most organizations.
• Coverage for OWASP Top 10 for agentic AI. Exabeam monitors agent behavior against the OWASP Top 10 for agentic AI, bringing measurable coverage to a threat category that previously lacked a defined framework. This alignment establishes a benchmark for governing and defending AI agents in the enterprise.

“As we move deeper into the agentic era, the rapid adoption of AI agents — including a growing ecosystem of enterprise-grade AI tools across our organization — is transforming the risk landscape,” said Nithin Reddy, Global VP of Cybersecurity at Dayforce.

“Security teams now operate in a world where both humans and autonomous agents interact with systems and data at a massive scale. Traditional detection models weren’t built for this reality. What we need is clear behavior visibility and a simple way to quantify risk. Exabeam gives us that clarity — helping us focus on the risks that actually matter instead of chasing thousands of benign signals and enabling us to put the right guardrails in place while continuing to accelerate AI innovation across the business,” Reddy continued.

These new capabilities are accompanied by a broad set of enhancements across the Exabeam New-Scale and LogRhythm Platforms, designed to improve the day-to-day experience for administrators and security analysts while continuing to deliver deep visibility and automated response that helps teams streamline workflows, reduce alert fatigue, and accelerate threat detection.

from Help Net Security https://ift.tt/fkv1K8G

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0

We are excited to announce the publication of the updated CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0.

Our team has devoted significant time and effort to enhance the content of this benchmark, ensuring it remains relevant and valuable to members.

Here's a quick overview of the key improvements we've made in this update:

• Added 9 new security settings
• Updated 23 settings
• Removed 18 settings
• Renamed 1 setting
• Moved, added, and removed sections due to updated ADMX templates

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark.

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Cloud Infrastructure Foundations Benchmark v3.1.0

We are proud to announce the release of a minor update to the CIS Oracle Cloud Infrastructure Foundations Benchmark v3.1.0.Version 3.1.0 includes minor adjustments to maintain alignment with recent changes in the OCI platform’s user interface and event structures. These changes ensure continued accuracy and reliability of benchmark results, reflecting the current OCI experience. No other functionality or evaluation criteria are affected.

Thank you to Josh Hammer, for this update to keep the guidance current.

Download the CIS Oracle Cloud Infrastructure Foundations Benchmark v3.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apache Cassandra 5.0 Benchmark v1.1.0 

We are Excited to Announce the release of CIS Apache Cassandra 5.0 Benchmark v 1.1.0.

• This Benchmark includes support for Apache Cassandra 5.0.6
• All recommendations have been reviewed, tested, and validated to support v5.0.6

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration.

The CIS community thanks the entire consensus team with special recognition to the following individuals who contributed greatly to the creation of this guide: Joeseph Testa, Tony Wilwerding, and Chriag Shah.

Download the CIS Apache Cassandra 5.0 Benchmark v1.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apache Cassandra 4.1 Benchmark v1.2.0 

We are Excited to Announce the release of CIS Apache Cassandra 4.1 Benchmark v 1.2.0!

• This Benchmark includes support for Apache Cassandra 4.1.10
• All recommendations have been reviewed, tested, and validated to support v4.1.10

The CIS community thanks the entire consensus team with special recognition to the following individuals who contributed greatly to the creation of this guide: Joeseph Testa, Tony Wilwerding, and Chriag Shah.

Download the CIS Apache Cassandra 4.1 Benchmark v 1.2.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apache Cassandra 4.0 Benchmark v1.3.0 

We are happy to announce the release of CIS Apache Cassandra 4.0 Benchmark v1.3.0!

• This Benchmark includes support for Apache Cassandra 4.0.19
• All recommendations have been reviewed, tested, and validated to support v4.0.19

The CIS community thanks the entire consensus team with special recognition to the following individuals who contributed greatly to the creation of this guide. Special thanks to Joeseph Testa, Tony Wilwerding, and Chriag Shah.

Download the CIS Apache Cassandra 4.0 Benchmark v 1.3.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2022 Benchmark v5.0.0 

We are excited to announce the publication of the updated CIS Microsoft Windows Server 2022 Benchmark v5.0.0.

Our team has devoted significant time and effort to enhance the content of this benchmark, ensuring it remains relevant and valuable to members.

Here's a quick overview of the key improvements we've made in this update:

• Added 3 new security settings
• Updated 16 settings
• Removed 15 settings
• Renamed 1 setting.
• Moved, added, and removed sections due to updated ADMX templates

A changelog detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark. A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen.

Download the CIS Microsoft Windows Server 2022 Benchmark v5.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2025 Benchmark v2.0.0

We are excited to announce the publication of the updated CIS Microsoft Windows Server 2025 Benchmark v2.0.0.

Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members.

 Here's a quick overview of the key improvements we've made in this update:

• Added 8 new security settings
• Updated 17 settings
• Removed 17 settings
• Renamed 1 setting
• Moved, added, and removed sections due to updated ADMX templates

A changelog detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark.

A huge thank you to the CIS Windows Community and Windows Team for making this benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server 2025 Benchmark v2.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS GitHub Benchmark v1.2.0

We are pleased to announce the publication of CIS GitHub Benchmark V1.2.0. This release addresses GitHub versions up to and including V3.18.

This version includes updates and edits to:

• Authentication to access the build environment
• Ensuring Webhooks are secured
• Validating the recommendations are relevant to the latest version V3.18

Thanks to the community for providing recommendations, edits, and suggestions that have improved this Benchmark. Special thanks to Matt Reagan, Tony Wilwerding, and James Osborne.

Download the CIS GitHub Benchmark v1.2.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmark Released Last Month

CIS Microsoft Defender Antivirus Benchmark v1.0.0

We are excited to announce the publication of the new CIS Microsoft Defender Antivirus Benchmark v1.0.0. Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members.

A huge thank you to the CIS Windows Community and Windows Team for making this benchmark happen. Special thanks to Haemish Edgerton, Aaron Margosis, Martin Himken, Johannes Kristjansson, and James Robinson.

Download the CIS Microsoft Defender Antivirus Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Intune for Edge Benchmark v1.0.0

We are excited to announce the publication of the new CIS Microsoft Intune for Edge Benchmark v1.0.0. Our team has devoted significant time and effort to enhance the content of this benchmark, ensuring it remains relevant and valuable to members.

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks to Phil Chatham, Martin Himken, Johannes Kristjansson, JJ Milner, and James Robinson.

Download the CIS Microsoft Intune for Edge Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Build Kit Released Last Month

• CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0
• CIS Microsoft Intune for Edge Benchmark v1.0.0
• CIS Apple iOS 18.0 Benchmark v2.0.0
• CIS Apple iOS 26 Benchmark v1.0.0
• CIS Apple iPadOS 18.0 Benchmark v2.0.0
• CIS Apple iPadOS 26 Benchmark v1.0.0
• CIS Apple macOS 14.0 Sonoma Benchmark v3.0.0
• CIS Apple macOS 15.0 Sequoia Benchmark v2.0.0
• CIS Apple macOS 26 Tahoe Benchmark v1.0.0
• CIS Debian Linux 13 Benchmark v1.0.0
• CIS Microsoft Defender Antivirus v1.0.0
• CIS Microsoft Windows Server 2022 Benchmark v5.0.0
• CIS Microsoft Windows Server 2025 Benchmark v2.0.0

---

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.

from Help Net Security https://ift.tt/KoDLjEz

So you've bought yourself a brand new Samsung Galaxy S26. How do you make the most of it? The latest flagship phones from Samsung come with One UI 8.5 installed on board, and there's plenty you can do with both the software and some of the hardware upgrades that Samsung has put in place. Here are 10 ways you can make your Galaxy S26 more useful than it is out of the box:

Use DeX to turn your Galaxy phone into a computer

I've covered Samsung DeX in the past: It's a desktop interface for your phone that activates when you plug your handset into a monitor, and it means you can more or less use your Galaxy device like a PC if you hook up a mouse and keyboard.

DeX isn't new, but with One UI 8.5 models it features up to four separate desktop spaces, which can each hold five apps—so there's more room to work with. There are also additional options for positioning the extended display in DeX mode. To get started, head to Connected devices > Samsung DeX from Settings.

Use your Galaxy S26 as a high-quality webcam

Pixel phones have been able to double up as webcams since Android 14, and with the Galaxy S26 series, Samsung finally joins in as well. This should work on Windows and macOS: Just connect your phone to your computer via a USB-C cable, open the notification that shows on the Galaxy screen, and pick Webcam as the mode. The next time you load up an app that can utilize a webcam, the Galaxy S26 Ultra should appear as an option in the camera picker.

If you have a laptop with a built-in webcam, you may wonder why you need to use your phone as a webcam, but it's a good option if you're using a desktop setup which doesn't have a webcam, or if your integrated webcam isn't very good. A phone also gives you a lot more flexibility when it comes to the position and angle of the camera too, so this really can come in handy.

Use "Privacy Shield" to hide your Galaxy's display from onlookers

The Galaxy S26 feature that seems to have attracted the most attention so far is the Privacy Display, though sadly it's only available on the Ultra model. It makes it virtually impossible for anyone who's near you to see what's on screen, with some clever display trickery.

You'll find the Privacy Display option under Display in Settings (it's also available on the Quick Settings panel), and you can choose to enable it manually or have it turn on automatically (when you're entering a PIN or password, for example). There's also the option to only enable the Privacy Display feature for notifications on screen, as well as a Maximum privacy protection setting. This dials up the obfuscation as far as possible, but "may affect normal viewing" as well, Samsung says.

The Privacy Display setting on the S26 Ultra. Credit: Lifehacker

Use "Inactivity restart" to automatically protect your Galaxy from hackers

Delve into the One UI 8.5 Settings page on the Galaxy S26, and you'll find a new option under Security and privacy > More security settings. It's called Inactivity restart, and it means your phone will automatically reboot if you don't use it for 72 hours straight. When it restarts, it'll be in a more secure mode than it was before. Incoming notifications and calls won't be shown on the screen, and an unlock (via PIN, password, or pattern) will be required for the device to become usable again.

This might not sound too different to your phone simply being locked as normal, but a reboot activates what's known as a Before First Unlock (BFU) state. This BFU state adds a few more protections to a standard lock, including the blocking of notifications, full data encryption, and the temporary disabling of biometrics.

Customize the Quick Panel to find your most-used features fast

One UI 8.5 on the Galaxy S26 series gives you more control over the Quick Panel that appears when you swipe down from the top-right corner of the screen: You can edit buttons individually as well as in groups now, and staples like the brightness and volume sliders can be resized and repositioned. You can customize the Quick Panel with the exact layout that works best for you, and include all the settings and functions you use most.

To get started, swipe down from the top right to find the panel, then tap the pen icon at the top. Use Edit on the main panel to change the shortcut buttons, and Add a control to drop in something new. You can reposition elements by tapping and holding on them, resize them using the handles around the sides, and remove them by tapping the - (minus) icons.

Use this setting to automatically switch between wifi and cellular when needed

One of Samsung's more subtle implementations of AI can be found in Connections > Wi-Fi from the Settings page on your Galaxy S26. If you then choose Switch to mobile data with AI, you get options for intelligently switching over to a cellular network if your wifi coverage has become unstable or non-existent. It should mean fewer interruptions if you're on the move and switching between multiple networks as you go.

Use "Audio Eraser" to reduce background noise in any video

With the Galaxy S25, Samsung introduced a feature called Audio Eraser: It meant you could isolate different sounds from the videos you recorded (such as background crowd noise, music, or someone speaking), and boost certain sounds while lowering others. That way, your videos don't have to be ruined by background wind noise or other distractions.

With One UI 8.5 and the Galaxy S26 series, Audio Eraser gets an upgrade. It can now work in real time with any video and app you want. This implementation is simpler than it is with your own videos, but it's effective: You get two sliders for reducing background noise and boosting voice dialog or music vocals. With a video playing on screen, swipe down from the top right corner to access Quick Settings, then choose Audio Eraser to find the sliders.

Audio eraser now works across a broader range of videos. Credit: Lifehacker

Detect scams in real time

As I previously reported, the Pixel's real-time scam detection technology is now available on the Galaxy S26 series. In fact, it's built right into the Samsung Phone app. To enable the feature from the Phone app, tap the three dots (top right), then choose Settings and Scam Detection. All of the incoming audio is processed locally by Gemini, and nothing is recorded or sent back to the cloud. Scam Detection isn't 100% accurate, but if the on-board AI thinks that the words you're hearing match the patterns often used by fraudsters, you'll see an on-screen message and get haptic feedback to that effect. You can then choose to end the call or stay on the line.

Use "Private album" to hide your sensitive photos

For your most sensitive photos and videos, there's now a private album built right into the Samsung Gallery app in One UI 8.5. You can hide images and clips away without creating a separate folder for them, and you don't even need to sign up for a Samsung account. With a photo or video open on screen, tap the three dots (top right), then choose Move to private album. A link to the album is shown if you tap the Menu button in the Gallery app, but you need your screen unlock method (such as a fingerprint) to access it.

Use "Horizon Lock" to automatically stabilize all your videos

If you've gone for the most expensive Samsung Galaxy S26 Ultra model, you also get access to a rather clever camera trick called Horizon Lock. It means when you're shooting video, you can lock it to the original orientation—portrait or landscape—no matter how much you subsequently twist and turn your phone. You need to select Super Steady Video as your shooting mode to access Horizon Lock, from the Camera app. While some video stabilization was available on previous Samsung phones, this really does take it to the next level.

from Lifehacker https://ift.tt/bq3iBly

Foxit Software introduced a new capability designed to uncover hidden security risks inside PDFs as part of its latest PDF Editor 2026.1 release for Windows and macOS.

The update is led by PDF Action Inspector, a new tool that proactively scans documents for embedded JavaScript and self-modifying behaviors — threats that can bypass redaction, expose sensitive data, or alter document output without detection. As organizations rely on PDFs to share critical infrastructure, these risks have become a growing but often overlooked attack surface.

“Most organizations don’t realize that everyday documents can contain active code,” said Evan Reiss, SVP of Marketing at Foxit Software. ”PDF Action Inspector gives teams visibility into behaviors that would otherwise remain hidden, helping them identify risks before they cause real damage.”

The release reflects a broader shift in how documents are created, shared, and secured. As workflows become more digital and AI-driven, documents are no longer static files but dynamic assets that require greater oversight, intelligence, and control.

Alongside its new security capabilities, Foxit PDF Editor 2026.1 expands enterprise protection to help organizations manage documents consistently across environments. Microsoft Azure Information Protection is now available in the Mac App Store version, enabling unified policy enforcement across Windows and macOS devices.

Support for FileOpen-protected PDFs has also been added to Mac editions for Editor and Reader, improving access to DRM-protected content across teams. The update also introduces a series of workflow and usability improvements shaped by customer feedback.

Enhancements to licensing and login stability aim to reduce friction during enterprise rollouts, while a new license page provides clearer visibility into subscription and entitlement details.

Additional updates to annotation, file splitting, and page extraction workflows are designed to streamline everyday document tasks and reduce user error. Foxit also continues to advance its AI Assistant, with updates focused on security controls, governance, and compliance alignment.

These enhancements are part of Foxit’s broader vision to enable more intelligent, efficient, and secure document workflows. PDF Editor 2026.1 is available now for Windows and macOS.

from Help Net Security https://ift.tt/NtShKWU

US prosecutors have charged a Maryland man in connection with two hacks of the Uranium Finance cryptocurrency exchange that led to losses exceeding $50 million.

Jonathan Spalletta, also known as “Cthulhon” and “Jspalletta,” is accused of abusing vulnerabilities in Uranium Finance smart contracts to siphon assets from the platform. If convicted, he could face up to 10 years in prison for computer fraud and 20 years for money laundering.

“As alleged, Jonathan Spalletta repeatedly hacked smart contracts to steal millions of dollars’ worth of other people’s money and destroyed a cryptocurrency exchange in the process,” said U.S. Attorney Jay Clayton. “In describing his alleged ‘heist,’ Spalletta told another individual, ‘Crypto is just fake internet money anyway.’”

The indictment outlines two incidents in 2021. In the first, he used a series of transactions to take advantage of a flaw in the exchange’s code, allowing him to withdraw more cryptocurrency rewards than permitted and drain a liquidity pool of nearly all its tokens, netting about $1.4 million. In messages cited by prosecutors, he later described the incident as a “crypto heist” and acknowledged exploiting a bug.

Authorities say he then pressured the platform into letting him keep roughly $386,000 as a so-called bug bounty in exchange for returning part of the stolen assets.

Weeks later, he carried out a second attack, using another flaw across 26 liquidity pools to extract about $53.3 million, which led to the platform shutting down. Investigators allege he laundered the assets through a series of transactions, including the use of a cryptocurrency mixer.

After laundering the funds, Spalletta spent the money on high-value collectibles, including rare Magic: The Gathering and Pokémon cards, antique Roman coins, and items such as a Black Lotus card, sealed Alpha Booster packs, and a piece of fabric from the Wright brothers’ airplane that was later carried to the moon, prosecutors said.

from Help Net Security https://ift.tt/W3KT8tZ

Bitdefender has announced the Bitdefender Internal Attack Surface Assessment, a complimentary evaluation that helps organizations identify and reduce hidden internal cyber risks caused by unnecessary user access to applications, tools, and operating system utilities commonly exploited in attacks. The assessment provides organizations with a data-driven view of their internal attack surface and offers actionable guidance to help prioritize and remediate exposure.

Businesses face growing challenges defending against Living-Off-the-Land (LOTL), fileless, and other non-malware attack techniques, which leverage legitimate operating system tools and trusted applications to breach systems and evade detection while blending into normal activity.

Analysis of more than 700,000 real-world security incidents found that legitimate tools and LOTL techniques are involved in more than 84% of major attacks. Cybercriminals increasingly exploit widely available utilities such as PowerShell, WMIC, and others to gain access, escalate privileges and move laterally within environments undetected. As a result, organizations are being forced to shift toward a prevention-first security posture to proactively close attack paths before they can be exploited.

The Bitdefender Internal Attack Surface Assessment addresses this critical security gap through a guided engagement that helps organizations uncover this largely invisible internal exposure, assess its impact on overall risk and identify practical steps for remediation. Organizations enroll and immediately begin assessing and monitoring their environment with no disruption to employees or daily operations.

The assessment is powered by Bitdefender GravityZone PHASR (Proactive Hardening and Attack Surface Reduction), a first-to-market endpoint security innovation that combines dynamic, behavior-based security hardening with real-time threat intelligence. It helps identify excessive user access and restrict or block unnecessary applications and tools without impacting business operations.

Key benefits of the Internal Attack Surface Assessment include:

• Quantify internal risk at the user level – Gain precise visibility into attack surface exposure down to each user, including access to applications, tools and utilities, mapped against their baseline behavior and real-time threat intelligence.
• Identify shadow IT and unauthorized tools – Uncover shadow IT and unauthorized tools, including unusual network activity, access to non-approved binaries, and unrecognized applications attempting to access company resources.
• Reduce the attack surface using actionable insights – Receive actionable recommendations to focus mitigation and begin hardening the internal attack surface, with the option to apply controls manually or automatically with Bitdefender guidance. Organizations can reduce their attack surface by up to 95%, significantly lowering exposure to modern attack techniques.

“Cybercriminals are increasingly exploiting legitimate applications and system tools to bypass traditional defenses, creating a growing and often invisible attack surface that is difficult to defend,” said Andrei Florescu, president and GM at Bitdefender Business Solutions Group. “The Bitdefender Internal Attack Surface Assessment gives organizations a clear, data-driven view of these risks and a path to remediation. We are offering it at no cost to help level the playing field, enabling organizations to identify and close critical gaps in their internal attack surface as adversaries rapidly shift tactics.”

from Help Net Security https://ift.tt/qcJ1PDN