OpenAI’s ChatGPT Returns to Italy after Addressing Data Privacy Concerns
OpenAI, the creator of ChatGPT, has recently returned to the Italian market after addressing the data protection authority’s concerns regarding the AI chatbot’s compliance with regional data protection laws. The Garante had temporarily blocked access to ChatGPT in Italy on March 31, 2023, but reinstated the service after OpenAI made the required changes. The company has published a new FAQ detailing its data filtering and removal practices, as well as its commitment to not using personal information in any malicious manner. Furthermore, OpenAI has agreed to implement age verification measures for users, ensuring that individuals below 18 years of age have parental consent before accessing ChatGPT. The European Data Protection Board (EDPB) will continue to monitor OpenAI’s activities.
Google Takes Legal Action Against CryptBot Malware
Google has obtained a temporary court order in the U.S. to disrupt the distribution of the Windows-based information-stealing malware, CryptBot, which has infected over 670,000 computers in 2022. The malware, first discovered in 2019, steals sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from Google Chrome users. Google aims to use the court order to take down current and future domains linked to CryptBot distribution, ultimately curtailing the malware’s spread. To mitigate the risks posed by such threats, users are advised to download software only from trusted sources and keep their devices and software up-to-date.
RTM Locker Introduces First Linux Ransomware Strain Targeting NAS and ESXi Hosts
RTM Locker, a private ransomware-as-a-service (RaaS) provider, has developed a ransomware strain capable of targeting Linux machines, including NAS and ESXi hosts. The new strain, which appears to be inspired by Babuk ransomware’s leaked source code, encrypts files using a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption). The group behind RTM Locker is known for avoiding high-profile targets, utilizing affiliates to ransom victims, and leaking stolen data if ransom demands are not met. However, the initial infection vector for the ransomware is still unknown.
CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning of critical vulnerabilities affecting the Universal Copy Service (UCS) software in Illumina’s DNA sequencing instruments. The most severe flaw (CVE-2023-1968) allows remote attackers to bind to exposed IP addresses, eavesdrop on network traffic, and remotely transmit arbitrary commands. Another vulnerability (CVE-2023-1966) could enable a remote unauthenticated attacker to upload and execute code with elevated permissions. Users are advised to apply fixes released on April 5, 2023, to mitigate potential threats.
New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets
A new information stealer for macOS, called Atomic macOS Stealer (or AMOS), is being advertised on Telegram for $1,000 per month. This malware can steal various types of information, including Keychain passwords, system information, files, and macOS passwords. It also extracts data from web browsers and cryptocurrency wallets. The initial intrusion vector for the malware is unclear, but users may be tricked into downloading and executing it under the guise of legitimate software. To protect themselves, users are advised to be cautious of the software they download and install, and to maintain up-to-date antivirus solutions.