The Department of Defense is investigating claims by the ransomware group ALPHV that they have stolen sensitive data related to the U.S. military, including information from the Defense Counterintelligence and Security Agency.

The Italian data protection authority has notified OpenAI, the maker of ChatGPT, of potential violations of the EU’s GDPR privacy laws. The issues include collecting personal data, age protections, and potential exposure of sensitive information.

The ransomware, named “grinchv3,” self-copies itself to the startup folder for persistence, encrypts user data using the Fernet symmetric key encryption algorithm, and adds a pop-up message after encryption.

The company’s ongoing investigation and remediation efforts are focused on containing the unauthorized activity and assessing the impact on data, with no observed evidence of impact on its digital products and solutions.

The threat actor deploys the EMPTYSPACE downloader and the QUIETBOARD backdoor to execute commands, alter crypto wallet addresses, take screenshots, and propagate the malware.

Unit 42 researchers discovered a large-scale campaign dubbed ApateWeb, which uses over 130,000 domains to distribute scareware, potentially unwanted programs (PUPs), and other scam pages.

The leaked information included names, email addresses, trading activity, passwords, and other personal details. Additionally, the company’s outreach team’s internal comments were exposed.

The attackers exploit default settings in Teams to send over 1,000 malicious chat invites. Once the attachment is downloaded, the malware connects to a command-and-control server.

The attack, IOActive explains, was possible due to a vulnerability in the ATM’s software update mechanism that could allow an attacker to supply their own malicious file and trigger legitimate processes for code execution.

The KrustyLoader malware, identified in the analysis, is designed to download and execute a Sliver backdoor written in GoLang, indicating APT-level sophistication in these attacks.