In Italy, they decided to block the popular chat bot ChatGPT. A government body called the Privacy Guarantor has issued an order temporarily restricting the processing of Italian users’ data in relation to the company OpenAI, which is the creator of ChatGPT.

At the same time, these actions are not at all due to the capabilities of the chatbot, but to the recent leak of confidential user data. In addition, the regulator notes the lack of a legal framework that justifies the massive collection and storage of personal data in order to train the algorithms underlying the platform.

Also Privacy Guarantor that sometimes ChatGPT may provide incorrect or completely false data. According to the regulator, OpenAI is also not worried about children’s access to the service. Even though the ChatGPT rules state that only people over the age of 13 can use the chatbot, the platform does not have any age verification tool.

According to the ruling, OpenAI must report within 20 days on the measures taken to comply with the requirements. Otherwise, the company faces a fine of up to 20 million euros or up to 4% of the company’s annual turnover.

As part of Pwn2Own’s Vancouver-based commercial vulnerability finding event, a French team called Synacktiv managed to hack into Tesla systems twice.

On the first day, Synacktiv successfully performed a TOCTOU (Time-of-check to time-of-use) attack on the Tesla Gateway, and the group was rewarded with a $100,000 cash reward and a Tesla Model 3 car. And the next day hackers broke into the Tesla infotainment system, and received another 250 thousand dollars for this.

The Tesla cybersecurity team is already analyzing the actions of hackers in order to eliminate the vulnerabilities found with a firmware update.

A dangerous vulnerability has been discovered in one of the standard Windows 11 applications that could lead to the disclosure of sensitive information to the user. Moreover, at the moment the vulnerability is not closed and attackers can use it.

We are talking about the application Snipping Tool (Scissors). The vulnerability, called aCropalypse, allows you to undo changes made by a user when editing a screenshot, including cropped or blurred parts that hide sensitive data.

When you edit a screenshot, you can save it with the same name as the original file by overwriting it. However, as it turns out, the Windows 11 Snipping Tool does not remove the original information from the file, but simply leaves it added at the end, which is usually invisible to users. With some trickery, a potential attacker can extract hidden information from a file and see what information has been edited.

As you can see, edited screenshots are usually much larger due to the inclusion of information from the original image.

This is a pretty serious vulnerability. For example, if you share a screenshot of an order confirmation page on Amazon, it may contain an address, the same goes for credit card numbers and other sensitive data.