The Italian Data Protection Authority (Garante per la protezione dei dati personali) has imposed sanctions on OpenAI due to violations of data protection laws related to the ChatGPT chatbot. OpenAI is required to pay a fine of €15 million (approximately $15.6 million) and undertake a six-month public awareness initiative throughout Italian media. This campaign aims…
Vulnerability / Network Security Fortinet has issued an advisory regarding a recently patched critical security vulnerability affecting its Wireless LAN Manager (FortiWLM), which poses a risk of exposing sensitive information. This vulnerability, identified as CVE-2023-34990, has been rated with a CVSS score of 9.6 out of 10, indicating a severe threat level. “A relative path…
The FBI has issued a warning about new HiatusRAT malware attacks that are actively scanning for and compromising vulnerable web cameras and DVRs that are exposed to the internet. A private industry notification released on Monday outlines how attackers are specifically targeting Chinese-branded devices that either lack important security patches or have been abandoned due…
A significant security vulnerability in Apache Struts 2 was addressed last week, but it is currently being exploited with publicly available proof-of-concept (PoC) code. Struts is a widely used Java-based web application framework, favored by large corporations and government institutions. Issues in this open-source framework can have severe consequences, reminiscent of the Equifax breach in…
Dive Brief Microsoft is enhancing its vulnerability disclosure process by adopting the Common Security Advisory Framework (CSAF), enabling organizations to more efficiently prioritize and remediate CVEs (Common Vulnerabilities and Exposures). This machine-readable format allows for faster and higher volume processing of CVEs, while customers can still access updates through the Microsoft security update guide or…
Selecting an effective password can be challenging. The NCSC has emphasized through various blogs and guidance that it’s crucial to modify password policies to ensure users are encouraged to select secure passwords. One of the strategies includes the utilization of password deny lists, which prevent users from choosing passwords that are frequently exposed in data…
Customers of Marriott International, a prominent hotel group, may find that their personal information has been compromised in connection with the guest reservation database managed by Starwood. Incident Overview Marriott has announced that an internal investigation revealed that unauthorized access to the Starwood guest reservation database began in 2014, potentially impacting approximately 500 million customers….
The National Cyber Security Centre (NCSC) is investigating the implications of a vulnerability in WPA2 Wi-Fi networks known as ‘Krack’, first reported on 16 October 2017. This page offers guidance to enterprise administrators, small business owners, and home users regarding the recently identified vulnerability in their Wi-Fi networks. This information will be revised as new…
Overview This guide details the steps for enabling 2-step verification (2SV) on your vital online accounts. Implementing this feature significantly reduces the likelihood of unauthorized access, even if your password has been compromised. For IT professionals seeking guidance on broader implementation of 2SV in larger organizations, please consult the NCSC’s dedicated resource on multi-factor authentication…
Intended Audience for This Guidance This advisory is aimed at customers of Dixons Carphone plc, including its main brands in the UK, Currys PC World and Carphone Warehouse, as the NCSC collaborates with them to address a data breach incident. Summary of the Situation On June 13, 2018, Dixons Carphone plc disclosed that a review…
