Norman Posselt/Getty Images I’ve tested the coding capabilities of many generative AI tools for ZDNET — and this time, it’s the turn of Perplexity.ai. Perplexity feels like a cross between a search engine and an AI chatbot. When I asked Perplexity how it differs from other generative AI tools, the bot said it uses real-time information […] More

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said in a security alert today. The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows. Microsoft says there are two remote code execution (RCE) vulnerabilities […] More

These contribution opportunities were suggested by the companies we profiled in the companion piece, “Ukrainian software developers: Email and photos from the war zone.” Humanitarian Support NBU Fundraising Account: According to their website, “This account is meant for charity contributions from Ukraine and from abroad. The Ministry of Social Policy will channel the raised funds to support Ukraine’s citizens severely affected by the war.”

Donate goods and food to Ukranians: If you live near any of the cities listed at this link, you can bring goods and food to be delivered to Ukranians in need by Nova Poshta Global. Help host evacuating Ukranians: UkraineNow works to find relocation destinations for evacuees. Save the Children: Save the Children is operating an emergency fund for displaced Ukrainian evacuees. Razom Emergency Fund: Razom unites various Ukrainian activists. Razom Emergency Response is providing critical humanitarian war relief and recovery according to the most urgent needs as they evolve. Nova Ukraine: Nova Ukraine is a nonprofit organization dedicated to providing humanitarian aid to the people of Ukraine. MacPaw Development Fund: The MacPaw Development Fund has been sourcing medical supplies and distributing them to hospitals, financing the production of protective gear for the Ukrainian Army and territorial defense units, supplying the military with cell phones and computers, and printing maps for patrols in Kyiv. World Central Kitchen: WCK arrived in Poland on Feb. 24th to help refugees arriving from Ukraine. In response to the February 24 attacks on Ukraine, the WCK team is serving hot, nourishing meals at a 24-hour pedestrian border crossing in Southern Poland. The Salvation Army: The nonprofit’s “Love Beyond Conflict” campaign is asking donors to support families fleeing crisis in Ukraine to help provide peace and safety.Team Rubicon: Serves communities by mobilizing veterans to continue their service, leveraging their skills and experience to help people prepare, respond, and recover from humanitarian crises. The nonprofit is pre-positioning its mobile Emergency Medical Team in Poland to assist the mass crowds of refugees crossing the border every day. Community Organized Relief Effort (CORE): A crisis response organization that brings immediate aid and recovery to underserved communities across the globe. In immediate response to the crisis in Ukraine, the CORE team is on the ground in Poland supporting the immediate needs of refugees. CORE’s initial efforts are focused on distributing hygiene kits and supplying refugees with cash assistance to help families get access to life-saving items such as food, water, and safe transit to shelter. The Tunnel to Towers Foundation: Honors the sacrifice of firefighter Stephen Siller who laid down his life to save others on September 11, 2001, as well as our military and first responders who continue to make the supreme sacrifice for our country. On March 10, the nonprofit committed $1 million to the children of Ukraine in an effort to help them find safety amid the conflict in their country. Additionally, T2T is collecting additional donations to amplify their impact and provide relief.Unclutter’s Help Ukraine Fund: Unclutter has a neat approach. If you donate, they’ll give you a free copy of Unclutter (note: I use this every day) and the funds you donate will go to local volunteers and charitable organizations. Support animals Help rescue, feed, and relocate animals: UAnimals helps shelters financially, provides them with food, and tries to evacuate animals to other countries. Journalism support Donate to support journalists on the ground: Donations to the 24.02 Fund provide bulletproof vests, helmets, fuel, sat phones, diesel generators, walkie talkies, and relocation help for journalists’ families. Activism Join a peace protest: This Google table lists upcoming peace protests and additional information about each protest’s organizers. Defense Support Donations to the Ukranian Army: This is a direct donation link to an account that disburses funds to the Ukrainian Army. Donations to Ukraine’s military via National Bank of Ukraine: This is another direct donation link that disburses “to support the Armed Forces of Ukraine.” Come Back Alive: This fund supports the Ukrainian Armed Forces with, according to the fund, “financing purely defense initiatives. Since 2014 we have provided around 1000 thermal imagers and over 250 UAVs. In addition to the material support, we increased the technological capabilities of the Army through providing 1,500 tablets with Armor software aimed at stopping the artillery.” Support Ukrainian defenders: The KOLO fund, a charity fund created by IT specialists from Ukraine, provides soldiers and volunteers with helmets and body armor, satellite phones and tactical radio equipment, quadcopters and drones, and thermal imagers and sights. You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Image: Getty US security agency, the National Security Agency (NSA), has released new software supply chain guidance to help developers avoid cyberattacks targeting proprietary and open-source software.  The new guidance is meant to help US private and public sector organizations defend themselves against supply chain attacks, including the one Russian Foreign Intelligence Service (SVR) hackers […] More

Nvidia has released a round of security fixes tackling high-severity issues in the Nvidia GPU display driver and vGPU software. 

Released on Thursday, the technology giant said the patches deal with issues that “may lead to denial of service, escalation of privileges, data tampering, or information disclosure.”
In total, Nvidia has resolved 16 vulnerabilities linked to the Nvidia GPU display driver used to support graphics processing units, as well in vGPU software for virtual workstations, servers, apps, and PCs. 
The most severe vulnerability dealt with in Nvidia’s latest security round is CVE‑2021‑1051. Issued a CVSS score of 8.4, the problem impacts the kernel mode layer for the Windows GPU display driver. If exploited, this flaw can lead to denial of service or privilege escalation. 
CVE‑2021‑1052 is the second highest-severity vulnerability in the driver, but this bug impacts both Windows and Linux. The security flaw, awarded a severity score of 7.8, is also found in the kernel mode layer and permits user-mode clients access to legacy, privileged APIs. As a result, an exploit leveraging this vulnerability could lead to denial of service, privileges escalation, and information leaks. 
Nvidia has also resolved CVE‑2021‑1053, a display driver bug for Windows and Linux machines with a CVSS score of 6.6, indicating this vulnerability is considered a moderate/important issue. Improper validation of a user pointer targeted at the same kernel mode layer can lead to denial of service. 
Two other problems impact Windows machines specifically, in the same kernel mode layer, which are tracked as CVE‑2021‑1054 and CVE‑2021‑1055 with severity scores of 6.5 and 5.3, respectively. These vulnerabilities involve failures to perform authorization checks and improper access controls, and are exploitable to cause denial of service. CVE‑2021‑1055 may also lead to data leaks. 

The last vulnerability impacts Linux PCs only. Tracked as CVE‑2021‑1056 and issued a CVSS score of 5.3, this bug has been caused by operating system file system permissions errors, prompting information disclosure and denial of service. 
In total, 10 of the vulnerabilities reported impact Nvidia vGPU, eight of which relate to the vGPU manager.
With the exception of CVE‑2021‑1066, a moderate CVSS 5.5 input validation issue in vGPU manager leading to resource overload and denial of service, each vulnerability has been issued a severity score of 7.8. 
Nvidia has patched eight vGPU manager and plugin vulnerabilities ranging from input data validation errors to race conditions and untrusted source values. These security flaws could lead to information disclosure, integrity and confidentiality loss, and data tampering. 
Two input index validation vulnerabilities, CVE‑2021‑1058 and CVE‑2021‑1060, impact the guest kernel mode driver and vGPU plugin. The first can be triggered to cause an integer overflow, allowing data tampering, data leaks, and denial of service, whereas the second can be exploited for service denial and data manipulation.
In order to stay protected, Nvidia has recommended that users accept automatic security updates, or download them directly. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More