Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more. Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices. Nvidia’s graphics driver (also known as the GPU Display Driver) for Windows is used in devices targeted to enthusiast gamers; it’s the software component that enables the device’s operating system and programs to use its high-level, gaming-optimized graphics hardware.
A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability. A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware, researchers said.
Comcast is partnering with Mozilla to deploy encrypted DNS lookups on the Firefox browser, the companies announced today. Comcast’s version of DNS over HTTPS (DoH) will be turned on by default for Firefox users on Comcast’s broadband network, but people will be able to switch to other options like Cloudflare and NextDNS. No availability date was announced. Comcast is the first ISP to join Firefox’s Trusted Recursive Resolver (TRR) program, Mozilla said in today’s announcement. Cloudflare and NextDNS were already in Mozilla’s program, which requires encrypted-DNS providers to meet privacy and transparency criteria and pledge not to block or filter domains by default “unless specifically required by law in the jurisdiction in which the resolver operates.”
App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity. A new privacy feature in Apple iOS 14 sheds light on TikTok’s practice of reading iPhone users’ cut-and-paste data, even though the company said in March it would stop. Apple added a new banner alert to iOS 14 that lets users know if a mobile app is pasting from the clipboard and thus able to read to a user’s cut-and-paste data. The alert is the result of an investigation by German software engineer Tommy Mysk in February, which discovered that any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device, even malicious ones.
More online shoppers are falling for scams in Singapore, where cybercrime accounted for 26.8% of all crimes last year with e-commerce scams the most popular. Some 9,430 cybercrime cases were reported last year, up 51.7% from 2018 when there were 6,215 cases. E-commerce remained the leading tactic used by scammers who hoodwinked 2,809 victims in 2019. This was a 30% increase from 2,161 reported cases in 2018, according to the Singapore Cyber Landscape 2019 report released Friday by the Cyber Security Agency of Singapore (CSA).