Latest Tech News

Cisco has confirmed it patched a high-severity flaw that was impacting its IOx application hosting environment. 

Cisco IOx is an application environment that allows consistent deployment of applications that are independent of the network infrastructure and docker tooling for development. It is used by a wide range of businesses, from manufacturing, to energy, to the public sector.

The flaw, tracked as CVE-2023-20076, allowed threat actors to achieve persistence on the operating system, thus gaining the ability to execute commands, remotely.

Who is affected?

"An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file," Cisco said in its security advisory. 

Users running IOS XE without native docker support are affected, as well as those running 800 Series Industrial ISR routers, CGR1000 compute modules, IC3000 industrial compute gateways, IR510 WPAN industrial routers, and Cisco Catalyst access point (COS-APs) endpoints.

Catalyst 9000 Series switches, IOS XR and NX-OS software, and Meraki products, are unaffected by the flaw, the company added.

Read more

> Cisco says it won't patch these dangerous VPN security flaws in its SMB routers

> Cisco AnyConnect urges admins to update now to avoid security threats

> Check out the best firewalls right now

The caveat with this vulnerability is that the threat actors need to already be authenticated as an administrator on the vulnerable systems. 

Still, researchers from Trellix, who first discovered the flaw, said crooks could easily pair this vulnerability with others, in their malicious campaigns. Authentication can be obtained with default login credentials (many users never change them), as well as through phishing and social engineering. 

After authenticating, CVE-2023-20076 can be abused for "unrestricted access, allowing malicious code to lurk in the system and persist across reboots and firmware upgrades."

"Side-stepping this security measure means that if an attacker exploits this vulnerability, the malicious package will keep running until the device is factory reset or until it is manually deleted."

The good news is that so far there is no evidence of the flaw being exploited in the wild but still, if you use this solution, make sure it's updated to the latest version. 

• These are the best privacy tools right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/Qv71kn3

Latest Gadgets News

One97 Communications, which owns the payments and financial services platform Paytm, continue to witness strong revenue momentum across its business verticals. The fintech firm on Friday reported its revenue from operations increased to Rs. 2,062 crore, a growth of 42 percent on a yearly basis and 8 percent on a quarterly basis.

from Gadgets 360 https://ift.tt/7eCmWhs

Latest Tech News

Chinese firm Origin has produced the country's useable quantum computer that has real-world applications.

A report from Science and Technology Daily, one of the nation's state-run newspapers, confirmed that Origin's Wuyuan quantum computer has been in use for a year now, but did not say which client or industry was using it.  

China now joins the US and Canada as the only known countries to have this bleeding-edge technology on an applicable scale. 

More to come?

Origin's Wuyuan has some impressive specs, featuring a 24-qubit processor with superconducting chip technology. It also has its own suite of software, as well as the ability to work over the cloud, so it can be used remotely.

read more

> There's been another huge quantum computing breakthrough

> IBM says quantum computing could be a big risk to the future of encryption

> Sorry, quantum computing isn’t as mind-blowing as you think

What's more, Origin is working on its next quantum computer called Wukong, that is said to be coming in the near future. Interesting, in the ongoing chip war between USA and China, Origin hasn't been blacklisted from using US quantum computing technologies like other vendors have, suggesting that perhaps Origin's creations are wholly its own. 

Even though it looks as if there is only one Wuyuan in use, there are reports that more may be coming or in fact already be in use by other clients.

Quantum computers are the next stage in super computing, using the principles of quantum mechanics to radically change the architecture of how computers work to achieve exponentially higher speeds than standard supercomputers can. The high level applications of quantum computers include weapon development, complex problem solving, codebreaking and scientific research, to name a few. 

Major chip makers are getting involved in this state-of-the-art technology. IBM, for instance, recently developed a massive 433-qubit processor, and even hopes to rapidly progress beyond this, boldly claiming that a 4,000 qubit processor will be made by 2025. 

If such claims are realized and the general air of optimism around quantum computing turns out to be warranted, then there may be some seismic discoveries and breakthroughs in all kinds of fields laying in wait.

• For now, you'll have to make do with the best computers you can currently buy

from TechRadar - All the latest technology news https://ift.tt/g2sb7a0

Latest Gadgets News

Samsung on Thursday said it will manufacture premium Galaxy S23 smartphones in India to cater to the local market requirements. The launch price of the Galaxy S23 series in India is in the range of Rs. 75,000 to Rs. 1.55 lakh per piece. At present, Galaxy S Series smartphones are being manufactured at Samsung's Vietnam factory and the company imports them for sale in ...

from Gadgets 360 https://ift.tt/AkRJ4Hh

What to Expect From Samsung and Google's Mixed Reality Partnership - CNET

No headset was announced, but here's what we think might happen.

from CNET https://ift.tt/V0xYcph

Latest Tech News

The use of Microsoft OneNote documents to distribute malware to unsuspecting users is picking up pace, cybersecurity researchers from Proofpoint have claimed.

OneNote is Microsoft’s digital note-taking app, which comes as part of the Office productivity suite. As such, cybercriminals can assume that most of their victims already have the app installed on their endpoints. 

OneNote’s files, called NoteBooks, allow users to add attachments, which can download malware from remote locations. All users need to do is double-click the file, which they can be easily tricked into doing. Recent reports saw hackers distribute blurred NoteBooks with the message “double-click to view the contents”, tricking victims into believing the file’s contents are being protected. 

Low detection rates

In a detailed report published on the company blog earlier this week, Proofpoint’s researchers said they identified six campaigns in December 2022, using OneNote to deliver the AsyncRAT malware.

A month later, in January 2023, they discovered more than 50 campaigns. Besides AsyncRAT, the crooks were delivering Redline Stealer, AgentTesla, and DOUBLEBACK. More recently, the threat actor known as TA577 used it to deliver Qbot. 

Proofpoint’s researchers believe hackers turning to OneNote is in fact the result of extensive research. After experimenting with different attachment types, they settled on OneNote as so far, the detection rates are minimal.

Read more

> Microsoft OneNote attachments are being used to spread malware

> What is phishing and how dangerous is it?

> Check out the best firewalls around

At press time, Proofpoint says that “multiple” malware samples were not getting detected by antivirus vendors on VirusTotal. 

The best way to protect against these attacks is the same as it always was - educate your employees not to download attachments and click on email links from people they don’t know, don’t trust, or whose identity cannot be confirmed. Also, they should be educated not to ignore warning messages prompted in programs such as Word, Excel, or OneNote. Other than that, having a strong antivirus solution, and a firewall, is welcome. 

Finally, activating multi-factor authentication (MFA) wherever possible greatly reduces the chances of more serious compromise. 

• Here's our take on the best ransomware protection services around

from TechRadar - All the latest technology news https://ift.tt/wdHLOnc

Latest Gadgets News

India is among the top three nations contributing active users growth for Facebook as of December 31, 2022, social media major Meta said in a regulatory filing. The company has reported a 4 percent increase in worldwide daily active users (DAUs) to 2 billion on average during December 2022 from 1.93 billion during December 2021.

from Gadgets 360 https://ift.tt/eAyng5K

EzriCare Eye Drops Linked to Dangerous Infections, CDC Says Don't Use Them - CNET

The CDC is investigating a link between artificial tears and antibiotic-resistant infections.

from CNET https://ift.tt/GYIrEjV

Best Credit Cards for Car Rental Insurance for February 2023 - CNET

Your rental car could be covered against damage and theft thanks to your credit card.

from CNET https://ift.tt/3jGMK05

Latest Tech News

Despite having well-defended digital premises and endpoints, many firms are at risk of cyberattacks because they work with different vendors and third parties that aren’t as secure. 

This is according to a new report from cybersecurity ratings firm SecurityScorecard, which analyzed more than 235,000 organizations worldwide, as well as 73,000 vendors and products they use, to find that virtually all firms (98%) have vendor relationships with at least one third party that suffered a data breach in the last two years. 

What’s more, half of the organizations have indirect relationships (as in used by the third-party vendors) with at least 200 companies that suffered a cyberattack in the last two years.

F for security

For every third-party vendor in a supply chain, businesses usually have indirect relationships with 60 to 90 times that number of fourth-party relationships, the researchers have found. With third parties being up to five times more likely to exhibit poor security, the risk quickly compounds. 

Roughly a tenth (10%) of all third parties analyzed for the report were rated F for security. 

Looking at different industries, the information services sector has an average of 25 vendors, while the finance sector has 6.5 on average. Healthcare averaged 15.5 vendors, while insurance has 11. Each one poses a significant risk to the original organization. 

Read more

> Simple supply chain attack compromises hundreds of websites and apps

> Most businesses remain woefully unprepared for the next major supply chain attack

> Check out the best firewalls right now

Cybercriminals seem to be well aware of these facts, as supply chain attacks became one of the most devastating forms of cybercrime lately. The SolarWinds attack, in which just one company had its software compromised, and which resulted in tens of thousands of organizations worldwide being affected, is probably the best example.

“An organization’s attack surface spans beyond just the technology that they own or control, ” said Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard.

“Organizations need visibility into the security ratings of their entire third and fourth party ecosystem so that they can know in an instant whether an organization deserves their trust and can take proactive steps to mitigate risk.”

• These are the best malware removal tools today

from TechRadar - All the latest technology news https://ift.tt/F0cEfh3

Latest Gadgets News

Samsung unveiled the Galaxy S23 series on Wednesday. The company has also launched some accessories for the phone including different types of cases. They are currently listed on the Samsung website.

from Gadgets 360 https://ift.tt/iuxRa3f

Meta Reportedly Defeats FTC Bid to Block Acquisition of VR Fitness App - CNET

Meta announced plans to buy virtual reality app maker Within back in 2021.

from CNET https://ift.tt/JVGgKCf

Latest Tech News

Lenovo has unveiled details of its latest all-in-one video conferencing system that it says will fit in a wide range of setups, including hot desking, phone booths, executive desks, and the home office.

The company took to the stage in Barcelona at ISE 2023 to take the lid off its latest project which it calls the ThinkSmart View Plus running Microsoft Teams display.

On initial inspection, it looks to be packed with features that promise to deliver top-quality video calling performance and an attractive modular upgrade setup, all for a comparably reasonable sum of money.

Lenovo ThinkSmart View Plus

Most interactions are likely to occur on its 27-inch multi-touch display which comes in at 1920x1080p (note the distinct lack of 4K), though it does have USB-A and -C, HDMI, DisplayPort, and Ethernet ports for connecting up to other devices. IT departments with limited desk real estate will also be pleased to know that it’s VESA-mountable. 

While there’s a 3.5mm audio connector, a pair of 5W stereo speakers adorn the bottom of the display. These (which sit in one neat unit) and the 4K webcam are both detachable and upgradeable. This modular approach is designed to see businesses needing to spend less on hardware upgrades.

Read more

> These are the best business webcams around

> Microsoft Teams could soon be coming to a massive screen near you

> Lenovo’s new ThinkBook comes with modular accessories to boost your productivity

Inside the unit are four mics, a Qualcomm QCS8250 SoC processor with Wi-Fi 6 capabilities, and an Android-based operating system.

Lenovo expects the ThinkSmart View Plus to be available in “select markets” by the middle of 2023, and it’s set to cost $2,345. TechRadar Pro has asked Lenovo whether it plans to expand its ThinkSmart View range with upgraded display sizes and resolutions, and further accessories and upgrades.

Besides this, its previously announced ThinkSmart One and controller is available this month from $2,899, and the ThinkSmart One with the IP Controller from $3,100 in Q1 2023.

• Unsure how to kit our your video conferencing suite? Here’s our pick of the best headsets for conference calls

from TechRadar - All the latest technology news https://ift.tt/p7dzTX3

Latest Gadgets News

Samsung on Wednesday unveiled its new One UI 5.1 update for compatible Galaxy smartphones. The update doesn’t introduce any major visual changes over Samsung’s One UI 5.0 update that has already rolled out to several smartphones, but includes useful changes to system applications and services, according to the company.

from Gadgets 360 https://ift.tt/CsJ5ULT

Latest Tech News

Popular password manager 1Password has announced big changes coming to its recently upgraded iteration.

Based on feedback from social media, user forums and app store reviews, 1Password has revamped its software, making it easier for first time users and promising particular improvements for iPhone app users. 

There is no specific date for when the entirety of the updates will arrive in 1Password 8, but the company says it will be in the near future, with some features, already live on certain platforms.

New features

One new feature soon to come will be the ability to rearrange the fields pertaining to a stored credential, simply by dragging and dropping them.

1Password concedes that this is limited at the moment, but says that it wanted to get this much requested feature out as soon as possible, and that further improvements will be made to it due course to allow for greater customization going forward.

Another feature is one that is coming back, and that is being able to search for your passwords within any list of items, on both iOS and Android platforms. 

Also, as requested by users, you will be able to use your device's PIN code to unlock you password vault, in addition to using your biometric credentials if you have these set up on your device. 

And on the subject of biometrics, 1Password is promising to improve the use of Apple's Face ID facial recognition feature with the manager on iOS and the Safari browser extension, with the aim of making it more consistent.

read more

> 1Password will soon future-proof your passkeys

> How to export LastPass passwords to 1Password

> Browser-based password managers, are they worth it?

Sticking with Apple, the VoiceOver feature on the tech firm's devices will integrate better with 1Password too, preventing it from getting stuck in certain text fields as sometimes occurs.

1Password adds that "the screen reader will also read out all characters as you go past them – even if you start editing the associated text."

"If you’re typing in a text field and make a mistake, you can go back and find the right spot using the arrow keys. All the text will be selected and read out, however you can also choose a specific part by holding shift and an arrow key."

The Emergency Kit feature, which is useful for those who are using 1Password as a business password manager, can now be turned off. This is a document accessible by all team members so they can view their own account information and password, but 1Password says not every business will want it on, explaining that it can "[reduce] the friction for new team members who are getting started with 1Password" when turned off.

Another option you can now disable should you wish is file storage. This is specifically for 1Password Business users, to prevent employees from storing unwanted files on the system. 

1Password Business will also let administrators make two-factor authentication (2FA) via physical security keys mandatory for all those who wish to log into it, increasing its protection. 

Amongst the other updates coming to 1Password 8 include an indicator to let others know when you are offline, the as well as auto-filling search queries, as well as showing recently searched-for terms for those using the mobile app. 

More adjustable options include never autofilling certain credentials on certain websites, opening saved addresses in your map app of choice, specifying the exact domains for autofilling - so that similar domains aren't mistakenly autofilled - and being able to edit and even delete vaults on iOS and Android devices. 

1Password Business users will also get a public preview of Unlock with Okta in mid-February, allowing for Single-Sign On (SSO) access to 1Password in a way that requires the use of trusted devices, rather than sharing an encryption key that can jeopardize your entire company should just one of your employees become compromised. 

• If you're looking to make a strong password, then here are the best password generators

from TechRadar - All the latest technology news https://ift.tt/AcoOPKa