Some Eye Drops Have Been Recalled Over Infection Risk - CNET

Select artificial tears for dry eyes are affected because they're linked to an investigation into dangerous infections, including one death.

from CNET https://ift.tt/T9V5yUS

NASA's Webb Telescope Discovers New Asteroid 'Completely Unexpectedly' - CNET

The space rock is small for an asteroid, but it's still the size of the Colosseum in Rome.

from CNET https://ift.tt/461rgBS

'The Last of Us' Episode 4 Recap: A Terrifying New Villain Takes the Stage - CNET

The HBO show continues to be out standing in its field.

from CNET https://ift.tt/eI5S7lT

Duolingo Turned Me Into a Monster - CNET

Commentary: That green owl is haunting me.

from CNET https://ift.tt/MoZGjrK

The Best Documentaries to Watch on Netflix in 2023 - CNET

Netflix has the best documentaries in the business.

from CNET https://ift.tt/ouTU19Y

When You'll Get Your Tax Refund From the IRS and How to Track It - CNET

The IRS has started processing tax returns, and tax refunds will start showing up soon.

from CNET https://ift.tt/yWUTOLP

Best-Sounding Wireless Earbuds in 2023: Get Top Sound Quality - CNET

Many people are happy with cheap true-wireless headphones. But if you need something with top-notch sound, this is the list for you.

from CNET https://ift.tt/3rovWKh

Vivo Claims Its New X90 Pro Phone Can Charge Completely in 30 Minutes - CNET

The X90 Pro comes with a 120-watt charger inside the box.

from CNET https://ift.tt/rjW2suQ

Watch 2023 Super Bowl Ads Before the Big Game: Every Commercial So Far - CNET

You can already watch a bunch of them, including Budweiser and Michelob Ultra ads and that Breaking Bad commercial.

from CNET https://ift.tt/PJN13wb

More People Need to Watch This Twisted Horror-Thriller on Prime Video - CNET

Pick up The Black Phone for your fix of It and Stranger Things vibes.

from CNET https://ift.tt/9P0tNh5

NHL All-Star Game 2023: How to Watch, Stream the Tournament Today - CNET

The top players in hockey compete in a 3-on-3 tournament to crown the best division in the NHL.

from CNET https://ift.tt/xPMvVI4

Samsung Galaxy S23 Ultra First Look: Going Big On the Camera - CNET

Samsung's new top-of-the-line phone has a new 200-megapixel camera sensor and other improvements.

from CNET https://ift.tt/F1COhyN

2023 Tax Season: When Is the Filing Deadline? When Do I Get My Refund? - CNET

Should you file early? It depends.

from CNET https://ift.tt/aAMuQlf

Chelsea vs. Fulham Livestream: How to Watch Premier League Soccer From Anywhere - CNET

Chelsea look to avenge last month's defeat to their West London rivals Fulham, in a match that could see record signing Enzo Fernández make his EPL debut.

from CNET https://ift.tt/VDb1yUi

Latest Tech News

Cisco has confirmed it patched a high-severity flaw that was impacting its IOx application hosting environment. 

Cisco IOx is an application environment that allows consistent deployment of applications that are independent of the network infrastructure and docker tooling for development. It is used by a wide range of businesses, from manufacturing, to energy, to the public sector.

The flaw, tracked as CVE-2023-20076, allowed threat actors to achieve persistence on the operating system, thus gaining the ability to execute commands, remotely.

Who is affected?

"An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file," Cisco said in its security advisory. 

Users running IOS XE without native docker support are affected, as well as those running 800 Series Industrial ISR routers, CGR1000 compute modules, IC3000 industrial compute gateways, IR510 WPAN industrial routers, and Cisco Catalyst access point (COS-APs) endpoints.

Catalyst 9000 Series switches, IOS XR and NX-OS software, and Meraki products, are unaffected by the flaw, the company added.

Read more

> Cisco says it won't patch these dangerous VPN security flaws in its SMB routers

> Cisco AnyConnect urges admins to update now to avoid security threats

> Check out the best firewalls right now

The caveat with this vulnerability is that the threat actors need to already be authenticated as an administrator on the vulnerable systems. 

Still, researchers from Trellix, who first discovered the flaw, said crooks could easily pair this vulnerability with others, in their malicious campaigns. Authentication can be obtained with default login credentials (many users never change them), as well as through phishing and social engineering. 

After authenticating, CVE-2023-20076 can be abused for "unrestricted access, allowing malicious code to lurk in the system and persist across reboots and firmware upgrades."

"Side-stepping this security measure means that if an attacker exploits this vulnerability, the malicious package will keep running until the device is factory reset or until it is manually deleted."

The good news is that so far there is no evidence of the flaw being exploited in the wild but still, if you use this solution, make sure it's updated to the latest version. 

• These are the best privacy tools right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/Qv71kn3