An unpatched vulnerability in a popular C standard library found in a wide range of IoT products and routers could put millions of devices at risk of attack. The vulnerability, tracked as CVE-2022-05-02 and discovered by Nozomi Networks, is present in the domain name system (DNS) component of the library uClibc and its uClibc-ng fork from the OpenWRT team.

In the alphabet soup of IT buzzwords, DevSecOps is one of the more confusing abbreviations. More than just a trendy buzzword, DevSecOps is the mature organization’s next evolution in comprehensive development processes.

System Monitor, better known as Sysmon, is one of my favorite security datasets. The data is crazy detailed and offers a great way to power security detection and response since it gives cyber security teams a roadmap to understand exactly what systems or people are doing while they use any Windows operating systems. The avalanche of the data is the downside and why observability engineers need tools like Cribl Stream to manage and enrich Sysmon data to make it more useful and more cost-effective.

Managed Service Providers (MSPs) are charged with protecting their customers from all of the threat vectors that target devices, networks, and applications. The diligence required to provide this level of protection for customers is unending. However, if an MSP is going to properly secure their customers’ environments, they first must secure their own, which is why NinjaOne has collaborated with the cybersecurity company SaaS Alerts to better protect MSPs from RMM supply chain attacks.

Every year hackers grow in numbers, aggressiveness, organization, and sophistication. And every year there are new attack types and new areas of IT infrastructure that cybercriminals target. 2022 is no different. We are about a third of the way in already and IT pros and security specialists already have their hands full with new attacks and new issues.