Managing third-party risk is not a high priority, Forrester data finds. And that’s concerning. Juggling was a skill that organizations in the public and private sectors found themselves having to learn in the last two years because of the need to deal with new business priorities and strategic initiatives on top of managing lots of new security risks. Mastering the art of keeping all the balls in the air is something security, compliance and risk professionals must master in 2023.

Our research team here at Mend has identified a new kind of malicious code that attackers can use to exploit genuine concerns about security and licenses. The code in the case below is used to prevent people from using unlicensed software, specifically by removing the code if it detects that the software is not licensed during the deployment stage. The code is tricky to understand and uses a web request to check if the software is being used legally.

Audit: Force Audit Policy Subcategory is a security policy that allows users to leverage the most accurate and advanced policy settings in Windows Vista. The current version of the Active Directory does not have a feature for managing the audit policy settings, which is why the user has to manually apply Audit: Force Audit Policy Subcategory Settings and configure it to ensure everything works well.

Devices: Prevent Users From Installing Printer Drivers, as the name suggests, is a security setting that prohibits unauthorized printer usage on specific devices. Once the setting is configured, the types and number of printers used on specific devices will be confined to the approved ones. The main purpose of limiting printer drivers’ installation and usage on workstations is to prevent people from printing unnecessary stuff, which would increase the cost of business operations.

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive knowledge base of tactics, techniques and procedures that adversaries use to conduct cyber-attacks. The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

At this point, it’s not too much to say that open source software runs the world. The GitHub Octoverse 2022 report shows that 90 percent of companies use open source, which appears in the vast majority of applications today.

On January 4, CircleCI, an automated CI/CD pipeline setup tool, reported a security incident in their product by sharing an advisory.

User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to a computer by prompting the user for permission before allowing certain actions to take place.