Articles of interest from the week of October 3, 2022

Microsoft Confirms Two New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft officially disclosed it is investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation.

"The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker," the tech giant said. (The Hacker News)

Microsoft: Lazarus Hackers Are Weaponizing Open-Source Software

Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment. (BleepingComputer)

Cyber Insurers Clamp Down on Clients' Self-Attestation of
Security Controls

A voided lawsuit from a cyber insurance carrier claiming its customer misled it on its insurance application could potentially pave the way to change how underwriters evaluate self-attestation claims on insurance applications. (DarkReading)

NSA Shares Guidance To Help Secure OT/ICS Critical Infrastructure

The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.

The joint advisory shares info on all the steps used by malicious actors to compromise IT-enabled OT and ICS assets which provide a larger attack surface and highlights measures security professionals can take to defend against them.  (BleepingComputer)

Top 5 Attack Surface Challenges Related to Security Operations

According to newly published ESG research, just over half of all organizations (52%) say that security operations are more difficult today than they were two years ago. When asked why 41% pointed to an evolving and dangerous threat landscape, 38% identified a growing and changing attack surface, 37% said that alert volume and complexity are driving this change, and 34% blamed growing use of public cloud computing services. (CSO)