InfoSec News Nuggets 11/11/2021

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Zero-days, as defined by Microsoft, are publicly disclosed bugs with no official security updates. The vulnerability, tracked as CVE-2021-42292, is a high severity security feature bypass that unauthenticated attackers can exploit locally in low complexity attacks that don't require user interaction. Microsoft also patched a…
Read More

InfoSec News Nuggets 11/04/2021

Toronto subways hit by ransomware as US lawmakers slam 'burdensome' cybersecurity rules The Toronto Transit Commission (TTC) -- which runs the city's public transportation system -- reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization's email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ransomware attack after its IT staff "detected unusual network activity…
Read More