Adobe also issued security updates to address 10 vulnerabilities, one for Flash Player and nine for ColdFusion. The Flash Player update addresses a critical privilege escalation vulnerability (CVE-2018-15967) that leads to information disclosure, and six of the nine ColdFusion vulnerabilities that are rated critical lead to arbitrary code execution.
This week we also observed the ongoing and evolving online skimmer attacks carried out by a threat actor dubbed MageCart. Unlike the skimmer infection of Ticketmaster’s websites in June, recent attacks on cloud service firm Feedify and the British Airways that involved the use of customised skimmer scripts and targeted infrastructure to minimise detection and suspicion show that MageCart is sharpening its tools and infrastructure and does not intend to call it a day anytime soon. The group will likely continue to target poorly secured website administration accounts and seek to secretly modify scripts to insert malicious skimmer codes.
We advise organisations secure website administration accounts with strong, unpredictable passwords, and stay vigilant of unusual login activity in these accounts. It is also recommended that website administrators regularly audit website codes and scripts to spot fraudulent modification and insertion of skimmer scripts.
 Patch Tuesday: Microsoft plugs zero-day hole exploited by PowerPool
 PowerPool malware exploits ALPC LPE zero-day vulnerability
 Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities
More Weekly Cyber Newsanalysis and insights
Chinese APT Group Targets Japanese Media Sector, Turkish Hacker Group Hacks Egypt’s State-Run News Agency
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services