Weekly Security News – 5th February 2024

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

New Windows Event Log zero-day flaw gets unofficial patches

A new Windows zero-day vulnerability, known as EventLogCrasher, allows attackers to remotely crash the Event Log service on devices within the same Windows domain. This zero-day flaw impacts all Windows versions, from Windows 7 to Windows 11, and from Server 2008 R2 to Server 2022. Although it was discovered and reported to the Microsoft Security Response Center by a security researcher named Florian, Microsoft has labeled it as not meeting servicing requirements and considers it a duplicate of a 2022 bug. Unofficial patches are available to address the vulnerability. Users are advised to remain vigilant and apply necessary security measures.

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

The threat actor behind the FritzFrog peer-to-peer (P2P) botnet has returned with a new variant that exploits the Log4Shell vulnerability to propagate internally within compromised networks. The Log4Shell vulnerability is targeted in a brute-force manner to exploit vulnerable Java applications. This development highlights the ongoing risk posed by cyber threat actors adapting and incorporating new exploits to enhance their attack capabilities. Organizations are urged to apply necessary patches, maintain robust cybersecurity practices, and monitor for emerging threats.

GitLab – Critical Workspace Creation Flaw Allows File Overwrite

GitLab has released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE). The vulnerability, tracked as CVE-2024-0402, could be exploited to write arbitrary files while creating a workspace. This issue impacts various versions of GitLab CE/EE prior to 16.8.1. The fix aims to prevent authenticated users from writing files to arbitrary locations on the GitLab server during workspace creation. Users are urged to update their GitLab installations to the patched versions to mitigate the risk associated with the vulnerability.

Cyber Attacks

LockBit shows no remorse for ransomware attack on children’s hospital

The LockBit ransomware gang is claiming responsibility for an attack on a children’s hospital in Chicago, marking a departure from its previous policy of not targeting nonprofits. The attackers are reportedly unwilling to reverse the attack on Saint Anthony Hospital and are demanding an $800,000 ransom. This incident underscores the callousness of ransomware operators who, in this case, have targeted a nonprofit hospital, further emphasizing the need for robust cybersecurity measures and preparedness in critical sectors.

Cloudflare hacked using auth tokens stolen in Okta attack

Cloudflare has disclosed a security incident in which its internal Atlassian server was breached by a suspected nation-state attacker. The threat actor gained access to Cloudflare’s Confluence wiki, Jira bug database, and Bitbucket source code management system. The breach occurred on November 14, and while Cloudflare has not provided specific details about the attacker, it suggests the involvement of a sophisticated actor. Organizations are reminded of the importance of securing internal infrastructure and maintaining vigilance against advanced threats.


Tor Code Audit Finds 17 Vulnerabilities

A code security audit of the Tor anonymity network, conducted by cybersecurity consultancy Radically Open Security, has identified over a dozen vulnerabilities. The audit covered various components of the Tor network, including the Tor browser, exit relays, exposed services, infrastructure, and testing tools. One of the vulnerabilities discovered was classified as “high risk.” The findings highlight the ongoing efforts to enhance the security and resilience of privacy-focused technologies like Tor. The Tor Project is expected to address the identified vulnerabilities to further enhance the network’s security.