Novel tool leveraged by APT28 to exploit old Windows vulnerability | allinfosecnews.com

April 23, 2024, 1:11 p.m. | SC Staff

SC Magazine feed for Risk Management www.scmagazine.com

Data exfiltration and privilege escalation attacks leveraging the novel GooseEgg hacking tool to exploit an already addressed Windows Print Spooler flaw, tracked as CVE-2022-38028, have been deployed by Russian cyberespionage operation APT28, also known as Forest Blizzard, against government, education, transportation, and non-government organizations since April 2019, BleepingComputer reports.

april apt28 attacks bleepingcomputer blizzard critical-infrastructure-security cve cyberespionage data data exfiltration data security education escalation exfiltration exploit flaw forest forest blizzard gooseegg government hacking hacking tool network security non novel old organizations print print spooler privilege privilege escalation reports russian tool transportation vulnerability windows windows print spooler windows vulnerability

More from www.scmagazine.com / SC Magazine feed for Risk Management

Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 6 hours ago | www.scmagazine.com

breach cisco credit credit monitoring +7

Old vulnerable D-Link routers subjected to novel Goldoon botnet attacks 9 hours ago | www.scmagazine.com

april attacks botnet bug +14

Note to investors and security pros: drive innovation by going on the offensive 11 hours ago | www.scmagazine.com

cybersecurity drive innovation investments +8

‘Junk gun’ ransomware: Peashooters can still pack a punch 17 hours ago | www.scmagazine.com

actor businesses can career +12

Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360 1 day, 3 hours ago | www.scmagazine.com

breach incident incident response preparation +2

We Need an Updated Strategy to Secure Identities 1 day, 4 hours ago | www.scmagazine.com

control identities identity security +2

Pro-Russia hackers target OT weaknesses in critical infrastructure 1 day, 7 hours ago | www.scmagazine.com

american breaches critical critical infrastructure +20

US jails REvil ransomware affiliate for 2021 Kaseya attack 1 day, 8 hours ago | www.scmagazine.com

affiliate attack cnn compromised +16

LockBit-hit French hospital rejects ransom payment 1 day, 8 hours ago | www.scmagazine.com

attack charts critical-infrastructure-security cybernews +18

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority

View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France

View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico

View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States

View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX

View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US

View on infosec-jobs.com