Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) | allinfosecnews.com

April 23, 2024, 1:50 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more. “Microsoft has observed Forest Blizzard using GooseEgg as part of post-compromise activities … More →

The post …

0 day application applications apt apt28 bear blizzard can cve cyber espionage don't miss exploit exploits fancy bear flaw forest forest blizzard gooseegg hackers hot stuff launcher microsoft old permissions print print spooler russian russian hackers service system tool vulnerability windows windows print spooler

More from www.helpnetsecurity.com / Help Net Security

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 7 hours ago | www.helpnetsecurity.com

android android apps app apps +17

Trellix Wise automates security workflows with AI, streamlining threat detection and remediation 9 hours ago | www.helpnetsecurity.com

artificial artificial intelligence cyber cyber risk +21

Microsoft, Google widen passkey support for its users 9 hours ago | www.helpnetsecurity.com

account protection authentication awareness bitwarden +18

Cyble Vision X covers the entire breach lifecycle 9 hours ago | www.helpnetsecurity.com

access artificial artificial intelligence aspect +23

BlackBerry CylanceMDR improves cybersecurity defensive strategy 10 hours ago | www.helpnetsecurity.com

address advanced ai platform amp +28

FortiGate 200G series boosts campus connectivity for Wi-Fi 7 10 hours ago | www.helpnetsecurity.com

ai-powered campus connectivity firewall +15

Nokod Security Platform secures low-code/no-code development environments and apps 11 hours ago | www.helpnetsecurity.com

applications apps automations code +23

Lenovo launches AI-based Cyber Resiliency as a Service 11 hours ago | www.helpnetsecurity.com

copilot copilot for security cyber cyber protection +24

Edgio ASM reduces risk from web application vulnerabilities 12 hours ago | www.helpnetsecurity.com

application application vulnerabilities asm assets +33

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604

View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö

View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963

View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000

View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto

View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto

View on infosec-jobs.com