Kremlin-backed hackers, known as Forest Blizzard, have exploited a critical Microsoft vulnerability, CVE-2022-38028, for up to four years, Microsoft revealed. The flaw in the Windows print spooler allowed the hackers to gain system privileges to install a backdoor, dubbed as GooseEgg, which assists in credential stealing and moving laterally through an infiltrated system. Microsoft patched the vulnerability in October 2022 without acknowledging it was under active exploitation.
Fred Hutch notifies more patients of November 2023 attack
In December 2023, a cyberattack hit the Fred Hutchinson Cancer Center (Fred Hutch), resulting in the exfiltration of patient data and attempted extortion. Threat actors,