AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/28/2024

Stark Industries Solutions: An Iron Hammer in the Cloud

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. At least a dozen patriotic Russian hacking groups have been launching DDoS attacks since the start of the war at a variety of targets seen as opposed to Moscow. But by all accounts, few attacks from those gangs have come close to the amount of firepower wielded by a pro-Russia group calling itself “NoName057(16).”


Cencora data breach exposes US patient info from 8 drug companies

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. Cencora, formerly AmerisourceBergen, is a pharmaceutical services provider specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support. The Pennsylvania-based firm, with a presence in 50 countries, employs 46,000 people and has a revenue (2023) of $262 billion.


A root-server at the Internet’s core lost touch with its peers. We still don’t know why.

For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server peers due to an unexplained glitch that could have caused stability and security problems worldwide. This server, maintained by Internet carrier Cogent Communications, is one of the 13 root servers that provision the Internet’s root zone, which sits at the top of the hierarchical distributed database known as the domain name system, or DNS.


Spyware found on US hotel check-in computers

A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch has learned. The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in the spyware, these screenshots are available to anyone on the internet, not just the spyware’s intended users. This is the most recent example of consumer-grade spyware exposing sensitive information because of a security flaw in the spyware itself. It’s also the second known time that pcTattletale has exposed screenshots of the devices on which the app is installed.

‘I was misidentified as shoplifter by facial recognition tech’

Sara needed some chocolate – she had had one of those days – so wandered into a Home Bargains store. “Within less than a minute, I’m approached by a store worker who comes up to me and says, ‘You’re a thief, you need to leave the store’.” Sara – who wants to remain anonymous – was wrongly accused after being flagged by a facial-recognition system called Facewatch. She says after her bag was searched she was led out of the shop, and told she was banned from all stores using the technology. “I was just crying and crying the entire journey home… I thought, ‘Oh, will my life be the same? I’m going to be looked at as a shoplifter when I’ve never stolen’.”

Related Posts