AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/16/2023

FBI Director: FISA Section 702 warrant requirement a ‘de facto ban’ 

FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called “US person queries” of data collected via the Feds’ favorite snooping tool, FISA Section 702. This controversial amendment to the Foreign Intelligence Surveillance Act will expire at the end of December unless Congress reauthorizes it. As the deadline draws near, and reform looms, the FBI and other law enforcement agencies are pulling out all the stops to convince lawmakers to greenlight Section 702 without making any changes to the spying tool — and especially without any warrant requirements. 


Pharmacy provider Truepill data breach hits 2.3 million customers 

Postmeds, doing business as ‘Truepill,’ is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. Truepill is a B2B-focused pharmacy platform that uses APIs for order fulfillment and delivery services for direct-to-consumer (D2C) brands, digital health companies, and other healthcare organizations across all 50 states in the U.S. 


AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC 

Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for financial institutions. AlphV’s listing has been temporarily removed to be updated, but DataBreaches has learned some additional details from someone involved in the attack. The attack was last Tuesday, November 7. According to AlphV, they did not encrypt any files, but did exfiltrate files. MeridianLink was aware of it the day it happened. According to AlphV, no security upgrades were made following the discovery, but “once we added them to the blog, they have patched the way used to get in,”  DataBreaches was told.  


Fraudsters make $50,000 a day by spoofing crypto researchers 

Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter). To lure potential victims, the scammer uses a breach on major cryptocurrency exchange platforms. The scenario urges users to act swiftly to safeguard their digital assets from potential theft. The scammers impersonate accounts on X belonging to blockchain analytics or crypto fraud investigation firms and researchers, like CertiK, ZachXBT, and Scam Sniffer, to promote  fabricated security breaches on Uniswap and Opensea. 


US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea 

The US government on Tuesday announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service. According to the Justice Department, the FBI dismantled the infrastructure associated with the IPStorm malware, as well as the proxy network powered by the IPStorm botnet. The malware was delivered to thousands of Windows, Linux, Mac and Android devices located all around the world, enabling cybercriminals to use the compromised devices for a proxy service.  


AI outperforms conventional weather forecasting for the first time 

On Tuesday, the peer-reviewed journal Science published a study that shows how an AI meteorology model from Google DeepMind called GraphCast has significantly outperformed conventional weather forecasting methods in predicting global weather conditions up to 10 days in advance. The achievement suggests that future weather forecasting may become far more accurate, reports The Washington Post and Financial Times. In the study, GraphCast demonstrated superior performance over the world’s leading conventional system, operated by the European Centre for Medium-range Weather Forecasts (ECMWF). In a comprehensive evaluation, GraphCast outperformed ECMWF’s system in 90 percent of 1,380 metrics, including temperature, pressure, wind speed and direction, and humidity at various atmospheric levels. 

Related Posts