Every Thursday at 4pm PT/7pm ET, CISO Series hosts a short 20-minute show summarizing the top cybersecurity news stories for the week. The show is hosted by reporter Steve Prentice and we welcome a cyber practitioner to offer some color to the week’s stories. Our guest this week/tonight is James Dolph, CISO, Guidewire Software.
Here are some of the stories we’re going to be covering. If you want to get involved you can watch live and participation in the discussion on Crowdcast ([register](https://www.crowdcast.io/e/cyber-security-headlines)), or you can just[ subscribe to the Cyber Security Headlines podcast](https://cisoseries.com/subscribe-podcast/) and get it into your feed.
Here are some of the stories we’ll be covering.
## Senators offer to let NSA hunt cyber actors inside the US
A bipartisan group of senators offered to help expand the National Security Agency’s authority allowing the spy agency to hunt domestically for signals intelligence against foreign adversaries that U.S. officials have said are behind a string of recent attacks, like SolarWinds and the Microsoft Exchange Servers hacks. Gen. Paul Nakasone, who leads both the NSA and U.S. Cyber Command told senators that the U.S. was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on U.S. networks. “They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.”
## FatFace hides ransomware attack, bargains down and gets tech support from pirates
UK fashion retailer FatFace, which made headlines last week by appearing to ask its customers to keep its cyberattack “strictly private and confidential”, has reportedly paid a $2 million ransom. Conti, the gang behind the attack, initially demanded an $8 million ransom based on its assessment of what FatFace’s insurance would cover, but the company talked them down after explaining revenues had tumbled due to the Coronavirus lockdown. In accepting the payment, Conti offered advice to FatFace’s IT team about how to harden its defenses against future attacks.
## New York launches blockchain based Covid passports
New Yorkers will now be able to pull up a code on their cell phone to prove they’ve been vaccinated against COVID-19 or recently tested negative for the virus that causes it. The first-in-the-nation certification, called the Excelsior Pass, will be useful first at large-scale venues like Madison Square Garden, as well as at dozens of event, arts and entertainment venues statewide, and even weddings and catered events. The data will come from the state’s vaccine registry and also will be linked to testing data from a number of pre-approved testing companies. It is built on IBM’s digital health pass platform and is provided via blockchain technology, so neither IBM nor any business will have access to private medical information.
## Emails from DHS officials obtained in SolarWinds hack
The Associated Press’ sources say as part of the SolarWinds Orion supply chain attack, threat actors obtained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security Chad Wolfe and members of the department’s cybersecurity staff. The intelligence value of the emails is unknown. Officials say following disclosure of the attack, DHS officials switched to clean phones and used the messaging app Signal to communicate. One official speaking to AP said the agency’s response was hampered by outdated technology and struggled for weeks to identify how many servers it had running SolarWinds software.
## Ziggy ransomware gang announces shutdown: returns keys and offers refund
Voicing concerns about recent law enforcement activity and guilt for encrypting their victims, the gang has released all victims’ decryption keys, and has now offered to refund the money they extorted. In an interview with Bleeping Computer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.” Threat analyst Brett Callow suggests that the recent arrest of individuals associated with the Emotet and Netwalker operation could be causing some actors to get cold feet. The admin at Ziggy has posted contact information for victims to receive their ransoms back in bitcoin. ([CISOMag](https://cisomag.eccouncil.org/ziggy-ransomware-gang-announces-shutdown-offers-to-refund-ransom-payments/))
## Whistleblower: Ubiquiti breach “catastrophic”
On January 11 of this year, Ubiquiti, a vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras, disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now, according to *Krebs on Security*, a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication. According to the whistleblower, “the breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.” The full story is available at Krebsonsecurity.com.
## MobiKwik suffers major breach: KYC data of 3.5 million users exposed
Popular Indian mobile payments service MobiKwik came under fire on Monday after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. What is significant about this breach is the fact that the leak shows that MobiKwik does not delete card information from its servers even after a user has removed them, in what’s likely a breach of government regulations. MobiKwik officials vehemently denied the breach, blaming a “media-crazed so-called security researcher,” but numerous independent users have confirmed the breach, specifically by finding their personal details on the leak site.
([The Hacker News](https://thehackernews.com/2021/03/mobikwik-suffers-major-breach-kyc-data.html))