Your Daily Decrypt

8/22/2023 - Today’s news and insights for cybersecurity pros and leaders

📰 Top Stories 

Summary

Who's Behind the Leak: Two former Tesla employees.

What They Did: Leaked personally identifiable information of over 75,000 Tesla workers, including social security numbers.

How They Did It: Misappropriated the information in violation of Tesla's IT security and data protection policies and shared it with the German media outlet Handelsblatt.

What's Been Affected: The leaked data consists of information on 75,735 current and former employees, including Tesla CEO Elon Musk. Additionally, complaints about Tesla's Full Self-Driving system were revealed.

What Actions Were Taken: Tesla has filed lawsuits against the two former employees and had their electronic devices seized. Handelsblatt promises to protect the sensitive data as required by its country's laws.

Why it’s important to you

Stay Informed: If you are an employee or former employee of Tesla, your personal information might have been compromised.

Be Proactive: This incident highlights the critical importance of strong data protection measures, even from potential insider threats.

Consider Implications: The leak not only affects personal information but also reveals potential issues with Tesla's Full Self-Driving system, which could have wider implications for the company and its products.

Summary

Who's Behind the Attacks: Foreign intelligence entities (FIEs), notably China and Russia.

What They Did: Engaged in cyber espionage campaigns targeting the US space industry, including efforts to steal technology and disrupt the industry.

How They Did It: Through cyberattacks and possibly deploying state-backed resources and unfair business practices to disadvantage US space firms.

What's Been Affected: Intellectual property and proprietary data, satellite communications capabilities, and potentially the economic security of the US space industry.

What Actions Were Taken: The National Counterintelligence and Security Center (NCSC), FBI, and the Air Force Office of Special Investigations (AFOSI) issued a joint warning, advising space companies on mitigation strategies.

Why it’s important to you

Stay Informed: The US space industry is a critical driver of the economy and essential for various services. Awareness of these espionage activities is crucial for both industry players and the general public.

Be Proactive: Companies involved in the space industry must enhance security measures and be vigilant against potential infiltrations.

Consider Implications: The theft of intellectual property and disruption of space-based infrastructure can have significant national security and economic impacts.

🚨 Threat Alerts

Summary

Who's Behind the Vulnerability: An undisclosed entity or individual could exploit the vulnerability.

What They Did: The vulnerability in WinRAR allows code to be run when a user opens a RAR file, potentially impacting millions of users.

How They Did It: The flaw is due to a lack of full validation of user-supplied data when opening an archive file, resulting in a memory access beyond the end of an allocated buffer. An attacker can construct a RAR file to exploit this vulnerability and execute code.

What's Been Affected: WinRAR, the world's most popular compression tool with over 500 million users, has a high severity vulnerability rated at CVSS 7.8.

What Actions Were Taken: Developer RARLAB has released a new version, WinRAR 6.23, fixing the bug, along with several other flaws. The vulnerability was discovered on June 8 and publicly disclosed on August 17, but the fix was already issued on August 2.

Why it’s important to you

Stay Informed: If you are a WinRAR user, it's crucial to know about this vulnerability and take immediate action to update to the latest version.

Be Proactive: The vulnerability highlights the importance of keeping all software up to date, especially popular applications that are tempting targets for attackers.

Consider Implications: The wide user base and potential impact of this vulnerability emphasize the need for robust security measures and awareness in software development and usage.

⚖️ Regulatory Updates

Summary

What's the Change: The Transportation Security Administration (TSA) has issued a revised Security Directive (Security Directive Pipeline 2021-02D) for cybersecurity practices of owners and operators of critical liquid and natural gas pipelines and liquified natural gas (LNG) facilities.

What's New: This directive builds on previous ones, adding more detailed requirements related to cybersecurity program testing, reporting, and documentation. It allows critical facility owners and operators to build upon the compliance measures they have already implemented.

Key Changes Include:

  • A requirement to notify TSA if owners and operators determine they don't have "Critical Cyber Systems."

  • New procedures for handling amendments to the Cybersecurity Implementation Plan (CIP).

  • Requirements for annual testing of at least two objectives of the Cybersecurity Incident Response Plan.

  • Use of the term "Cybersecurity Assessment Plan" instead of "Cybersecurity Assessment Program."

  • A mandate that all plans, assessments, tests, and evaluations be explicitly incorporated into the owner or operator's CIP.

  • A new requirement that all required documentation be submitted as prescribed by TSA.

Why it’s important to you

Stay Informed: If you are involved in the operation or management of critical pipelines and LNG facilities, understanding this new directive is essential for compliance.

Be Proactive: The new directive represents a shift in TSA's approach, with a greater focus on specific outcomes and performance-based regulation. Ensuring alignment with these new requirements will be crucial.

Consider Implications: The directive emphasizes the growing threats to sensitive infrastructure and the need for stringent cybersecurity measures. It represents a more nuanced and flexible approach, reflecting ongoing changes in the regulatory landscape and industry needs.

👀 Curated Finds

Summary

What the Study Found: A Pew Research Center survey conducted among 5,101 U.S. adults from May 15 to May 21, 2023, explored Americans' understanding of digital topics, including cybersecurity practices, major technology companies, artificial intelligence, and federal online privacy laws.

Cybersecurity Awareness:

  • Most Secure Password: 87% of U.S. adults could correctly identify the most secure password from a list.

  • Understanding of Cookies: 67% knew that cookies track visits and activity on a website.

  • Two-Factor Authentication: Only 48% could correctly identify two-factor authentication.

  • Knowledge of Tech Companies:

  • Elon Musk's Role: 80% knew Elon Musk was running Tesla and Twitter in April 2023.

  • Facebook's Name Change: 77% were aware that Facebook changed its name to Meta.

  • Artificial Intelligence Understanding:

  • Deepfake Recognition: 42% knew what a deepfake is.

  • Large Language Models: Only 32% understood how large language models like ChatGPT work.

  • Federal Privacy Laws:

  • Lack of National Privacy Law: Only 23% knew the U.S. lacks a common national privacy law.

  • Data Collection from Minors: 21% were aware that websites in the U.S. cannot collect data from children under 13 without parental consent.

  • Demographics:

  • Educational Attainment: Higher education levels correlated with better digital knowledge.

  • Age Differences: Younger adults (under 50) generally fared better than those 50 and older.


Why it’s important to you

Stay Informed: This study reveals areas where digital literacy may be lacking, emphasizing the need for education on topics like two-factor authentication and federal privacy laws.

Be Proactive: Awareness of cybersecurity practices and understanding of AI technologies like deepfakes can empower individuals to navigate the digital world more safely and responsibly.

Consider Implications: The variations in digital knowledge by age and education underscore the importance of tailored educational approaches to enhance digital literacy across different demographics.

Please let me know if you have any comments or feedback by replying to this email or messaging me on X!

Thank you 🙏
Ali Abidi