WyzGuys Tech Talk

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

Original release date: October 8, 2021

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). A malicious cyber actor with network access can exploit this vulnerability to access sensitive information.

CISA encourages administrators and users to review NSA’s CSI sheet on Avoiding Dangers of Wildcard TLS Certificates and the ALPACA Technique for more information.

Child Internet Safety


It should come as a surprise to no one that the Internet can be a dangerous place. Sure, the Internet allows you to access information at your leisure and connect with people in faraway places easily; however, you never know who may try to access you for harm. These dangers are magnified when children utilize the Internet, as they often are not aware of warning signs of danger. Children can easily stumble upon fake news, pornographic content, scams, and seedy individuals, even when their voyage into the cyber world began with an innocent search. Nowadays, the Internet is easily accessible to people of all ages, especially as smartphones and tablets continue to increase in popularity.  More…

How to get the most bang for your buck out of your cybersecurity budget

More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.   More…

Does your company have a cybersecurity strategy? Is it any good?

Take this quick, multiple choice survey and tell us about your company’s cybersecurity strategies for the upcoming year.

The New James Bond Movie Is Cybercriminals Shiniest Phishbait

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, falsely, to offer free access to the full movie. The sites display the beginning of the movie, and then ask users to enter their credit card information to continue watching.

“When users visit a website in the hope of watching the long-awaited No Time to Die movie, they will be asked to register their details after seeing the first few minutes of the latest film. During the registration, victims would be required to enter their credit card information. However, after registration is complete, the user might not be able to continue watching. Money is debited from their card and the payment data ends up in the fraudster’s hands.”

Tatyana Shcherbakova, a security expert at Kaspersky, stated that phishing campaigns commonly use popular movie releases as phishing material.

“With the premieres of new films and TV series moving online, this has fueled interest not only for cinephiles but also among scammers and fraudsters. Inevitably, such a long-awaited premiere as ‘No Time to Die’ causes a stir,” Shcherbakova said. “Users should be alert to the pages they visit, not download files from unverified sites and be careful with who they share personal information.”

Blog post with link:




About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.