WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

Original release date: October 8, 2021

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). A malicious cyber actor with network access can exploit this vulnerability to access sensitive information.

CISA encourages administrators and users to review NSA’s CSI sheet on Avoiding Dangers of Wildcard TLS Certificates and the ALPACA Technique for more information.

Child Internet Safety

KEEPING CHILDREN SAFE ON THE INTERNET

It should come as a surprise to no one that the Internet can be a dangerous place. Sure, the Internet allows you to access information at your leisure and connect with people in faraway places easily; however, you never know who may try to access you for harm. These dangers are magnified when children utilize the Internet, as they often are not aware of warning signs of danger. Children can easily stumble upon fake news, pornographic content, scams, and seedy individuals, even when their voyage into the cyber world began with an innocent search. Nowadays, the Internet is easily accessible to people of all ages, especially as smartphones and tablets continue to increase in popularity.  More…

How to get the most bang for your buck out of your cybersecurity budget

More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.

The New James Bond Movie Is Cybercriminals Shiniest Phishbait

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, falsely, to offer free access to the full movie. The sites display the beginning of the movie, and then ask users to enter their credit card information to continue watching.

“When users visit a website in the hope of watching the long-awaited No Time to Die movie, they will be asked to register their details after seeing the first few minutes of the latest film. During the registration, victims would be required to enter their credit card information. However, after registration is complete, the user might not be able to continue watching. Money is debited from their card and the payment data ends up in the fraudster’s hands.”

Tatyana Shcherbakova, a security expert at Kaspersky, stated that phishing campaigns commonly use popular movie releases as phishing material.

“With the premieres of new films and TV series moving online, this has fueled interest not only for cinephiles but also among scammers and fraudsters. Inevitably, such a long-awaited premiere as ‘No Time to Die’ causes a stir,” Shcherbakova said. “Users should be alert to the pages they visit, not download files from unverified sites and be careful with who they share personal information.”

Blog post with link:
https://blog.knowbe4.com/new-james-bond-movie-is-cybercriminals-shiniest-phishbait