This article is contributed. See the original author and article here.
The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). A malicious cyber actor with network access can exploit this vulnerability to access sensitive information.
CISA encourages administrators and users to review NSA’s CSI sheet on Avoiding Dangers of Wildcard TLS Certificates and the ALPACA Technique for more information.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.