Optimized Origin with the NOC CDN

A core component of setting up a Content Delivery Network (CDN) is defining the origin of the site. This origin is traditionally the IP address for the server that houses the site content. It’s where the CDN will be pulling content from. A few CDN’s even allow you to specify multiple origins, empowering admins to…

Read More

WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent

On June 1st, Automattic’s JetPack plugin released an update to patch an exploitable vulnerability. The vulnerability was found in their Carousel feature. The release invites plugin users to update their version. It warns that while it’s not known to be actively exploited it could be now that it’s been released. One thing it fails to…

Read More

Arbitrary File Vulnerabilities And Why They Matter to Your Website

Our last article explored trends we were seeing against WordPress and something became very evident – Arbitrary File Vulnerabilities ranked #1 for vulnerabilities being scanned for. Although the scope of our tests were limited, it does a lot to help better defenders better understand the tactics, techniques and procedures (TTP) being employed by bad actors.…

Read More

The Domain Name System (DNS)

In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we will dive deeper into the world of DNS. The art of Routing Web Requests (Hello DNS) DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS). It is the mechanism…

Read More

Automated Attacks Against WordPress Target Old Vulnerabilities

There is no denying WordPress’ dominance on the web. It’s used by almost every major organization in the world, and is the platform of choice for a lot of first time entrepreneurs. And if you ever want confirmation, just look at what hosting companies are focusing on. They all dedicate countless resources to streamlining its…

Read More

The Importance of Asset Monitoring

When we manage multiple assets, we must know what we have and their state. This is especially true when managing complex web ecosystems. Whether they are applications dependent on continuous communication with endpoints, or architectures reliant on multiple origins. At NOC, we don’t specifically talk to inventory management, or discovery, but should be invested in.…

Read More