Log4Shell – Lessons Learned in 30 Days

On Decemberr 9th, 2021 the web was turned on its head with the disclosure of a high severity vulnerability coined #log4shell. At the time we wrote an article on how this new vulnerability shines the light on the effectiveness of Web Application Firewalls (WAF) as a defensive control but we didn’t dive deep into the…

Read More

NMAP – A Free Network Mapping Tool

The Network Mapper (NMAP) is an open-source, free, security scanner that is widely popular, and favorited, amongst security and network analysts. Commercial organizations have tried to emulate it’s effectiveness, but have often failed, usually resorting to integrating it into their platform as an added “feature”.   At it’s core, however, is an extremely powerful tool…

Read More

WordPress 5.8.3 Security Release

Some nice finds in today’s release. Be sure to update. Props to all the contributors for responsibly disclosing Security Updates Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted…

Read More

Cloud-based Web Application Firewalls (WAF) & The Log4J Vulnerability

Every CIO / CISO worth their weight has spent the better part of four days trying to under the Log4J Vulnerability and more importantly, their organizations unique exposure.   This article won’t dive into the vulnerability, that is being covered at nauseum and some organizations are doing exceptionally well with their write-ups. Here are some…

Read More

Does DNSSEC matter?

Slack recently shared a great AAR talking to their DNSSEC rollout, providing excruiciating details on the various outages / issues they encountered. For those that live in this world, it’s enough to make you cringe and slowly die inside as you live through each issue with them. It also made us sit back and more…

Read More

Introducing DNSRepo

For over a decade Daniel and I have been building very big networks. These networks have amassed massive amounts  of usage data and for years it was what we used to get smarter about how we identified and mitigated attacks. When asked, what made us different, it was always about two things:   The ability…

Read More

Introducing Support for WebSockets

The NOC platform offers its customers a global CDN / WAF. This technology runs on an anycast network that has points of presence around the world. While anyone with a domain can use the platform, Agencies and Hosts get the most bang for their buck on our platform.   We’re excited to announce support for…

Read More

Active Exploits against CVE-2021-41773 (Apache Web Server Exploit)

The NOC platform offers its customers a global CDN / WAF. This technology runs on an anycast network that has points of presence around the world. This network design allows us to give our customers exceptional performance, but also gives us the ability to glean insights about what is happening on the web. Today we…

Read More