Over the past few weeks we have been following a bad actor as they attack and takes control of a WordPress website we manage. In the process, we have seen them riddle the site with backdoors to ensure they are able to retain control and perform some rudimentary SPAM injections pointing to 17 domains with over 17,000 entries. This article […]
Author: Tony Perez
How to Improve the Largest Contentful Paint (LCP) – Web Core Vital Metrics
In May of 2020, Google announced that Core Web Vitals would become an official ranking measure in 2021. This introduced special focus on Page Experience, or the signals that measure how a user perceives the experience of interacting with your website. We don’t want to dive into what Core Web Vitals are, or the specifics […]
Open-Source CMS’ and Software Bill of Material (SBOM)
Software Bill of Materials (SBOM) have grown in popularity in the past year as a means to help curve the impact software vulnerabilities in open-source technologies have been having on organizations. The concept itself is not new, its foundation are found in other industries; most notably traditional supply chain management. The biggest difference being its […]
Cloud-based Web Application Firewalls (WAF) & The Log4J Vulnerability
Every CIO / CISO worth their weight has spent the better part of four days trying to under the Log4J Vulnerability and more importantly, their organizations unique exposure. This article won’t dive into the vulnerability, that is being covered at nauseum and some organizations are doing exceptionally well with their write-ups. Here are some notable […]
A Guide to DNSSEC and It’s Value
Slack recently shared a great AAR talking to their DNSSEC rollout, providing excruciating details on the various outages / issues they encountered. For those that live in this world, it’s enough to make you cringe and slowly die inside as you live through each issue with them. It also made us sit back and more […]
Web Applications / Assets Led the Charge in Breaches in 2020 According to the Verizon DBIR
Every year Verizon puts out the Data Breach Incident Report (DBIR). This report provides the industry nuggets of information to help us better understand the threat landscape in our respective domains. For many, it is critical to understanding the tactics, techniques and procedures (TTP) bad actors are using. Here at NOC we pay special attention […]
Recovering a Business From a Cyber Attack
Over the past decade we have helped countless organizations respond to security incidents around the world. There is a common theme each time, with exception to large enterprises with an established security team, most small businesses have no idea where to start. The following article will help expand on some of the lessons we’ve learned […]