Some nice finds in today’s 5.8.3 release for WordPress. Be sure to update. Props to all the contributors for responsibly disclosing Security Updates Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except […]
Cloud-based Web Application Firewalls (WAF) & The Log4J Vulnerability
Every CIO / CISO worth their weight has spent the better part of four days trying to under the Log4J Vulnerability and more importantly, their organizations unique exposure. This article won’t dive into the vulnerability, that is being covered at nauseum and some organizations are doing exceptionally well with their write-ups. Here are some notable […]
A Guide to DNSSEC and It’s Value
Slack recently shared a great AAR talking to their DNSSEC rollout, providing excruciating details on the various outages / issues they encountered. For those that live in this world, it’s enough to make you cringe and slowly die inside as you live through each issue with them. It also made us sit back and more […]
Active Exploits against CVE-2021-41773 (Apache Web Server Exploit)
The NOC platform offers its customers a global CDN / WAF. This technology runs on an anycast network that has points of presence around the world. This network design allows us to give our customers exceptional performance, but also gives us the ability to glean insights about what is happening on the web. Today we […]
Web Applications / Assets Led the Charge in Breaches in 2020 According to the Verizon DBIR
Every year Verizon puts out the Data Breach Incident Report (DBIR). This report provides the industry nuggets of information to help us better understand the threat landscape in our respective domains. For many, it is critical to understanding the tactics, techniques and procedures (TTP) bad actors are using. Here at NOC we pay special attention […]
Recovering a Business From a Cyber Attack
Over the past decade we have helped countless organizations respond to security incidents around the world. There is a common theme each time, with exception to large enterprises with an established security team, most small businesses have no idea where to start. The following article will help expand on some of the lessons we’ve learned […]
Arbitrary File Vulnerabilities And Why They Matter to Your Website
Our last article explored trends we were seeing against WordPress and something became very evident – Arbitrary File Vulnerabilities ranked #1 for vulnerabilities being scanned for. Although the scope of our tests were limited, it does a lot to help better defenders better understand the tactics, techniques and procedures (TTP) being employed by bad actors. Why Arbitrary […]