Every year Verizon puts out the Data Breach Incident Report (DBIR). This report provides the industry nuggets of information to help us better understand the threat landscape in our respective domains. For many, it is critical to understanding the tactics, techniques and procedures (TTP) bad actors are using. Here at NOC we pay special attention […]
Recovering a Business From a Cyber Attack
Over the past decade we have helped countless organizations respond to security incidents around the world. There is a common theme each time, with exception to large enterprises with an established security team, most small businesses have no idea where to start. The following article will help expand on some of the lessons we’ve learned […]
Arbitrary File Vulnerabilities And Why They Matter to Your Website
Our last article explored trends we were seeing against WordPress and something became very evident – Arbitrary File Vulnerabilities ranked #1 for vulnerabilities being scanned for. Although the scope of our tests were limited, it does a lot to help better defenders better understand the tactics, techniques and procedures (TTP) being employed by bad actors. Why Arbitrary […]
Evolving the CDN / WAF Stack
A decade ago we built our first CDN/WAF solution. It was built from a need to keep websites from getting reinfected. At the time, our company was focused on identifying and remediating hacked websites. What we learned in the process is that it really doesn’t matter what you tell a website owner, they will rarely […]
Autodetecting Network Failures and Self-Healing To Ensure Optimal Availability
It’s midnight on a Saturday, you’re finally getting to that nice REM cycle. You’re on call, but it’s been a relatively quiet week. Besides, you feel good, you have done everything necessary to ensure that the web properties you are responsible for are operational. You have deployed redundant data centers, each on opposite ends of […]
Steps To Recovering Servers Post-Hack
After a hack, should an organization restore its servers from a new OS or from the backup? This is the question that we were posed with during a recent incident response case. The organization had been given two very different opinions, and wanted to know what we would do. The recommendations they had received came […]
Automated Attacks Against WordPress Target Old Vulnerabilities
There is no denying WordPress’ dominance on the web. It’s used by almost every major organization in the world, and is the platform of choice for a lot of first time entrepreneurs. And if you ever want confirmation, just look at what hosting companies are focusing on. They all dedicate countless resources to streamlining its […]