WooCommerce Patches Two SQLi Vulnerabilities

Yesterday, WooCommerce released an urgent announcement encouraging users to update because of a serious vulnerability.   They don’t get into the details, but for us it’s imperative to understand what they are patching so that we can virtually patch at the edge via the NOC Web Application Firewall (WAF). Especially when it comes to a…

Read More

Arbitrary File Vulnerabilities And Why They Matter to Your Website

Our last article explored trends we were seeing against WordPress and something became very evident – Arbitrary File Vulnerabilities ranked #1 for vulnerabilities being scanned for. Although the scope of our tests were limited, it does a lot to help better defenders better understand the tactics, techniques and procedures (TTP) being employed by bad actors.…

Read More

The Domain Name System (DNS)

In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we will dive deeper into the world of DNS. The art of Routing Web Requests (Hello DNS) DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS). It is the mechanism…

Read More

Automated Attacks Against WordPress Target Old Vulnerabilities

There is no denying WordPress’ dominance on the web. It’s used by almost every major organization in the world, and is the platform of choice for a lot of first time entrepreneurs. And if you ever want confirmation, just look at what hosting companies are focusing on. They all dedicate countless resources to streamlining its…

Read More

The Importance of Asset Monitoring

When we manage multiple assets, we must know what we have and their state. This is especially true when managing complex web ecosystems. Whether they are applications dependent on continuous communication with endpoints, or architectures reliant on multiple origins. At NOC, we don’t specifically talk to inventory management, or discovery, but should be invested in.…

Read More

We love to dig (DNS troubleshooting)

We spend a lot of time with DNS, we’re constantly having to investigate issues, analysis outputs, or just try to understand what is going on. When troubleshooting DNS, the best tool is the dig command. Dig comes by default on most Linux distributions and on MacOS (sorry Windows users, you are stuck with nslookup by…

Read More