Blog
Web App Vulnerability Basics: Insecure Direct Object Reference
This is an article in a series on Web Application Vulnerability Basics. What Is Insecure Direct Object Reference? Insecure Direct Object Reference, also known as IDOR, is a reference to an internal implementation object that is exposed to a user without proper...
Breach of the Week – Shocked and Amazed
On this week’s episode we are digging into a specific Maze Ransomware attack that hit one of the biggest security firms on the planet. What does it mean when a security company gets hit, how they'll probably be just fine with their billions of dollars, and whether or...
Web App Vulnerability Basics: Cross-Site Scripting
This is an article in a series on Web Application Vulnerability Basics. What Is Cross-Site Scripting? Cross-Site Scripting, also known as “XSS”, is a web exploit that allows an attacker to inject malicious content (such as markup, or scripts) into a web application....
Top Five Security Podcasts You Should Be Listening To
If you’re like me, finding good podcast content is hard. I really struggle as I either like podcasts that bend my brain a bit or tells a good story where I can be entertained. Too often I come across podcasts that drone on forever about meaningless topics or...
NuHarbor Security releases CMMC Certification Support for Splunk MSSP clients
Splunk MSSP and CMMC Certification Support NuHarbor Security has released CMMC support for Splunk MSSP clients that need to pursue Cybersecurity Maturity Model Certification. The cyber security maturity model certification is a new standard for implementing...
Web App Vulnerability Basics: Cross-Site Request Forgery
This is an article in a series on Web Application Vulnerability Basics. What Is Cross-Site Request Forgery? Cross-Site Request Forgery, also known as CSRF and XSRF, is a web application attack that tricks a victim into submitting a malicious request to a web app that...
Web App Vulnerability Basics: Path Traversal
This is an article in a series on Web Application Vulnerability Basics. What Is a Path Traversal Attack? Path traversal, also known as directory traversal and backtracking, is an exploit that allows an attacker to access files on a web server that they are not...
Attracting and Keeping Our Cybersecurity Talent
The cybersecurity talent thing is getting old. Everyone talks about it, but nothing really changes across the industry. We don't have the cybersecurity talent, we don't have the skillset, we can't keep our cybersecurity talent. But honestly, we are not doing...
Government: the Ultimate Ransomware Target
If you pay any attention to cyber security related news, you likely have noticed a large uptick in ransomware attacks targeting state and local governments. These ransomware attacks include Albany New York, Lake City Florida, Jackson County Georgia, Baltimore...
8 Strategies for Secure Backups
In the age of ransomware and extreme weather, having secure and redundant backups is critical to ensuring your company can survive and quickly recover from a data loss event. NuHarbor compiled eight tips to ensure your backups are safe, secure, and ready to deploy in...
Zero Trust: Not Just Another Marketing Term
Companies love to throw around the term “Zero Trust” when advertising their security products. With all this marketing hype, it is easy to discount Zero Trust as just another marketing gimmick like “synergy.” However, the Zero Trust model can be an effective method to...
Tech Coalition Creates COVID-19 Testing Application
NuHarbor Security recently partnered with tech industry giants including Adobe and Oracle to develop a “no charge” testing application that is being rolled out to cities and counties around the country. All the participating organizations donated their resources to...
The Vulnerability of Artificial Intelligence
If you have been in the cybersecurity market for more than five minutes, you will see that every product vendor is offering some variation of artificial intelligence, machine learning, or block chain in order to prevent the next zero-day attack. If you are in the...
What is TrickBot and What Makes It So Dangerous?
What is TrickBot? TrickBot was originally developed in 2016 as a Windows banking trojan intended to capture Personally Identifiable Information (PII) to commit fraud. TrickBot primarily used spear-phishing as an attack vector to target high-level corporate executives...
Six Benefits to Choosing a Cloud MSSP
A Managed Security Service Provider (MSSP) maintains the security surrounding your organization’s infrastructure. MSSPs provide outsourced monitoring and security features that increase your ability to detect and defend against an attack. There are two main types of...