The NuHarbor Notice
Web App Vulnerability Basics: Cross-Site Request Forgery
This is an article in a series on Web Application Vulnerability Basics. What Is Cross-Site Request Forgery? Cross-Site Request Forgery, also known as CSRF and XSRF, is a web application attack that tricks a victim into submitting a malicious request to a web app that...
Breach of the Week – Marriott Meltdown
In this weeks Breach of the Week, Justin and Zack discuss not one, but two, separate breaches at Marriott hotels, one releasing nearly enough data for every person in the United States! Will this stop Justin and Zack from ever staying at a Marriott again or will they...
Attracting and Keeping Your Cyber Security Talent
It's graduation season and despite the very strange and challenging times we live in, a lot of awesome and talented students are about to be unleashed into the world and if you're a cyber security company that's trying to attract them, Justin has some thoughts. Maybe...
Web App Vulnerability Basics: Path Traversal
This is an article in a series on Web Application Vulnerability Basics. What Is a Path Traversal Attack? Path traversal, also known as directory traversal and backtracking, is an exploit that allows an attacker to access files on a web server that they are not...
Breach of the Week: War Stories With Eric
On this week's episode, we're testing how far a breach can go and what happens when a customer is 100% positive they're system is bullet proof. Can Eric drop ship a very expensive item to prove a point? Can Randy print himself a badge so that he doesn't have to wait...
Why Government Is the Ultimate Ransomware Target
Why are government agencies constantly a target for ransomware? Not a day goes without a story about a city or government agency that is found itself on the losing end of a ransomware attack. Adversaries can create relentless attacks on networks looking for any...
Attracting and Keeping Our Cybersecurity Talent
The cybersecurity talent thing is getting old. Everyone talks about it, but nothing really changes across the industry. We don't have the cybersecurity talent, we don't have the skillset, we can't keep our cybersecurity talent. But honestly, we are not doing...
Pwned Breach of the Week – War Stories with Randy
This week we're again joined by Eric and Randy to hear some war stories. Randy takes us through the time that he immediately accessed a bunch of very critical files while he was hanging out waiting for an engagement to begin. He also discusses how Justin tried to talk...
Government: the Ultimate Ransomware Target
If you pay any attention to cyber security related news, you likely have noticed a large uptick in ransomware attacks targeting state and local governments. These ransomware attacks include Albany New York, Lake City Florida, Jackson County Georgia, Baltimore...
Pwned GigaBytes – Hiring and Recruiting with Emi and Allie
Whether you recently graduated or are looking to break into cyber security, you need to check out our hiring and recruiting episode with two of our Talent Acquisition Specialists, Emi and Allie. Should you write a 20-page resume? How important are cover letters? What...
8 Strategies for Secure Backups
In the age of ransomware and extreme weather, having secure and redundant backups is critical to ensuring your company can survive and quickly recover from a data loss event. NuHarbor compiled eight tips to ensure your backups are safe, secure, and ready to deploy in...
Breach of the Week – Catch of the Day
We live in a world where everything is connected to the internet, even fish tanks, and as we learn in today's episode, that internet connected fish tanks can cause you some real headaches. Justin found a story about a fish tank in a casino that was used to access a...
Pwned GigaByte – Eric and Randy Get Paid to Break Into Other Peoples Stuff
On this week's episode of Pwned, Justin and Zack are joined by Eric and Randy, two operators from our penetration testing team. This is another long episode and we are spending that time to learn everything about how our team uses white hat techniques to poke, prod,...
Zero Trust: Not Just Another Marketing Term
Companies love to throw around the term “Zero Trust” when advertising their security products. With all this marketing hype, it is easy to discount Zero Trust as just another marketing gimmick like “synergy.” However, the Zero Trust model can be an effective method to...
Pwned Breach of The Week: Your Online Dating Data Is Ready to Mingle
On this week’s episode of Pwned Breach of the Week, we are checking out dating data that found itself on the market, unfortunately it was not interested in starting a new relationship. The data breach resulted in numerous online dating services finding their client...