Hello Security

09/13/2022

The 5 steps to best log management practices

1) Archive log data centrally.

Security logs serve as evidence when you want to conduct forensic analysis. For this reason, archiving all the logs centrally and ensuring their integrity is vital for complying with regulatory mandates. Ensure that you encrypt these logs while archiving, and also implement time stamping, hashing, and other techniques to secure the data.

2) Set the maximum security log size.

Depending on your organization's audit requirement, set the maximum security log size to scale as more data is added to the network. This will prevent information loss due to insufficient storage, ensuring your compliance-readiness.

3) Implement a log retention policy.

Security logs should be retained for longer periods when compared to other log types such as application log data, as they serve as evidence against data breaches and attacks. However, you can't store them forever. Setting up log retention policies is essential to retain the necessary log data, and delete the older data. The maximum security log size and retention policy configuration can be done on a local machine through Microsoft Event Viewer, or on all target computers through Group Policy.

4) Reduce event noise.

Logging too many events makes it difficult to find the important ones during retention. This increases the probability of critical information being overlooked, so carefully configure your audit policy to log critical events such as logon failures, account lockouts, and file access to comply with regulations and ensure network security.

5) Synchronize the system clocks.

For security log entries to have accurate time stamps during retention, the clocks on all systems should be synchronized. Even a small discrepancy in time can make it much harder to reconstruct the chain of events leading to a security lapse. Monitoring your system clocks weekly to check and correct any significant variations can bring down the chances of security incidents going undetected.

08/24/2022

The Hello Security team has recently witnessed a large spike in nefarious scammer activity surrounding around the Facebook platform.

the phishing attacks currently targeting the United States include, Nefarious URLs posted on facebook beneath a " Rent to own" or "Lucrative job offer" facebook posting, and are followed up with Spyware and malware intent to harvest user credentials, PII, and banking information.

This scam campaign resembles a large net being cast with no real individual target, rather, relying on such a vast amount of malicious facebook posts, and such a wide berth of groups shared within.

Hello Security Researchers have spotted this activity in multiple states across the U.S., from Wisconsin to Colorado.

These current attacks seem to be stemming geographically, from India and Africa.

Hello Security Team advises not to click any link found in the comment section of a listing that sounds to good to be true. Use a VPN to provide a layer of anonymity in the event you do accidently click one of these links. if possible, sandbox your devices and limit the amount of lateral movement that can be had if an attacker gains access to any device or account.

08/12/2022

Please be aware, there has been a large influx of phishing campaigns surrounding around the LinkedIn platform. Attackers pretend to be recruiters and either send a loaded calendar or invite, or they gather your details through the "recruitment" process and utilize the voice phishing approach or the cold call phishing approach.

No, Tesla is probably not going through your LinkedIn profile

07/19/2022

Don't forget to check out Hello Security on the Nextdoor app!
https://nextdoor.com/pages/hello-security-llc-sheboygan-wi/

Hello Security LLC in Sheboygan, WI. A vCISO and cybersecurity consultancy agency like the one offered via Hello Security LLC, is an outsourced security officer, or team of technicians and officers, who provide strategic insight to your organization remotely and on a part-time basis. A vCISO extends...

07/17/2022

Hello Security proudly hires freshers.

Cybersecurity and IT in general, are very large and encompassing fields. There is a lot of ground to cover within the whole of the industry.

Each year our professionals and seniors in the field move towards retirement as they mentor and train the new generation of seniors and Cybersecurity professionals to take their place.

However, it has been observed frequently, that certain aspects of the industry are treated as privileged access. Accepting only the most hardened and vetted of the cybersecurity professionals whilst "safeguarding" access to the industry.

We here at Hello Security firmly believe in hiring freshers aka employees seeking to enter the cybersecurity or IT field and we train them in house. Hello Security trains and mentors the next generation of seniors and professionals in order to provide opportunities to learn in an active experience environment, opportunities to expand their professional network, and opportunities to determine their ideal placement in the industry.

With so much ground to cover, and such a shortage of professionals accessible today, safeguarding entry to cybersecurity is detrimental.

We need to encourage with open arms, freshers to enter the field. We need to support their hopes and dreams, and we need to show them unity, rather than safeguarding access to the community.

~CEO Adam R.

07/15/2022

Hello Security researchers take a look at the Zeus -Gameover malware variant
https://www.hellosec.org/post/zeus-gameover-malware-variant

Zeus Gameover belongs to the “Zeus” family of malware. This particular malware is a Trojan. Malware is malicious software designed for malicious purposes, be it stealing funds, encrypting and locking important files, gaining access to account credentials, or any number of other nefarious tasks.

07/14/2022

Hello Security LLC is a proud member of The chamber of commerce in the City Of Sheboygan.

Hello security is proudly giving back to our community by providing jobs, dedicatedly hiring freshers, providing SMB and Enterprise market solutions, and providing cost effective cybersecurity consultation services.

07/14/2022

Hello Security reports on the Follina phishing flaw in circulation.

https://www.hellosec.org/post/follina-rozena-and-you

Fortinet researchers have discovered a phishing campaign that is utilizing the Follina security vulnerability (CVE-2022-30190) in order to seed the Rozena backdoor on Windows systems. Follina is a remote code ex*****on vulnerability that is affiliated with the Microsoft Windows Support Diagnostic To...

07/13/2022

Hello Security takes a look at the Malibot malware.

07/12/2022

Ransomware attacks are still lucrative for cyber threat actors because victims still pay ransoms – and the threat is still evolving.

Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyberattacks disrupted people's lives, organizations and their security, and cost a fortune in remediation.

What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure for ransom – and making extortion demands of millions of dollars.

Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat"

Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.

While ransomware attacks against large organisations get noticed, a ransomware attack against a small or local business, where the victim quickly pays the ransom because they feel as if they've got no other choice, might not get reported at all, and is far more common.

Individual attacks against smaller targets won't bring a huge payday like a successful attack on a big corporation would, but by chaining together a series of attacks against a range of smaller victims, ransomware attackers can still turn a substantial profit.

Ransomware is loud – some criminals may turn to quieter alternatives.
Groups of threat actors could still be laying the foundation for a new wave of ransomware attacks – and yet some hacking groups are likely to be turning their attention towards other cyberattacks that are less noisy but nonetheless profitable for the attacker and detrimental for the victim.

We're going to see that initial access leveraged at scale, so it may be ransomware final-stage payloads, maybe something else – we are seeing a big return to banking trojans in the current Enterpriseand SMB industry markets.

Trojan malware allows threat actors to steal sensitive information from victims, including bank account details, providing them with the opportunity to steal money directly from their victims.

07/12/2022

07/05/2022

Some of the Hello Security board had an awesome meeting today! It was great to see everyone!

Stop in and meet the rest of the team @ hellosec.org if you are interested in SMB & Enterprise cybersecurity implementation and or augmentation!