Security News (119 Posts)

1 2 3 4 5 ... Last - Previous >>

MAURITIUS SECURITY CLUB IS BACK - MU.SCL Season 3!

#154 - Posted on 06 March 2025 - Author: SM - Category: Conferences, Security

After many years, we are finally back!

We are happy to confirm our new meeting for the Mauritius Cyber Security Club: MU.SCL.
This FREE to attend meeting will take place at the Flying Dodo Brewing Company in Bagatelle. In there conference room upstairs.

In this new event, the following two talks will be presented:

  • Talk1 - 2025 LESSONS FOR 2026 (Sylvain Martinez - ELYSIUMSECURITY): The first talk will provide an overview of the main security stories (horrors) or 2025 and what we can learn about them to make 2026 more secured.
  • Talk2 - AI, ENABLER OR THREAT? (Sylvain Martinez - ELYSIUMSECURITY): The second talk will look at the latest news related to Artificial Intelligence, how it is used to enhance security protections but also used to facilitate more sofisticated attacks. We will also touch on what it may means for our future security jobs/roles!
You can register for this event, for free, on the eventbrite website: ...
>>[READ MORE]

Notepad++ and the joy of shadow IT application procurement

#153 - Posted on 06 March 2025 - Author: SM - Category: Hacking, Security

Last month the maintainer of Notepad++ published a disclosure that will make any developer or sysadmin uncomfortable.
For about six months, from June through December 2025, the software's update mechanism had been hijacked by a Chinese state-sponsored threat actor.
Every time a targeted user hit "Check for Updates", they were potentially downloading malware instead of a legitimate new version, and the installer looked and behaved exactly like the real thing.

Notepad++ is not a niche tool. It is one of the most widely installed text editors in the world, used daily by developers, system administrators, network engineers, and security professionals.
That demographic is precisely why it was targeted. In enterprise environments, these are often the most privileged users on the network. Compromise their workstation through a trusted update and you have bypassed the perimeter entirely.

The attackers did not touch a single line of Notepad++ source code. They...
>>[READ MORE]

Apple's Spyware Alerts and 2025 closing thoughts!

#152 - Posted on 30 December 2025 - Author: SM - Category: Hacking, Security

On 2 December 2025, Apple sent threat notifications to users in 84 countries - one of the largest single waves since the programme launched.
Not a security tip.
A direct, personal warning: your device may have been targeted by state-sponsored attackers. Apple reserves these alerts for situations where it believes a user is being hunted by well-resourced, sophisticated operators. Custom operations. Expensive. Almost always government-connected.

The alerts landed in the middle of a coordinated disclosure by Google, Amnesty International, and a consortium of investigative journalists focused on Intellexa - the company behind the Predator spyware platform. Already sanctioned twice by the US government, Intellexa had simply adapted: setting up shell companies to infiltrate advertising networks, and deploying a new infection method called "Aladdin" that silently compromises a device through a targeted banner ad.
There was no link to click, no file to open. Just an...
>>[READ MORE]

Cyber Security Governance resources from the UK Government

#151 - Posted on 12 November 2025 - Author: SM - Category: Guides, Security


Last month, the UK government addressed a letter to all CEOs and Chairs or leading UK companies emphasising that hostile cyber activity is increasing in frequency, sophistication, and impact. It also stated that cyber resilience is a critical enabler of economic growth and that organisations recover better when they have planned and rehearsed for worst-case disruption.

Although it references services and bills that are UK centric, there are some interesting points and information that could be considered and/or used in any country.

The letter asks companies to take three specific actions:

  • Make cyber risk a Board-level priority by using the Cyber Governance Code of Practice.
  • Sign up to the Early Warning service of the National Cyber Security Centre (NCSC) – a free service giving early alerts of potential attacks on your network. Your country may offer a national CERT service that is similar and if not but it could also be replaced with a
    • ...
    >>[READ MORE]

What the Salesfoce breach can teach us on Cloud/SaaS Security?

#150 - Posted on 23 October 2025 - Author: SM - Category: Hacking, Security


What Happened?
The attack ran on two front simultaneously.

  • On the first, attackers quietly compromised Salesloft's GitHub repositories between March and June 2025, stealing Drift OAuth refresh tokens. Those tokens gave them persistent, legitimate-looking API access to the Salesforce environments of every company using their integration. Thousands of database queries were run in the background, pulling contact records, case data, and critically embedded credentials like AWS keys and tokens that had been pasted into support tickets.
  • On the second, attackers impersonated Salesforce support staff in targeted phone calls, tricking employees into installing a malicious app that granted OAuth access and bypassed MFA entirely. This campaign hit consumer brands directly.

Once they had accumulated enough data, the group went public. On 3 October 2025, they launched a dark web site called: Trinity of Chaos, published samples of...
>>[READ MORE]

ElysiumSecurity is 10 Years old!

#149 - Posted on 05 October 2025 - Author: SM - Category: Security


Ten years ago (5 October 2015), ElysiumSecurity Ltd was incorporated in the UK.
At the time, it was simply a decision to build something small, independent, and useful: a security practice focused on what actually reduces risk in the real world, prevention where it's sensible, detection where it matters, and response that works when things go wrong.
It also started as a side project! as Sylvain Martinez, ElysiumSecurity's founder, was still fully employed at BP.
Sylvain had agreed with his management to only work out of office hours, at weekend and not for the big four or a competitor. That's why he focused on Hedge Funds.
And a small but important details, Sylvain no longer had one early appraisal, but monthly appraisals!

If you've followed our writing over the years, you'll recognise the themes: less theory, more practical and proven advice. The website tagline says "Cyber Protection & Response" and that has always been the point, help organisations s...
>>[READ MORE]

Jaguar down, insurance regrets?

#148 - Posted on 30 September 2025 - Author: SM - Category: Guides, Security

On 31 August 2025, managers at Jaguar Land Rover's Halewood plant in the UK noticed systems behaving strangely. By the following morning, JLR's IT teams had confirmed an active intrusion. The company's response was drastic but deliberate: a near-total shutdown of its global IT network to stop the spread. Production lines in the UK, Slovakia, India, China, and Brazil went dark.

On 2 September 2025, JLR issued its first public statement: "JLR has been impacted by a cyber incident." That was the extent of what the company said publicly. The attacker said considerably more. A group calling itself Scattered Lapsus$ Hunters - a coalition linked to Scattered Spider, Lapsus$, and ShinyHunters - claimed responsibility on Telegram, sharing screenshots of JLR's internal SAP systems and stating that ransomware had been deployed across the company's compromised infrastructure.

As of 30 September 2025, production has still not fully resumed. JLR announced on 23 September that th...
>>[READ MORE]

Oracle in Denial

#147 - Posted on 26 April 2025 - Author: SM - Category: Hacking, Security

On 20 March 2025, a previously unknown threat actor posting under the handle "rose87168" listed six million records for sale on BreachForums, claiming they had been stolen directly from Oracle Cloud's authentication infrastructure.
The data included Java KeyStore (JKS) files, encrypted Single Sign-On (SSO) passwords, LDAP credentials, OAuth2 keys, and Enterprise Manager JPS keys - the kind of data that sits at the very core of how cloud environments authenticate users and systems.

Oracle's initial response was a flat denial. The company told BleepingComputer: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data."
That statement did not hold.
Within days, independent researchers confirmed the breach. By early April 2025, Oracle had quietly begun notifying affected customers directly. The incident is estimated to impact over 140,000 cloud tenants acros...
>>[READ MORE]

How to secure your mobile phone and check for spyware?

#146 - Posted on 08 November 2024 - Author: SM - Category: Guides, Hacking, Security


To effectively detect if your mobile phone has been compromised or infected with spyware, as well as to secure it from potential future attacks, it is important to follow some security best practices.
Below, we will cover a thorough guide aimed at personal and work phones, which are often unprotected compared to corporate laptops with more advanced security tools (EDR/XDR) which are not often found on mobile phones.

  1. Detecting potential compromise on your Mobile device
    2.
    1. Review device configuration:
      2. Regularly inspect your phone's system settings and installed apps. Look for any configurations or applications that seem unfamiliar or that you did not intentionally set up.
      • Installed Apps: Unrecognized applications, especially those in foreign languages or from unknown developers, could indicate potential spyware. If you discover suspicious apps, consider a full device reset.
    ...
    >>[READ MORE]

Can a pen and paper really save you from a Cyber Incident?

#145 - Posted on 01 March 2023 - Author: SM - Category: Hacking, Security


We all know the adage:
It is not a question of "IF" you will be hacked, but "WHEN".

This is true for all companies in all industries.

The ultimate answer to this problem is, to quote a famous French film:
"What is important is not the fall, but the landing." (*)

However, when speaking to upper management about cyber risks and the cost to implement remediation or prevention security controls, the answer we often get is a "Don't worry, we will be fine. We can just operate manually with pen and paper until we fix everything again”.

It might be true for (very few) companies, but the reality is unfortunately often much more complicated than that.

A recent example is a cyber-attack that occurred in the Indian Ocean region this week:
Leal Réunion, a car dealership on the Réunion island, got attacked by a hacker group.
This attack is impacting their ability to use their IT systems and some sensitive financial informati...
>>[READ MORE]