The path to digital trust

As digitisation becomes standard, organisations everywhere are battling to navigate an onslaught of new and ever-changing cyber risks. But while the landscape is unfamiliar, you still walk it with one foot in front of the other. Last year, as global commerce got back on its feet, the Mobius Group conducted a survey with over 200…

Read More

The Mobius Group 2023 Cyber Security Survey

The Participants of the 2023 Cyber Security Survey The report draws insights from a wide array of respondents, ranging from C-Level executives to IT and cyber security specialists, across various global regions, including United Kingdom, Europe, North America, the Middle East, Mauritius, and Africa. This diverse participation ensures a broad perspective on cyber security challenges…

Read More

Permission to Launch in a Fintech Startup

Another example of ongoing support, we’re currently helping a fintech startup on its journey towards launch. Like any startup, the company has been developed from scratch, with the necessary testing performed to ensure the environment is secure.  Thus far, we’ve done all the testing for their mobile and web apps and their hosting environment: an…

Read More

Guarding the Guard in a Tech Startup

For three years running, we’ve performed web application pentesting for a client’s B2B SaaS platform. Since they’re an organisation targeting ISO27001 certification, it should come as no surprise that regular pentesting is part of its information security requirements.  Given that the platform is a tool used by large corporations to assess third-party risk, our client…

Read More

Business As Usual in the Banking Sector

Along with standalone projects, we’re also able to work for clients on an ongoing basis, providing extra capacity for internal pentesting teams. By way of example, we do much of the repeatable work for a particular bank, allowing their internal teams to concentrate on strategic concerns without becoming overwhelmed by time-consuming, mundane requirements, many of…

Read More

Unsafe Objects in the Retail Industry

Working as subject matter experts within the internal audit function of a large retailer, we performed an external pentest to provide technical feedback to management as well as reporting to the audit and risk committee.  The retailer’s website had a function to accept applications, requiring customers to submit supporting documents containing sensitive information. Within this…

Read More

Beware the Black Swan

Here’s a useful example of our work with Mobius Consulting. A listed mining house required an information security health check comprising internal and external pentests as well as a threat simulation. The Mobius Consulting team performed a gap assessment against the NIST Cybersecurity Framework, which is normally an interview-based and document review exercise.  In this…

Read More

One in a Thousand

An oil and gas company with global operations required a pentest to see what would happen if someone had already breached their network from outside. With a standard set of user credentials and remote access, what could they do from there?  Our first goal was to find a way to put the tools we needed…

Read More

Unintentional Discount in the Retail Industry

A large retailer with an e-commerce solution asked us to perform a pentest, during which we discovered two main issues. First, we could access sensitive information such as other customers’ details. The second issue pertained to manipulating shopping baskets, altering the basket value to a nominal amount, and being able to check out.  The benefits…

Read More

The Talkative Chatbot in the Banking Sector

A bank with operations across multiple African countries asked us to run pentests across all their web apps, mobile apps, internal networks and public-facing infrastructure – a big chunk of work exceeding a thousand hours of testing.  By far, the most interesting and impactful discovery came from an unexpected quarter: a chatbot on the bank’s…

Read More