Uncategorized
The Mobius Group 2023 Cyber Security Survey
The Participants of the 2023 Cyber Security Survey The report draws insights from a wide array of respondents, ranging from C-Level executives to IT and cyber security specialists, across various global regions, including United Kingdom, Europe, North America, the Middle East, Mauritius, and Africa. This diverse participation ensures a broad perspective on cyber security challenges…
Read MorePermission to Launch in a Fintech Startup
Another example of ongoing support, we’re currently helping a fintech startup on its journey towards launch. Like any startup, the company has been developed from scratch, with the necessary testing performed to ensure the environment is secure. Thus far, we’ve done all the testing for their mobile and web apps and their hosting environment: an…
Read MoreGuarding the Guard in a Tech Startup
For three years running, we’ve performed web application pentesting for a client’s B2B SaaS platform. Since they’re an organisation targeting ISO27001 certification, it should come as no surprise that regular pentesting is part of its information security requirements. Given that the platform is a tool used by large corporations to assess third-party risk, our client…
Read MoreBusiness As Usual in the Banking Sector
Along with standalone projects, we’re also able to work for clients on an ongoing basis, providing extra capacity for internal pentesting teams. By way of example, we do much of the repeatable work for a particular bank, allowing their internal teams to concentrate on strategic concerns without becoming overwhelmed by time-consuming, mundane requirements, many of…
Read MoreUnsafe Objects in the Retail Industry
Working as subject matter experts within the internal audit function of a large retailer, we performed an external pentest to provide technical feedback to management as well as reporting to the audit and risk committee. The retailer’s website had a function to accept applications, requiring customers to submit supporting documents containing sensitive information. Within this…
Read MoreBeware the Black Swan
Here’s a useful example of our work with Mobius Consulting. A listed mining house required an information security health check comprising internal and external pentests as well as a threat simulation. The Mobius Consulting team performed a gap assessment against the NIST Cybersecurity Framework, which is normally an interview-based and document review exercise. In this…
Read MoreOne in a Thousand
An oil and gas company with global operations required a pentest to see what would happen if someone had already breached their network from outside. With a standard set of user credentials and remote access, what could they do from there? Our first goal was to find a way to put the tools we needed…
Read MoreUnintentional Discount in the Retail Industry
A large retailer with an e-commerce solution asked us to perform a pentest, during which we discovered two main issues. First, we could access sensitive information such as other customers’ details. The second issue pertained to manipulating shopping baskets, altering the basket value to a nominal amount, and being able to check out. The benefits…
Read MoreThe Talkative Chatbot in the Banking Sector
A bank with operations across multiple African countries asked us to run pentests across all their web apps, mobile apps, internal networks and public-facing infrastructure – a big chunk of work exceeding a thousand hours of testing. By far, the most interesting and impactful discovery came from an unexpected quarter: a chatbot on the bank’s…
Read MoreReassurance in the Insurance Industry
A large insurer asked us to perform a wide range of pentests – a big exercise involving 600 hours of work. We discovered that their public-facing sites had a blind time-based SQL injection vulnerability. This allowed us, from an unauthenticated perspective, to download the customer database, complete with sensitive information such as home addresses, manifests…
Read More