Security News (102 Posts)

1 2 3 4 5 ... Last - Previous >>

FREE CYBER SECURITY TESTING FOR SMALL BUSINESSES IN MAURITIUS

#136 - Posted on 03 April 2020 - Author: SM - Category: Security

Starting on the 6th of April, ELYSIUMSECURITY will offer a free service for the community in Mauritius. If you are a small business who has recently setup an online shopping website we can test the security of your website/platform at no charge and provide you with a short report on potential security vulnerabilities alongside some practical advice on how to fix them.

In these difficult times it is very important to help each other. More and more people are now looking at remote shopping online (we are!), so it is important those new websites do not get hacked and we can all continue to use those online services.

Below are the key points of this free service:

  • 100% free with no future commitment or “after sale” nonsense, it is our way to say thank you to all those businesses and services that help the community in those hard times;
  • You will need to provide proof your own the website/service to be tested;
  • We will enter into a simplifie
    • ...
    >>[READ MORE]

    The problem with password expiry

    #135 - Posted on 05 February 2020 - Author: SM - Category: Security

    When it comes to password expiry, different companies have different policies.
    Whilst the current industry standard is 90 days, a lot of companies do enforce a lower 30 days period or anything in between 30 and 90 days.
    If you ask the users, they do not tend to be happy with changing passwords often and even at all (are you?)

    The problem with changing passwords often is that, unless you are using some kind of password safe with random generated passwords, users tend to just change a letter or number at the end of their password (1, 2, 3 or 2019, 2020, etc.), chose another weak password all together or write it down somewhere.
    And if users do that, then changing their passwords often does not improve your security posture.

    We therefore advise not to go lower than 90 days when it comes to password expiry, in fact when it comes to authentication security, we would highly recommend that you enforce dual factor authentication through SMS or App for s...
    >>[READ MORE]

    Afer 17 years, a NEW BUGS Cryptography Package for Unix (version 4.1.2)

    #134 - Posted on 17 January 2020 - Author: SM - Category: Cryptography, Security

    BUGS is a personal cyber security project from Sylvain Martinez, which started about 25 years ago and has enabled him to kick start his career in Cyber Security.
    As such it has a special place in the heart of ELYSIUMSECURITY.
    It is an open source project where Sylvain created his own symmetric cryptography algorithm along with a few applications to showcase the capability of his cryptography algorythm:
    An application to encrypt/decrypt files, a simple encrypted chat application, a secure shell add-on, a password manager, etc.


    This project is a hobby and should only be seen as that, any respectable professional cryptographer would tell you this: "Do not create your own cryptography algorithm"!
    Furthermore, we always advise our clients to only use international standard algorithms (i.e.: AES)

    Having said that, it doesn't mean we cannot have a go ourselves!
    It had the merit of teaching us a lot about cryptography and after all, no one ha...
    >>[READ MORE]

    2019 CYBER SECURITY TRENDS REPORT OVERVIEW

    #133 - Posted on 10 July 2019 - Author: SM - Category: Guides, Security

    In the past 6 months, ELYSIUMSECURITY has looked at 10 of the most popular Cyber Security reports of 2019 and created an overview document summarising their main trends and predictions.
    The results will be presented at the next MU.SCL event (free registration HERE) but you can already have a look at the main findings by downloading the presentation in the DOWNLOAD section.

    ...
    >>[READ MORE]

    PHISHING PROTECTION FRAMEWORK

    #132 - Posted on 01 July 2019 - Author: SM - Category: Guides, Security

    ELYSIUMSECURITY has designed a practical framework to help organisations implement an efficient Phishing Protection program.
    Phishing has become the number one attack vector used by criminals to get around most companies defences and use social engineering to extract confidential information and conduct financial frauds.


    For an efficient Phishing Protection program, organisations must consider not only implementing awareness and simulation campaigns but also integrate them to their phishing detection and protection strategy.


    More information on how to implement this framework is available in our DOWNLOAD section.

    ...
    >>[READ MORE]

    NATIONAL CYBER SECURITY DRILL 2019

    #131 - Posted on 25 June 2019 - Author: SM - Category: Conferences, Security

    ELYSIUMSECURITY was asked to participate in the 2019 Mauritius National Cyber Drill where we presented on Incident Response in front of Mauritian organisations that are critical to the operation of the country. We took this opportunity to introduce the core concepts of the NIST SP 800-61 Incident Response framework.

    We also provided a high level view of the ELYSIUMSECURITY Incident Response framework, which is a practical implementation of the NIST SP 800-61 Incident Response frameworkand the FIRST CSIRT services Framework

    The updated presentation slides are available in our DOWNLOAD section...
    >>[READ MORE]

    HOW TO CHOOSE MICROSOFT 365 SECURITY PLANS AND ADD-ONS: E3, E5, EMS E3, EMS E5, 365 E3, 365 E5

    #130 - Posted on 24 May 2019 - Author: SM - Category: Guides, Security

    Knowing what security features are included or not in the different packages offering from Microsoft can be confusing.
    In this article, we will explain the overall principle of what all of those plans means.

    For most companies, when it comes to Microsoft products you need protection for your EMAILS/DOCUMENTS/ENDPOINTS and for your ACCESS to Microsoft products (meaning AD, even if you are a Apple house)

    The bottom line is that for ensuring you have the best security you want all or some of those security features:

  • Some advanced threat protection for your email/documents/endpoints:
    URL Link protection;
    Attachment protection;
    Identity and impersonation protection;
    Threat Intelligence;
    Alert for suspicious logins or activities;
    Logs and archiving;
    Advanced search and discovery;
    DLP
    Digital Right Management;
    Encryption;
    MDM (phones and laptops);
    GPO;
    Etc.

  • Some advanced threat p
    • ...
    >>[READ MORE]

    New Download section with Presentations

    #127 - Posted on 02 July 2018 - Author: SM - Category: Conferences, Security

    A new section has been added to the Download page where you can now find a link to all the public presentations ELYSIUMSECURITY has been giving.
    Those presentations cover a wide range of Cyber Security topics and we hope you find them useful.
    They are classified as public and you are welcome to re-use them or part of their content, we just ask if you could please reference the source of this material if you do so.

    ...
    >>[READ MORE]

    FREE Cyber Security Event - 3rd Episode!

    #126 - Posted on 12 April 2018 - Author: SM - Category: Conferences, Security

    Special guest announced for the next MU.SCL event!
    Dr Kaleem Usmani from CERT MU will be presenting on Incident Handling.
    You can register now HERE !

    This FREE to attend meeting will take place on the Thursday 26th of April 2018, from 6pm to 8pm, at the Flying Dodo Brewing Company in Bagatelle, Mauritius.

    We are working on a streaming option for those of you who cannot physically attend.

  • Talk1 - Social Media as a Cyber Weapon (Sylvain Martinez - ELYSIUMSECURITY)
  • Talk2 - Incident Handling in Organisations (Dr Kaleem Usmani - CERT MU)

    The first talk will present how information shared on social media platforms can easily be obtained and used against you. We will also take a look at recent world events and how this data can be aggregated and why this is dangerous.

    The second talk will discuss incident handling in t
    • ...
    >>[READ MORE]

    MU.SCL - Second Meeting for the Mauritius Cyber Security Club

    #125 - Posted on 18 March 2018 - Author: SM - Category: Conferences, Security

    Following the success of last month event, ELYSIUMSECURITY is happy to confirm the second meeting for the Mauritius Cyber Security Club: MU.SCL
    This FREE to attend meeting will take place at the Flying Dodo Brewing Company in Bagatelle.

    In this second edition, the following two talks will be presented:

  • Talk1 - Introduction to ISO27001, GDPR, FFIEC
  • Talk2 - How to setup an IDS at home

    • The first talk will provide a high level overview of important Cyber Security regulations, standards and best practices relevant to most industries nowadays. At the end of the presentation, attendees should be able to take away key information and follow-up with any questions/worries/debate they may have on the subject.

    The second talk will be more technical and focus on how everyone can install an Intrusion Detection System in their home using Open Source software. This talk will hig...
    >>[READ MORE]