RSS Feeds
On 31 August 2025, managers at Jaguar Land Rover's Halewood plant in the UK noticed systems behaving strangely. By the following morning, JLR's IT teams had confirmed an active intrusion. The company's response was drastic but deliberate: a near-total shutdown of its global IT network to stop the spread. Production lines in the UK, Slovakia, India, China, and Brazil went dark.
On 2 September 2025, JLR issued its first public statement: "JLR has been impacted by a cyber incident." That was the extent of what the company said publicly. The attacker said considerably more. A group calling itself Scattered Lapsus$ Hunters - a coalition linked to Scattered Spider, Lapsus$, and ShinyHunters - claimed responsibility on Telegram, sharing screenshots of JLR's internal SAP systems and stating that ransomware had been deployed across the company's compromised infrastructure.
As of 30 September 2025, production has still not fully resumed. JLR announced on 23 September that th...
>>[READ MORE]
{elysiumsecurity} 
Cyber Protection & Response
-
News Links
Security News (123 Posts)
Jaguar down, insurance regrets?
Oracle in Denial
On 20 March 2025, a previously unknown threat actor posting under the handle "rose87168" listed six million records for sale on BreachForums, claiming they had been stolen directly from Oracle Cloud's authentication infrastructure.
The data included Java KeyStore (JKS) files, encrypted Single Sign-On (SSO) passwords, LDAP credentials, OAuth2 keys, and Enterprise Manager JPS keys - the kind of data that sits at the very core of how cloud environments authenticate users and systems.
Oracle's initial response was a flat denial. The company told BleepingComputer: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data."
That statement did not hold.
Within days, independent researchers confirmed the breach. By early April 2025, Oracle had quietly begun notifying affected customers directly. The incident is estimated to impact over 140,000 cloud tenants acros...
>>[READ MORE]
How to secure your mobile phone and check for spyware?
To effectively detect if your mobile phone has been compromised or infected with spyware, as well as to secure it from potential future attacks, it is important to follow some security best practices.
Below, we will cover a thorough guide aimed at personal and work phones, which are often unprotected compared to corporate laptops with more advanced security tools (EDR/XDR) which are not often found on mobile phones.
- Detecting potential compromise on your Mobile device
- Review device configuration: Regularly inspect your phone's system settings and installed apps. Look for any configurations or applications that seem unfamiliar or that you did not intentionally set up.
- Installed Apps: Unrecognized applications, especially those in foreign languages or from unknown developers, could indicate potential spyware. If you discover suspicious apps, consider a full device reset.
>>[READ MORE]
Can a pen and paper really save you from a Cyber Incident?
We all know the adage:
It is not a question of "IF" you will be hacked, but "WHEN".
This is true for all companies in all industries.
The ultimate answer to this problem is, to quote a famous French film:
"What is important is not the fall, but the landing." (*)
However, when speaking to upper management about cyber risks and the cost to implement remediation or prevention security controls, the answer we often get is a "Don't worry, we will be fine. We can just operate manually with pen and paper until we fix everything again”.
It might be true for (very few) companies, but the reality is unfortunately often much more complicated than that.
A recent example is a cyber-attack that occurred in the Indian Ocean region this week:
Leal Réunion, a car dealership on the Réunion island, got attacked by a hacker group.
This attack is impacting their ability to use their IT systems and some sensitive financial informati...
>>[READ MORE]
A Generic Incident Playbook
Following the work started last year, we have now published a generic incident playbook that should be useful in any type of cyber incident and get your started on how to respond efficiently and rapidly
It is part of the wider set of incident playbooks (17 of them) and is available as a standalone 2x pages PDF on our github page:
ELYSIUMSECURITY Github Incident Playbook page
>>[READ MORE]
Log4j vulnerability information and 4x steps to prioritise
The aim of this article is to provide some core information about the log4j vulnerability which has been generating a lot of noise in the last few days as well as a list of 4x steps we are recommending based on advice from government agencies and security groups we are a member of.
This vulnerability is serious as it affects a very wide range of devices (CISCO, Checkpoint etc) and applications/services (Vmware vcenter, Apache based website, sentinel one, etc).
It has a CVSS score of 10/10 (critical), the worse possible and allows unauthenticated remote code execution: CVE-2021-44228
The vulnerability affects applications running all versions of log4j before version 2.15.0 and is exploited by sending a specific text string that is interpreted by the log4j library
The Cybersecurity & Infrastructure Security Agency (CISA) has issued some guidance about it: ...
>>[READ MORE]
Programming and Cyber Security
The Mauritius Python User Group kindly asked me to do a presentation on programming and Cyber Security.
In this presentation, I provide an overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid.
You can find the slides to this presentation on slideshare here.
And there was also a video recording available on Youtube.
>>[READ MORE]
The WhatsApp Privacy Question
With Facebook recently changing its terms and privacy policy for all its WhatsApp users outside of the EU, it seems to have made a lot of people angry.
When it comes to (your) data privacy and what this update means to non-EU WhatsApp’s users, in the end, I believe it does not mean much difference to what existed before! and if you are ok with targeted Marketing then there is no need to do anything different.
Facebook/WhatsApp just put the spotlight on how personal information is being crossed reference and used for marketing purposes. It happened before but it seems more people this time around are more receptive about the implication of such practice and thus it is creating a wave of exode to over more privacy conscious messaging platforms.
Let's ask ourselves 3x basic questions about this situation:
1. What can WhatsApp see now?
WhatsApp cannot see the content of the messages sent through its platform (allegedly, but let’s assume t...
>>[READ MORE]
Free Cyber Incident Playbooks on GitHub
We are in the process of migrating our free resources/download to GitHub in an effort to facilitate the contribution from and to the cyber security community.
The first open source project we uploaded to GitHub is our cryptography project (BUGS) and the second one is our ES Cyber Incident playbooks project.
Our Cyber incident playbooks project is based on the work done by the CERT Societe Generale (SG CERT) which is available for free, under the Creative Commons Attribution 3.0 Unported License, on GitHub. Our project uses the same licensing model and you are free to use the content of our document(s) as per the aforementioned license and with referencing the author(s).
This project provides a number of Incident Response Methodologies (IRM), also called incident playbooks, aimed at helping a company with the handling of different t...
>>[READ MORE]
HOW TO PROTECT AGAINST THE NEW PHISHING ATTACKS GETTING AROUND MFA (CONSENT PHISHING)
There is a growing type of phishing attack which has been quite successful since the beginning of 2020, it is called a "Consent Phishing"
Traditional email phishing attacks will try to get the victim's credentials through a dangerous URL with a fake login webpage, a malware attachment or some other clever social engineering tactics.
Hopefully companies have some anti-phishing tools/technology to detect and protect them against most of those type of emails (some always manage to get through, no matter what technology you use and what vendors promise you!)
However, there is a new type of phishing attacks that leverages the OAuth authorisation framework used by some applications to access your account. Basically, there are a lot of legitimate applications that will request access to your O365 account (it could also be another type of Cloud app provider) through the generation of an OAuth token, so they don't need to know (and store) your O365 password.
...
>>[READ MORE]