News and updates - DotSec - Cyber security specialists

June 2025 cyber news

What a month! June cyber news and updates Let us know how we can help News and updates for June, 2025 In this month’s newsletter, we we cover off on: Further fake job-applicant news, now with AI and LOLs. Some more work on creating malware using DLL sideloading. Some “How to save money” PCI DSS […]

Your transformation is almost complete

Part 2 Sideloading – By default, everything is possible This is part two of our two-part blog post, describing our investigation into the process that attackers use when sideloading malicious DLLs into .NET executables. Now that we know how we can bypass strong-name signature verification, and we want to side-load a DLL into a Microsoft-signed […]

Sacks of rocks: Lighten your PCI DSS reporting load

OK, an apology to start with: This post is about SAQs (and ROCs) but I thought that a sparkling, witty headline might get better engagement. Apologies if you’re here for landscaping supplies. Now, on with the post! Using SAQ A to reduce your PCI DSS reporting load We’ve written about the PCI DSS (Payment Card Industry […]

Video: Four SIEM case studies

One video: Four SIEM use-cases in eight minutes! Security Information and Event Management (SIEM) solutions are often seen as complex and expensive. However, their true value lies in mitigating financial, compliance, and third-party risks through early detection and automation. This video walks us through four SIEM case studies that show how SIEM can strengthens security […]

Becoming one with the malware

DLL sideloading: tricks, traps and fixes – Part 1! This blog post is a result of our investigation into the process that attackers use when sideloading malicious DLLs into .NET executables. We’ll describe how and under what circumstances an attacker can get a malicious .NET DLL to be loaded by a trusted (signed) .NET executable, […]

ASIC and drinking horses

Leading a horse to water We’ve all heard the saying: “You can lead a horse to water but you can’t make it drink”, right? Well, the Australian Securities and Investments Commission (ASIC) seems to have different ideas! ASIC has commenced a law suit in the Federal Court of Australia. ASIC alleges [that] from March 2019 to […]

Actual posts from #therealMSIEM

Actual posts from #therealMSIEM Security Information and Event Management (SIEM) solutions are often seen as complex and expensive. However, their true value lies in mitigating financial, compliance, and third-party risks through early detection and automation. This article examines practical use cases that demonstrate how SIEM strengthens security operations and prevents costly incidents. We refer to […]

The human factor: How to undermine your PCI DSS compliance

How to undermine your PCI DSS compliance efforts When it comes to PCI DSS compliance, most organisations focus on technical controls such as firewalls, encryption, and monitoring tools, to secure cardholder data. However, even the most advanced technical safeguards can be rendered useless if employees mishandle cardholder data due to a lack of training. PCI […]

Cyber: What HR and recruiters need to know.

Hiring from North Korea? HR, recruiters and cyber security In May 2024, the U.S. Department of Justice unsealed charges against individuals involved in schemes where overseas IT workers, some linked to North Korea, posed as U.S. citizens to secure remote employment with over 300 American companies. These workers utilized stolen or borrowed identities to gain employment with […]

Internet shortcuts and DLL hijacking

Internet shortcuts and DLL highjacking TL; DR DLL hijacking over WebDAV using .url files is still effective now, in 2024. Windows hardening measures don’t help if you use MSBuild .rsp files But there are videos, so you really should read on! Introduction Internet shortcut (.url) files are traditionally used to link to an (Internet-based) URL […]