Risk - dotSec - Cyber security specialists

Your website provider handles payments. Are you off the hook for PCI DSS?

Your website provider handles payments. Are you off the hook for PCI DSS? If your website provider told you not to worry about PCI DSS because “we handle the payments”… and you haven’t asked for proof …you might need to start worrying. It’s one of the most common things we hear from businesses: “Our provider […]

FIIG fined: Federal Court orders $2.5M penalty for cyber security failures

FIIG Fined: Federal Court orders $2.5M penalty for cyber security failures Back in April 2025, we wrote about ASIC’s lawsuit against FIIG Securities for what ASIC described as “systemic and prolonged cybersecurity failures”. Back then, we noted that the initiative had shifted firmly from FIIG to ASIC and the Federal Court, and that on the question […]

Why ransomware victims pay, and what smart organisations do instead

Why ransomware victims pay, and what smart organisations do instead Ransomware extortion follows rational economics, not random chaos. When assets are valuable, defences are weak, and consequences for attackers are low, extortion thrives. This pattern holds whether the extortionist is the Sicilian Cosa Nostra or a ransomware group operating from a server in St Petersburg. […]

DLL side-loading – Part 2

DLL Side loading – Part 2 This is part two of our two-part blog post, describing our investigation into the process that attackers use when sideloading malicious DLLs into .NET executables. Now that we know from previous work how we can bypass strong-name signature verification. This time we want to side-load a DLL into a […]

Managed SOC/SIEM use cases

Managed SOC/SIEM use cases This video walks us through four SIEM case studies that show how SIEM can strengthens security operations and prevent costly incidents. Take eight minutes out of your day to see and hear about some of our past SIEM security projects (both preventative and responsive) that show how SIEM and MDR solutions effectively […]

ASIC sues for systemic and prolonged cybersecurity failures

ASIC sues FIIG for systemic and prolonged security failures ASIC has commenced a law suit in the Federal Court of Australia. ASIC alleges that from March 2019 to 8 June 2023, FIIG Securities Limited failed to take the appropriate steps, as is required by an Australian Financial Services (AFS) licensee, to ensure it had adequate […]

SIEM solutions for incident management

SIEM solutions for incident management – Use cases This article examines practical use cases: How we’ve used SIEM solutions for incident management. It demonstrate how SIEM strengthens security operations and prevents costly incidents. Security Information and Event Management (SIEM) solutions are often seen as complex and expensive. However, their true value lies in mitigating financial, […]

Using the NIST Cyber Security Framework (CSF) v2

Using the NIST Cyber Security Framework (CSF) v2 In this post, we’ll talk about using the NIST CSF v2, and show you that managing cyber security risk need not be like trying to juggle flaming chainsaws while riding a unicycle under the big top! We’ll explain how you can use the NIST CSF 2.0 to […]

Law Firms And Cyber Tech

Cyber security and law firms: Don’t just do it! The shiny allure of technology is so enticing, and the sales-siren’s call, “Just buy this thing and all your pain will go away” is almost irresistible. But for law firms, cyber security is rarely a problem that can be solved with technology alone. Legal practices handle […]

TPSP AOCs save you money!

a tpsp WILL SAVE YOU MONEY! Protecting sensitive information has become a vital aspect of running any business, and one area that requires a high level of vigilance is payment security, especially for businesses that handle credit card (also known as cardholder) data. These businesses must adhere to the Payment Card Industry Data Security Standard […]