Risk - dotSec - Cyber security specialists

Your developers work for Cyber Gangs

Your developers work for cyber gangs Well, not deliberately. But if they’re building software with open-source components, there’s a chance that what they shipped last month included code placed there by criminals. And neither they nor you may know. If your organisation builds or customises software (and almost every organisation does, even if it’s just […]

Your website provider handles payments. Are you accepting the risk?

Your MSP handles the payments but are you accepting the risk? If your website provider told you not to worry about PCI DSS because “we handle the payments”… and you haven’t asked for proof …you might need to start worrying. It’s one of the most common things we hear from businesses: “Our managed service provider […]

FIIG fined: Federal Court orders $2.5M penalty for cyber security failures

FIIG FINED: Federal court orders $2.5M penalty for cyber security failures On the 9th of February 2026, the Federal Court ordered FIIG to pay $2.5 million in civil penalties, plus $500,000 towards ASIC’s legal costs for failing to maintain adequate cyber security measures Back in April 2025, we wrote about ASIC’s lawsuit against FIIG Securities […]

Why ransomware victims pay, and what smart organisations do instead

Why ransomware victims pay, and what smart organisations do instead Ransomware extortion follows rational economics, not random chaos. When assets are valuable, defences are weak, and consequences for attackers are low, extortion thrives. This pattern holds whether the extortionist is the Sicilian Cosa Nostra or a ransomware group operating from a server in St Petersburg. […]

DLL side-loading – Part 2

DLL Side loading – Part 2 This is part two of our two-part blog post, describing our investigation into the process that attackers use when sideloading malicious DLLs into .NET executables. Now that we know from previous work how we can bypass strong-name signature verification. This time we want to side-load a DLL into a […]

Managed SOC/SIEM use cases

Managed SOC/SIEM use cases This video walks us through four SIEM case studies that show how SIEM can strengthens security operations and prevent costly incidents. Take eight minutes out of your day to see and hear about some of our past SIEM security projects (both preventative and responsive) that show how SIEM and MDR solutions effectively […]

ASIC sues for systemic and prolonged cybersecurity failures

ASIC sues FIIG for systemic and prolonged security failures ASIC has commenced a law suit in the Federal Court of Australia. ASIC alleges that from March 2019 to 8 June 2023, FIIG Securities Limited failed to take the appropriate steps, as is required by an Australian Financial Services (AFS) licensee, to ensure it had adequate […]

SIEM solutions for incident management

SIEM solutions for incident management – Use cases This article examines practical use cases: How we’ve used SIEM solutions for incident management. It demonstrate how SIEM strengthens security operations and prevents costly incidents. Security Information and Event Management (SIEM) solutions are often seen as complex and expensive. However, their true value lies in mitigating financial, […]

Using the NIST Cyber Security Framework (CSF) v2

Using the NIST Cyber Security Framework (CSF) v2 In this post, we’ll talk about using the NIST CSF v2, and show you that managing cyber security risk need not be like trying to juggle flaming chainsaws while riding a unicycle under the big top! We’ll explain how you can use the NIST CSF 2.0 to […]

Law Firms And Cyber Tech

Cyber security and law firms: Don’t just do it! The shiny allure of technology is so enticing, and the sales-siren’s call, “Just buy this thing and all your pain will go away” is almost irresistible. But for law firms, cyber security is rarely a problem that can be solved with technology alone. Legal practices handle […]