News and updates - DotSec - Cyber security specialists

DotSec’s AOC saves you money!

DotSec’s AOC saves you money! DotSec provides managed SIEM services to customers in a range of industries but as described in cyber security standards such as APRA’s CPS 234 and the Payment Card Industry Data Security Standard (or PCI DSS), cyber-security service providers are increasingly on the hook when it comes to the certification and […]

ASIC and drinking horses

Leading a horse to water We’ve all heard the saying: “You can lead a horse to water but you can’t make it drink”, right? Well, the Australian Securities and Investments Commission (ASIC) seems to have different ideas! ASIC has commenced a law suit in the Federal Court of Australia. ASIC alleges [that] from March 2019 to […]

Actual posts from #therealMSIEM

Actual posts from #therealMSIEM Security Information and Event Management (SIEM) solutions are often seen as complex and expensive. However, their true value lies in mitigating financial, compliance, and third-party risks through early detection and automation. This article examines practical use cases that demonstrate how SIEM strengthens security operations and prevents costly incidents. We refer to […]

The human factor: How to undermine your PCI DSS compliance

How to undermine your PCI DSS compliance efforts When it comes to PCI DSS compliance, most organisations focus on technical controls such as firewalls, encryption, and monitoring tools, to secure cardholder data. However, even the most advanced technical safeguards can be rendered useless if employees mishandle cardholder data due to a lack of training. PCI […]

Cyber: What HR and recruiters need to know.

Hiring from North Korea? HR, recruiters and cyber security In May 2024, the U.S. Department of Justice unsealed charges against individuals involved in schemes where overseas IT workers, some linked to North Korea, posed as U.S. citizens to secure remote employment with over 300 American companies. These workers utilized stolen or borrowed identities to gain employment with […]

Internet shortcuts and DLL hijacking

Internet shortcuts and DLL highjacking TL; DR DLL hijacking over WebDAV using .url files is still effective now, in 2024. Windows hardening measures don’t help if you use MSBuild .rsp files But there are videos, so you really should read on! Introduction Internet shortcut (.url) files are traditionally used to link to an (Internet-based) URL […]

CASE STUDY: MEASURABLE GAINS

CASE STUDY: MEASURABLE GAINS Cross-business testing and improvement program Background and Challenges Our client is responsible for the administration of multiple businesses, and they engaged dotSec to address a very interesting and critical cybersecurity challenge: Each business had previously functioned as an independent business unit, and over time, this had resulted in varied levels of […]

Walking the ISO 27001 walk

dotSec achieves ISO 27001 certification dotSec is thrilled to announce a recent milestone: Achievement of ISO/IEC 27001:2022 certification! This achievement represents a significant step forward in our ongoing commitment to excellence in information security management. ISO 27001 is a globally recognized standard that outlines the best practices for establishing, implementing, maintaining, and continually improving an Information […]

dotSec news – August 2024

News and updates – August 2024 In this newsletter: Recent dotSec certification achievements and training news. Read about a recent dotSec GRC project that focused on ISO/IEC 27001:2022 preparation. Meet Gautham, Head of Governance, Risk and Compliance (GRC) at dotSec and learn more about dotSec’s GRC services. Cyber security expertise through training The dotSec ethos […]

Excellence is not an act!

Excellence, then, is not an act! It’s a saying that has been attributed to Aristotle and an American pro football player, but it was probably penned by author Will Durant: “Excellence, then, is not an act, but a habit.” Whoever wrote it first, it’s a sentiment worth remembering and since the use of cyber security […]

Law Firms And Cyber Tech

Security tech and law firms: Don’t just do it! The shiny allure of technology is so enticing and the siren’s call, “Just buy this thing and all your pain will go away”, is almost irresistible. With the proper approach, various technologies really can help firms to manage their level of risk by offering capabilities such […]