#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Energy Department | Breaking Cybersecurity News | The Hacker News

Category — Energy Department
Dragonfly Russian Hackers Target 1000 Western Energy Firms

Dragonfly Russian Hackers Target 1000 Western Energy Firms

Jul 02, 2014
Gone are the days when cyber criminals focuses only on PCs to spread malwares and target people, whether it's ordinary or a high profile person. Nowadays, organizations in the energy sector have become an interesting target for cyber minds. Few days ago, security researchers uncovered a Stuxnet-like malware, " Havex ", which was also programmed to infect industrial control system software of SCADA systems , with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even shut down a country's power grid with a single keystroke. RUSSIAN HACKERS HIT 1000 ENERGY FIRMS Recently, a Russian group of hackers known as ' Energetic Bear ' has compromised over 1,000 European and North American energy firms with a sophisticated cyber weapon, similar to Stuxnet, that gave hackers access to power plant control systems, said a security firm. The group of hackers also known as ' Dragonfly ', an eastern European collective that has been active since
Energy Department networks hit by major Cyber Attack

Energy Department networks hit by major Cyber Attack

Feb 04, 2013
The Computer networks of Energy Department were attacked by unknown hackers in a major cyber attack two weeks ago and personal information on several hundred employees was compromised. The Washington Free Beacon reports that, FBI agents are investigating the attacks and 14 computer servers and 20 workstations reportedly were penetrated during the attack. Officials are working to determine the exact nature of the attack and the extent of potential damage. " They believe the sophisticated penetration attack was not limited to stealing personal information. There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information ." The security breach resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information (PII) of several hundred people. Department is in the process of notifying employees whose information was stolen. However, Chinese hack
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Expert Insights / Articles Videos
Cybersecurity Resources