Energy and Utilities, Information Security and Technology

FERC, NERC joint report on cyber incident response at electric utilities

Security Affairs

SEPTEMBER 21, 2020

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a study on cyber incident response and recovery best practices for electric utilities.

Energy and Utilities

Energy and Utilities Advertising Cyber Attacks Hacking

New APT ChamelGang Targets energy and aviation companies in Russia

Security Affairs

OCTOBER 4, 2021

ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia. ChamelGang is a new APT group that was first spotted in March by researchers at security firm Positive Technologies, it targets Russian companies in the energy and aviation industry.

Energy and Utilities

Energy and Utilities Malware Technology Antivirus

CISA JCDC Will Focus on Energy Sector

Security Affairs

APRIL 5, 2023

JCDC will map systemic risk and response by accounting for the following: Understanding inherent risks posed by open-source software used for industrial controls Reduce supply chain risk in critical infrastructure by employing remote monitoring, managed service, and managed security providers.

Energy and Utilities

Energy and Utilities Cyber threats Risk Cyber Risk

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

Over the ensuing years, experts have repeatedly pointed out that not only were many of the technology systems being deployed to improve the efficiency of fuel distribution infrastructure management introducing dangerous vulnerabilities, but that a cyber-attack against the operator of a fuel pipeline was eventually going to both occur and succeed.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” ” continues the report.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? The October analysis by the Chamber and FICO gives U.S. How useful is such a score?

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Silk Typhoon targets multiple sectors worldwide, including information technology (IT) services and infrastructure, remote monitoring and management (RMM) companies, managed service providers (MSPs) and affiliates, healthcare, legal services, higher education, defense, government, non-governmental organizations (NGOs), and energy.

Energy and Utilities

Energy and Utilities Passwords Healthcare VPN

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

2️ Cyber Attacks Against Energy (Oil & Gas) and Nuclear Sectors Critical infrastructure across all domains continues to remain a focal point for cyber-attacks, orchestrated by both cybercriminal elements and nation-state actors. This strategy goes beyond just deploying the latest technologies to combat AI and mobile threats.

Cyber threats

Cyber threats Energy and Utilities Cyber Attacks Artificial Intelligence

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Brian Levine is senior director of product security at Axway, a global security engineering organization delivering training, tools, processes and DevSecOps practices for secure applications and cloud services to the enterprise market. She also served as the deputy chief information officer of the White House.

Computers and Electronics

Computers and Electronics Technology Information Security Education

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

Security Affairs

APRIL 11, 2021

The “accident” impacted the electricity distribution network at Iran’s Natanz nuclear facility, Atomic Energy Organization of Iran spokesman Behrouz Kamalvandi told the Iranian Fars News Agency. . ” reads the post published by Jerusalem Post. ” continues the JP. . ” continues the JP.

Cyber Attacks

Cyber Attacks Energy and Utilities Media Hacking

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. ” U.S.

Energy and Utilities

Energy and Utilities Manufacturing Firewall VPN

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. from defending Taiwan. Wray added that the China-linked actors employed a series of botnets in their activities.

Energy and Utilities

Energy and Utilities Telecommunications Technology Government

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

NOVEMBER 16, 2020

Digital technology, like music, is all about math. Simply put, iO must be achieved in order to preserve privacy and security while tapping into the next generation of IT infrastructure. It will, of course, be vital to have these next-gen, AI-infused systems run securely, in ways that preserve individual privacy.

Software

Software Computers and Electronics Encryption Energy and Utilities

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” APT28 had utilized compromised Ubiquiti EdgeRouters as a command-and-control infrastructure for MASEPIE backdoors. ” reads the joint report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Security Affairs

AUGUST 27, 2024

victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as early as June 12, 2024.” Most of the impacted organizations are in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems sectors. victims and one non-U.S.

Energy and Utilities

Energy and Utilities Firewall Technology Malware

Colonial Pipeline attack spotlights risks of geographically dispersed networks in an industry that is ‘far behind’

SC Magazine

MAY 10, 2021

Just as oil and gas can flow up and down the pipeline, so can malware, reaching remote facilities whose IT and operational technology systems may not be adequately fortified to defend against an attack. Fortress Information Security. So there are some unique challenges.

Risk

Risk Energy and Utilities Backups Ransomware

Keysight’s Automotive Cybersecurity Test System Selected by Eastern Michigan University’s School of Information Security & Applied Computing

CyberSecurity Insiders

MAY 5, 2021

–( BUSINESS WIRE )–Keysight Technologies, Inc. Keysight’s recent acquisitions and technology advancements in wireless security assessment enable us to offer exceptional solutions that test and measure many facets of a vehicle,” said Steve McGregory, senior director of Keysight’s ATI Research Center.

Information Security

Information Security Computers and Electronics Energy and Utilities Cybersecurity

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

APRIL 2, 2023

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). ” reads the report published by Mandiant. ” concludes the report.

Energy and Utilities

Energy and Utilities Media Hacking Technology

Iran-linked APT33 updates infrastructure following its public disclosure

Security Affairs

JUNE 30, 2019

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. Most of the targets were in the Middle East, others were in the U.S., South Korean, and Europe.

Energy and Utilities

Energy and Utilities Advertising Retail Healthcare

Evolving Email Threats and How to Protect Against Them

IT Security Guru

OCTOBER 24, 2024

Email security relies on timely, accurate information. Security solutions need information to detect and prevent threats, organizations need information to inform their security strategies, and users need information to identify, avoid, and report potential risks.

Energy and Utilities

Energy and Utilities Scams Manufacturing Malware

A Cybersecurity Conversation with Vince Moore – Senior Network Engineer at OPSWAT

CyberSecurity Insiders

JANUARY 16, 2022

More than 1,500 organizations worldwide spanning Financial Services, Defense, Manufacturing, Energy, Aerospace, and Transportation Systems trust OPSWAT to secure their files and devices; ensure compliance with industry and government-driven policies and regulations, and protect their reputation, finances,? networking infrastructure.

Engineering

Engineering Cybersecurity Energy and Utilities Software

Forescout Platform: NAC Product Review

eSecurity Planet

APRIL 7, 2023

IoT (printers, IP phones, security cameras, etc.) Medical Technologies (Ultrasound machines, heart monitors, etc.) The Forescout Platform’s ability to work across a wide variety of technologies enables large sprawling enterprises to use a single solution to manage and control network access world wide.

IoT

IoT Technology Energy and Utilities Wireless

ICS and OT threat predictions for 2024

SecureList

JANUARY 31, 2024

In 2023, ransomware attacks consolidated their hold on the top of the ranking of information security threats to industrial enterprises. The problem of cyber-securing multiple hard-to-reach sites is also relevant for oil and gas companies, public utilities, and, in general, any organization with a highly distributed OT infrastructure.

Ransomware

Ransomware Energy and Utilities Marketing Backups

Risky Business Aging critical infrastructure networks and advanced attacks

Thales Cloud Protection & Licensing

MAY 13, 2021

Security experts are counting on the Colonial attack to be a wake up call for operators of critical infrastructure, including electrical and water utilities and energy and transportation companies. The same experts warn by not investing in updating security, critical infrastructure operators are flirting with catastrophe.

Energy and Utilities

Energy and Utilities Encryption Data collection Ransomware

Importance of Securing Software with a Zero Trust Mindset

Security Boulevard

MARCH 22, 2022

With the increase of supply chain attacks on everything from logging software like Log4J to takeovers of important JavaScript packages to compromises of network utility tools like SolarWinds, more and more organizations are recognizing the need to adopt a Zero Trust mindset. Photo by Morgane Perraud on Unsplash.

Software

Software Architecture Energy and Utilities Risk

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

And plans to improve information security and introduce new protection tools and measures are predicated, in some way, on the chosen adversary model. Actions of various attacker categories. The debate about which threats pose the most danger to industrial enterprises often revolves around comparisons between APTs and cybercrime.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

NetApp ONTAP Becomes First Enterprise Storage Platform to Receive Validation from NSA for Security and Encryption

CyberSecurity Insiders

DECEMBER 15, 2021

CSfC validates commercial IT products that have met the highest level of strict encryption standards and rigorous security requirements for both hardware and software solutions. Recently, the NSA has recommended that federal agencies hosting secret or top-secret data utilize storage solutions that have been CSfC validated.

Encryption

Encryption Energy and Utilities Digital transformation Software

OT Cybersecurity Framework?

Centraleyes

SEPTEMBER 5, 2024

The OT Cybersecurity Framework or OT CSF is a foundational Operational Technology (OT) risk framework that covers all aspects of the OT environment. What is the OT Cybersecurity Framework? The OT CSF is particularly relevant for industries that depend on the seamless integration of IT and OT systems.

Cybersecurity

Cybersecurity Energy and Utilities Risk Data collection

Topic-specific policy 3/11: asset management

Notice Bored

OCTOBER 13, 2021

I'm seizing the opportunity to explain the thinking behind, and the steps involved in researching and drafting, an information security policy through a worked example. By literal substitution, 'anything that has value to the organization management' is the third example information security policy topic in section 5.1.

Energy and Utilities

Energy and Utilities Risk Information Security Government

How to Select the Right MDR Service

Security Boulevard

JULY 26, 2022

Osterman Research explores why organizations early to embrace MDR services report higher security posture across multiple dimensions in. The Rush to MDR: Achieving the Promise of Elevated Security Posture. Mastering new technologies while growing is even harder, especially on a demanding timeline. Ask the Expert. Threat hunting.

Energy and Utilities

Energy and Utilities CISO Marketing Threat Detection

How Blockchain Can Drive Legal Industry Forward

Spinone

SEPTEMBER 3, 2018

Is blockchain technology the new path that the legal industry should take to sustain in the digital age? Let us consider the most significant implications of decentralized technologies to the legal industry. Blockchain is one of the most promising new technologies to emerge from the past decade.

Technology

Technology Energy and Utilities Authentication Cyber Attacks

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Security Affairs

APRIL 16, 2025

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. In response to these growing threats, the U.S.

Energy and Utilities

Energy and Utilities Cyber threats Cyber Risk Technology

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

Its apparent goal is espionage directed against the financial and energy sectors. The company believes that criminals are, quote, "utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals," quote. Government agencies are also targeted.

Energy and Utilities

Energy and Utilities Penetration Testing Government Software

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

Its apparent goal is espionage directed against the financial and energy sectors. The company believes that criminals are, quote, "utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals," quote. Government agencies are also targeted.

Energy and Utilities

Energy and Utilities Penetration Testing Government Software

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

ForAllSecure

AUGUST 14, 2019

Its apparent goal is espionage directed against the financial and energy sectors. The company believes that criminals are, quote, "utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals," quote. Government agencies are also targeted.

Energy and Utilities

Energy and Utilities Penetration Testing Government Software

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. invest in better endpoint detection and response (EDR) technology, apparently recommending Cylance or VMware Carbon Black. ISPs, utilities) and energy sector firms (i.e.

Energy and Utilities

Energy and Utilities Ransomware Hacking Banking

IronNet and New York Power Authority (NYPA) Expand Partnership to Defend Key Supply Chain Partners with Collective Defense

CyberSecurity Insiders

JANUARY 13, 2022

(NYSE:IRNT) (“IronNet”), an innovative leader transforming cybersecurity through Collective Defense, today announced an expanded partnership with the New York Power Authority (NYPA), the nation’s largest state public power organization, to secure the state of New York’s public energy ecosystem. energy sector at large.

Energy and Utilities

Energy and Utilities Marketing Artificial Intelligence Cyber Attacks

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

For example, in 2009, the Obama administration provided financial incentives to utilities in the United States. And again, smart meters were positioned squarely as making the environment more friendly by knowing how and when energy is being used by individual customers. Environmental effects caused by pollution. You know, in that job.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences.

Hacking

Hacking Manufacturing Energy and Utilities Firmware

Cyber CEO: Cybersecurity in 2021 – What We’ve Learned So Far

Herjavec Group

JULY 29, 2021

I’ve always believed that the best way to build a strong cybersecurity program is to utilize all the data. This means learning from the successes and the failures and using those learnings to enhance security measures, standards, and technology. Your People are Your First Line of Defense. Ransomeware-as-a-Service.

Cybersecurity

Cybersecurity Digital transformation Cyber Attacks Ransomware

Threat predictions for industrial enterprises 2025

SecureList

JANUARY 29, 2025

Access to new technologies is a ticket to the future, a guarantee of economic prosperity and political sovereignty. This may lead to the following security risks. PLC programs, SCADA projects, and other sources of technological process information stored in OT assets may also become another target for malicious actors.

Technology

Technology Computers and Electronics Energy and Utilities Risk

FERC, NERC joint report on cyber incident response at electric utilities

New APT ChamelGang Targets energy and aviation companies in Russia

Trending Sources

CISA JCDC Will Focus on Energy Sector

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

A massive phishing campaign using QR codes targets the energy sector

Scanning for Flaws, Scoring for Security

China-linked APT Silk Typhoon targets IT Supply Chain

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Meet the 2021 SC Awards judges

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

FBI chief says China is preparing to attack US critical infrastructure

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Colonial Pipeline attack spotlights risks of geographically dispersed networks in an industry that is ‘far behind’

Keysight’s Automotive Cybersecurity Test System Selected by Eastern Michigan University’s School of Information Security & Applied Computing

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Iran-linked APT33 updates infrastructure following its public disclosure

Evolving Email Threats and How to Protect Against Them

A Cybersecurity Conversation with Vince Moore – Senior Network Engineer at OPSWAT

Forescout Platform: NAC Product Review

ICS and OT threat predictions for 2024

Risky Business Aging critical infrastructure networks and advanced attacks

Importance of Securing Software with a Zero Trust Mindset

Threats to ICS and industrial enterprises in 2022

NetApp ONTAP Becomes First Enterprise Storage Platform to Receive Validation from NSA for Security and Encryption

OT Cybersecurity Framework?

Topic-specific policy 3/11: asset management

How to Select the Right MDR Service

How Blockchain Can Drive Legal Industry Forward

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

Cyber Security Roundup for April 2021

IronNet and New York Power Authority (NYPA) Expand Partnership to Defend Key Supply Chain Partners with Collective Defense

The Hacker Mind Podcast: Reverse Engineering Smart Meters

The Hacker Mind Podcast: Hacking Industrial Control Systems

Cyber CEO: Cybersecurity in 2021 – What We’ve Learned So Far

Threat predictions for industrial enterprises 2025

Stay Connected