Complete Computers

Approximately US $150,000 worth of Ethereum-based cryptocurrency stolen. Online cryptocurrency website MyEtherWallet.com has confirmed that for a period of time yesterday some visitors could have been redirected to a phishing site designed to steal users’ credentials and – ultimately – empty their cryptocurrency wallets. According to reports , whoever was behind the attack may have successfully stolen approximately US $152,000 worth of Ethereum-based cryptocurrency.  However, assuming that MyEtherWallet itself was at fault may be a mistake, as the website explained in its statement: “This is not due to a lack of security on the [MyEtherWallet] platform. It is due to hackers finding vulnerabilities in public facing DNS servers.” This explanation is confirmed by British security researcher Kevin Beaumont, who described in a blog post that some of MyEtherWallet’s traffic had been redirected to a server based in Russia after traffic intended for Amazon’s DNS resol...

Pacemaker Patients Must Visit Healthcare Provider for Firmware Update That Addresses Security Vulnerabilities A firmware update to address security vulnerabilities has been approved and is now available for radio frequency (RF)-enabled St. Jude Medical (now Abbott) implantable pacemakers, the U.S. Food and Drug Administration (FDA) announced this week. Vulnerabilities in St. Jude Medical's devices were made public last year by MedSec and Muddy Waters, as investment strategy to short sell shares of St. Jude's stock. The report claimed that attackers could, among other things, crash implantable cardiac devices and drain their battery at a fast rate. St. Jude rushed to refute the allegations and even sued the two companies , while University of Michigan researchers analyzed the MedSec/Muddy Waters report and discovered that their proof-of-concept (PoC) exploit did not actually crash the implanted cardiac device. Muddy Waters and MedSec responded to t...

The U.S. Food and Drug Administration (FDA) this week announced its medical device safety action plan, which includes seeking additional funding and authorities that would help it improve cybersecurity in the healthcare industry. The FDA’s plan focuses on five key areas and medical device cybersecurity is one of them. As part of its efforts to keep up with emerging threats and vulnerabilities, the agency wants the authority to require medical device manufacturers to include updating and patching capabilities into the design of their products. The organization also wants vendors to create a “Software Bill of Materials,” which should help medical device customers and users determine which systems may be impacted by vulnerabilities. “The additional authorities we seek are to further strengthen medical device security by directly addressing challenges healthcare delivery organizations and providers have encountered as a result of cyber campaigns and attacks such a...

City of Atlanta Ransomware Attack Showcases Ethical Problem in Whether to Pay a Ransom or Not Over the course of the last week, it has become apparent that the City of Atlanta, Georgia, has paid out nearly $3 million dollars in contracts to help its recovery from a ransomware attack  on March 22, 2018 -- which (at the time of writing) is still without resolution. Precise details on the Atlanta contracts are confused and confusing -- but two consistent elements are that SecureWorks is being paid $650,000 for emergency incident response services, and Ernst & Young is being paid $600,000 for advisory services for cyber incident response. The total for all the contracts appears to total roughly $2.7 million. The eventual cost will likely be more, since it doesn't include lost staff productivity nor the billings of a law firm reportedly charging Atlanta $485 per hour for partners, and $300 per hour for associates. The ransom demand was for around $51,000. The ...

A former employee stole data on 1.5 million customers, Atlanta-based SunTrust Banks announced on Friday. The employee appears to have stolen data from some of the company's contact lists, the company says. SunTrust is already informing impacted clients and is working with outside experts and coordinating with law enforcement on investigations. The stolen information includes names, addresses, and phone numbers, along with certain account balances, as this was the data included in the contact lists, the company confirmed. Personally identifying information such as social security numbers, account numbers, PINs, User IDs, passwords, or driver's license information wasn’t included in the lists. “We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures. While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held respon...