September 29, 2017
Puerto Rico's Healthcare System Struggling to Recover From Hurricane Devastation – Puerto Rico
Hurricane Maria has left Puerto Rico’s healthcare system in shambles, with hospitals dependent on diesel-fueled generators to power life-saving equipment, lacking air conditioning and running out of clean water, Reuters reports. To guard against looting, fuel is delivered by armed guards. Medical supplies are also scarce. Americares flew in duffel bags of antibiotics and vaccines over the weekend, but with much of the island’s telecommunications down and many roads still impassable, getting them to those in need will be difficult, according to The Wall Street Journal. People in shelters who need insulin and other temperature-sensitive drugs to survive have no way to keep them cool, NPR notes. “Our main needs are communications recovery and diesel-fuel distribution,” Nabal Bracero, a reproductive endocrinologist at Centro Medico in San Juan, told the Journal via a text message Tuesday. According to the Federal Emergency Management Agency website, fuel had been delivered to 19 of the island’s hospitals as of Wednesday.
Sonic Confirmed That Five Million Customers May Have Had Their Credit-Card Info Stolen in Data Breach – United States
Millions of Sonic customers may have had their credit card information stolen. A breach of Sonic's store payment system has resulted in up to five million stolen credit and debit card accounts being "peddled in shadowy underground cybercrime stores," security news website KrebsOnSecurity first reported Tuesday. According to KrebsOnSecurity, five million credit and debit cards were put up for sale on a credit card theft website earlier in September. Many of the millions of cards were linked to a breach at Sonic Drive-In, though the blog notes it is possible that other companies' security systems were also breached. The fast-food company confirmed to Business Insider that its credit-card processor informed the chain last week of "unusual security regarding credit cards being used at Sonic."
Flaws Expose FLIR Thermal Cameras to Remote Attacks – Global
Researchers have disclosed the details of several potentially serious vulnerabilities affecting thermal security cameras from FLIR Systems, said to be the world’s largest provider of thermal imaging cameras, components and imaging sensors. The flaws were discovered by Gjoko Krstic of Zero Science Lab and were disclosed over the weekend by Beyond Security. The issues were reported to FLIR on June 27 and while the company responded to Beyond Security’s emails, it did not provide an estimated date for workarounds or patches. Krstic found various types of vulnerabilities in FLIR’s FC-Series S, FC-Series ID and PT-Series thermal security cameras, including information disclosure, authenticated and unauthenticated remote code execution, and hardcoded credentials issues. The researcher also found a vulnerability that allows an unauthenticated attacker to access a camera’s live feed. Proof-of-concept (PoC) requests and code have been made available for each of the vulnerabilities. A scan via the Internet search engine Censys shows that thousands of FLIR thermal cameras are accessible directly from the Internet, which increases the risk of exploitation for the vulnerabilities identified by Kristic. The researcher discovered that an attacker can leverage API functionality provided by the FLIR web server to download various files from the FLIR OS. He also noticed that the web server does not check if the user is authenticated when they make a request to see the camera’s live feed, allowing an attacker to gain access to the video stream by sending a simple request.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!