The incident is another reminder that third-party software and services are an easy way for attackers to steal sensitive data.
Browsing Tag: Target breach
InterContinental Hotels Group confirmed and released addition details pertaining to a breach that targeted payment card systems used in 12 of its hotels.
Fast-food chain Wendy’s disclosed 300 of its restaurants were hit with malware tied to a PoS system attack.
There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell[…]
Retailers and hospitality vendors are falling victim to point-of-sale hacks, and little is being done to stem the tide. At the upcoming Black Hat conference, a researcher hopes to spur a call to action.
Malware capable of infecting point-of-sale devices once was a novelty, but it’s quickly becoming more common. Researchers at Arbor Networks have unearthed a new strain of PoS malware called Soraya that can scrape memory and has the ability to intercept information sent from Web forms, a specialty of the Zeus malware family. Soraya also has[…]
Researchers at Cambridge University published a paper describing security vulnerabilities in the EMV chip-and-PIN protocol and implementation.
Research this week makes it’s clear that many attackers are still using point of sale malware, namely Dexter and Project Hook, in active attacks.
The HVAC contractor linked to the Target breach says the only data connection between the two companies was a billing system. ICS experts, meanwhile, decry the security of bridges between IT and facilities systems.
Dennis Fisher and Mike Mimoso talk about the big security stories of the last couple of weeks, including the developments in the Target data breach, the president’s speech on NSA surveillance reforms and SCADA security woes.