Attacks/Breaches
1/27/2014
11:56 AM
50%
50%

How To Defend Point-Of-Sale Systems

US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.

Major hacks at retailers that include Target and Neiman Marcus have put a new spotlight on the security of point of sale (POS) systems. What may come as a surprise to some is that the recent memory-scraping malware attacks were nothing new. Last year, Visa published two "Visa Data Security Alerts" warning merchants of an increase in attacks targeting credit card data with specific references to memory-scraping malware.

The alerts were published in April and August. The first stated that Visa has seen an increase in network intrusions involving grocery merchants since January 2013. August's update used nearly the same verbiage but mentioned retail instead of grocery. The part that's of particular interest is how the attackers were carrying out the attacks.

"Once inside the merchant's network, the hacker will install memory parser malware on the Windows based cash register system in each lane or on Back-of-the-House (BOH) servers to extract full magnetic stripe data in random access memory (RAM)."

Read the rest of this story on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
anon9919459337
50%
50%
anon9919459337,
User Rank: Apprentice
5/9/2014 | 1:24:30 PM
Memory-Scraping
I didn't realize that memory-scraping malware was so common. I tend to take more precautions than most people when it comes to my personal information. I had my identity stolen once and that is where I drew the line and decided tha tI wouldn't let it happen again.

Jason|http://mbccash.com/ncr-silver-pos-point-of-sale/
jimstout7878
50%
50%
jimstout7878,
User Rank: Apprentice
4/25/2014 | 1:42:47 PM
Agreed
It is amazing how hackers have been able to get into some of the largest databases in the world. A lot of people are on edge right now with their compromised security. Hopefully the Government can set up better defenses in the future.

 

 http://www.remsinc.com/Rems/index.aspx
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
1/28/2014 | 1:14:50 PM
Re: Reference material from another source
rfairfield, that is a fair question. We at InformationWeek pick up articles from our sister site, Dark Reading, when we feel the articles will be especially valuable to our audience. I realize it requires an extra click to get through to the full article. Thanks for your patience -- Laurianne
rfairfield926
50%
50%
rfairfield926,
User Rank: Apprentice
1/28/2014 | 12:39:19 PM
Reference material from another source
Why do I access the InformationWeek website to be referred to the DarkReading website to get to the article material?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.