Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/27/2014
03:03 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SecureState Releases Black POS Malware Scanning Tool

Black POS is the reported culprit behind recent retail data breaches

CLEVELAND, Jan. 27, 2014 /PRNewswire/ -- SecureState, a management consulting firm specializing in information security, has developed a custom scanning tool that retailers can use to detect Black POS malware, and other similar strains.

Black POS is the reported culprit behind recent retail data breaches, and is also known as KAPTOXA, a more advanced version of the original malware.

(Logo: http://photos.prnewswire.com/prnh/20130521/CL17240LOGO)

Krebs on Security recently reported that, "this type of malicious software uses a technique that parses data stored briefly in the memory banks of specific POS devices; in doing so, the malware captures the data stored on the card's magnetic stripe in the instant after it has been swiped at the terminal and is still in the system's memory."

It has also been reported that there are currently no known antivirus programs that detect the malicious files used in these attacks.

"We don't currently know if installed antivirus software on POS systems has been updated to detect this malware," Spencer McIntyre, SecureState's lead researcher said. "But, we do know that this tool will allow retailers to manually, or remotely, scan their systems for these specific strains, whether or not they have antivirus software installed."

The tool will scan for service, file, registry and autorun artifacts to determine if any KAPTOXA footprints are present on the POS system. A confidence output is generated giving the user an indication of a likely compromise.

"If the tool has detected any artifacts related to KAPTOXA immediately enact your incident response plan and contract the appropriate management and security teams," John Melvin, SecureState Lead Forensic Investigator said. "Even if the tool outputs no detection, organizations should still consider performing regular system response testing and checkups."

The tool has been tested on all MS Windows versions up to Windows 7 and is freely available for download from SecureState's website: Black POS Malware Scan

About SecureState

With the goal of making the world more secure, SecureState provides premier management consulting services for companies internationally. The SecureState team is comprised of several specialties to solve complex business problems

including: Advisory Services, Audit & Compliance, Profiling & Penetration, Privacy, Risk Management, and Incident Response.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.