Security Alerts & News
by Tymoteusz A. Góral

History
#1258 Stealing payment card data and PINs from POS systems is dead easy
Lack of authentication and encryption allow attackers to easily steal payment card data and PIN numbers from point-of-sale systems.

Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.

POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers with PIN pads. They also have specialized payment applications installed to handle transactions.

One of the common methods used by attackers to steal payment card data from PoS systems is to infect them with malware, via stolen remote support credentials or other techniques. These malware programs are known as memory or RAM scrapers because they scan the system's memory for credit card data when it's processed by the payment application on the POS system.

But on Tuesday at the BSides conference in Las Vegas, security researchers Nir Valtman and Patrick Watson, from U.S.-based POS and ATM manufacturer NCR, demonstrated a stealthier and more effective attack technique that works against most "payment points of interaction," including card readers with PIN pads and even gas pump payment terminals.
Read more
#1260 US health insurer warns 3.7m after cyber-attack
#1259 Researchers go inside a business email compromise scam
#1258 Stealing payment card data and PINs from POS systems is dead easy
#1257 Beware of ransomware hiding in shortcuts
#1256 Report: Only 3 percent of U.S. companies pay attackers after ransomware infections
#1255 What really happened in mass Telegram secure messenger hack
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12