Microsoft Zero Day Exposes 100 Companies to PoS Attack

This article is an excellent reminder of why it is very important for retailers to move forward with the implementation of EMV/Chip-Pin card readers and the necessary associated Point-of-Sale software.  Far too many retailers have hardware in place, but that the software to leverage this new technology.

It is also important to remember that value of timely patching of all systems, regardless of the card handling mechanisms in place.

https://threatpost.com/microsoft-zero-day-exposes-100-companies-to-pos-attack/118026/

POS (Point-of-Sale) Breach Timeline

I really like this timeline provided by the good people of OpenDNS/Cisco.  It well represents the exponential growth in threats and attacks on retail POS over the last few years.  It should create a sense of urgency for anyone who reviews it.

https://labs.opendns.com/pos-breaches/

Tackling Point-Of-Sale Threat From the Inside Out

This is an interesting review of some of the challenges and pitfalls associated with POS security and related malware threats.  There is also some strong product placement for Tripwire’s Enterprise solution for Point-of-Sale.  I will admit that I utilized this product in a previous retail IT security position and believe it is a strong solution for POS change control and monitoring.

http://www.tripwire.com/state-of-security/regulatory-compliance/pci/tackling-point-of-sale-threat-from-the-inside-out/

PoSeidon: New Malware Family Targets Retailers’ Payment Systems

This type of Point-of-Sale malware will continue to be a problem as long as card transactions are transmitted from pin pad to the lane CPU in clear text.  Hardware level encryption at the swipe is a good way to combat this type of CPU memory level attack, but that swipe must remain encryption all the way through the transmission process to the acquiring bank.

http://www.tripwire.com/state-of-security/latest-security-news/poseidon-new-malware-family-targets-retailers-payment-systems/