June 8, Securityweek – (International) MalumPOS malware targets Oracle Micros PoS systems. Security researchers at Trend Micro discovered a new point-of-sale (PoS) malware dubbed MalumPOS that is targeting Oracle’s Micros and other PoS platforms via files disguised as display drivers before targeting up to 100 running processes to scrape payment card information. Source
June 8, Securityweek – (International) NIST updates ICS cyber security guide. The National Institute of Standards and Technology (NIST) released the second revision of its “Guide to Industrial Control Systems (ICS) Security,” which includes updated sections for vulnerabilities and other threats, risk management, security architectures, recommended practices, and security capabilities and tools as well as guidance on how to adapt traditional cybersecurity controls to ICS requirements. Source
June 5, Securityweek – (National) Medical devices used as pivot point in hospital attacks: report. Findings from a May 7 report issued by TrapX Security detailed an attack vector known as “MedJack,” which targets outdated and vulnerable software of medical devices. TrapX Security warned that a majority of hospitals are at risk of being infected with malware that has remained undetected. The report included case studies in which networks were breached via blood gas analyzers, a picture archive and communications system (PACS), and an X-Ray system. Source
June 6, Softpedia – (New York) Eataly New York customers affected by the card breach. Eataly’s New York City Retail Marketplace reported that their point-of-sale (PoS) system was compromised from January – April, after an unknown actor accessed customer names, payment card account numbers, expiration dates, and card verification value codes. To mitigate future breaches, the company plans to introduce encrypted swiping machines and implement a solution for better system monitoring. Source