Malware hunters from US security firm Forcepoint have stumbled across a new strain of Point of Sale (PoS) malware, the second such type of PoS malware that hides stolen credit/debit card information inside DNS requests.
Hackers have a new security flaw in their arsenal they can exploit to install POS malware on Oracle Micros point-of-sale systems.
A vulnerability in the SAP POS Xpress Server allows attackers to alter configuration files for SAP Point-of-Sale systems, alter prices, and collect payment card data and send it to one of their servers.
Hospitality chain Millennium Hotels & Resorts North America is warning customers that malware may have affected food and beverage point-of-sale (POS) systems at 14 of its locations. MHR first learned about a possible malware infection, which is believed to have occurred in early March 2016, from the United States Secret Service.
Malware is believed to have infiltrated point-of-sale (POS) terminals and compromised customers' payment card information at 20 HEI Hotels & Resorts locations. This malware affected a total of 12 Starwood hotels, six Marriott resorts, and one location of Hyatt and Intercontinental each.