Be alert, cash register credit card readers may be compromised by Oracle breach

oracle By Peter Kaminski via Flickr
Watch your credit card accounts. A major data breach at Oracle by a Russian organized cybercrime group may have compromised more than 330,000 Micros point-of-sale credit card payment readers worldwide, according to Krebs on Security. If that’s the case, data from cards swiped at those registers could be stolen and used on dummy cards to make high ticket purchases.

Update – Oracle’s Corporate Communications, Director of Industries Michael Diamond contacted Digital Trends with a copy of a letter send to Micros customers, emphasizing the following sentence,  “Payment card data is encrypted both at rest and in transit in the MICROS hosted environment.” When asked for clarification about point-of-sale card swipe devices and potential malware threats, Oracle declined to comment, stating that the customer letter is the company’s statement. So unanswered questions remain about past and present vulnerability.

Oracle’s Micros division is one of the top three point-of-sale system vendors in the world. KrebsonSecurity followed up in late July on a tip from an Oracle Micros customer. The customer had been informed by Oracle that a breach in its retail division likely affected only Oracle staff. On further investigation, according to KrebsonSecurity sources, Oracle found more than 700 impacted systems.

KrebsonSecurity’s Oracle sources, speaking without permission from their employer to speak on the record, revealed that the Micros customer support portal was compromised. This is a support system used by merchants who use the credit card payment system, not the merchant’s customers. The portal was communicating with a server associated with an infamous Russian group called the Carbanak Gang.

The experts said a single system spread the malware to other systems including a customer portal that helps Micros merchant customers troubleshoot problems. The malware stole the usernames and passwords of people logging in to the support portal.

Oracle told KrebsonSecurity it is forcing a password reset on Micros support accounts and telling them that, “We also recommend that you change the password for any account that was used by a Micros representative to access your on-premises systems.”

The issue with “on-premises systems” does potentially reach down to individual consumers who swipe their cards at cash registers, according to KrebsonSecurity. It the malware communicated with individual terminals it could potentially send card-stealing malware to the devices to capture credit card and account data. If that happened, the card data could be transferred into the wrong person’s hands, and that’s never good for you. Because Oracle will not answer further questions, we suggest you remain alert and check your credit card accounts regularly.

Updated by Bruce Brown 08-09-16: Updated after contacted by Oracle with a copy of the letter the company sent to Micros customers.


Online passwords: Research confirms millions of people are using 123456

According to recent analysis of data caught up in cyber attacks, millions of people are continuing to use super-simple passwords, with 123456 topping the list of easy-to-crack codes.
Smart Home

Can new laws protect you from smart home security breaches?

To help combat smart home data breaches, state and federal lawmakers are exploring ways to protect consumers. California, Oregon, and members of the U.S. Senate all have proposals to protect people's data.

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.

Sidestep banking fees with the nationwide launch of T-Mobile Money

T-Mobile has launched its Money banking service nationwide in the U.S., and it offers an extremely tempting set of features for everyone, including industry-leading interest rates, a powerful app, and no banking fees.

AMD will launch anniversary edition Radeon VII and 2700X to celebrate 50th year

Ahead of its new hardware lines launching this summer, AMD will celebrate its 50th anniversary with special editions of its top-tier gaming hardware: the Radeon VII and Ryzen 2700X.

Intel’s new Core i9 processors bring 8-core power to laptops

Intel announced a new line of ninth-generation mobile processors that bring eight-core Core i9 processors to laptops. In addition, the company announced a slate of new desktops CPUs that bring the rest of the lineup up to date.
Product Review

Without 4K or Core i9, the new Razer Blade Pro trades features for polish

Razer hasn’t updated its 17-inch gaming laptop for a couple of years, while showering most of its attention on the smaller sibling. The new Razer Blade Pro takes a lot of cues from the 15-inch model, stretching it out for the big screen.

Pain in the wrists? Type in comfort with one of these great ergonomic keyboards

Long typing sessions can leave anyone's wrists aching, but if you have one of the best ergonomic keyboards, that doesn't have to be the case. Our list of favorites will support good typing posture while being comfortable to use.

Lenovo Legion, IdeaPad gaming laptops sport 9th-gen CPUs and 16-series graphics

Lenovo is expanding its gaming laptop range with a line of new Legion and IdeaPad notebooks that sport Intel's latest, ninth-generation Core CPUs up to an i7 and a choice of Nvidia graphics with options for everything up to an RTX 2080…

Asus launches a fleet of ROG gaming laptops with 240Hz screens and 9th-gen CPUs

Asus launched updates to nearly every gaming laptop line they have, ranging from the high-end Zephyrus to the budget-level TUF Gaming. The naming schemes might be hard to parse, but there are some impressive options in Asus' new lineup.

Nvidia’s new GTX 1660 Ti and 1650 graphics cards for laptops start at $799

Nvidia announced the GTX 1660 Ti and GTX 1650, two new mobile graphics cards to flesh out the Turing lineup for laptops. These GPUs don't have the ray tracing capabilities of the RTX 20 series, but start at much lower prices.

Microsoft reverses decision and extends lifeline to MS Paint for Windows 10

Microsoft reversed its decision to deprecate the classic MS Paint software on Windows 10. Microsoft announced on Twitter that the mainstay free image editor that comes pre-installed with Windows will live on for now.

Acer gives Predator, Nitro gaming notebooks CPU and GPU upgrades

Acer's latest gaming notebooks will be getting a processor and graphics boost. The company announced that Intel's ninth-generation mobile CPU and Nvidia's GTX 1660 Ti will land on the Predator Helios 300, Nitro 7, and Nitro 5 laptops.

Dell’s XPS 15 steps up its game with next-gen Intel, Nvidia chips

Dell announced a redesigned XPS 15 with a webcam positioned up top, and the internals make this Ultrabook an even better gaming laptop. The XPS 15 can be configured with Intel's 9th-Gen processors and Nvidia's GTX 16-Series GPU.