CyberWisdom Safe Harbor Commentary
The researchers warned: “Therefore, an attacker could crawl the database username and password hash, tamper with it and use all business data to gain full access to the database in a variety of ways, resulting in compromise of the entire MICROS system.
“If you think visiting the POS URL is a good choice, keep in mind that hackers can find digital scales or other devices that use RJ45, connect it to Raspberry PI, and scan the internal network, which makes them easy to spot POS systems, Remember this fact when you enter the store. ”
ERPScan also released a proof-of-concept Python-based exploit which, if executed on a vulnerable MICROS server, sends a malicious request to get the contents of a sensitive file.
In addition, Oracle’s January 2018 Patch Update also provides fixes for Specter and Meltdown Intel processor vulnerabilities affecting some Oracle products.
Oracle has released a security patch update to address a critical remotely exploitable vulnerability that affects its MICROS point-of-sale (POS) business solutions for the hospitality industry. The fix has been released as part of Oracle’s January 2018 update that patches a total of 238 security vulnerabilities in its various products. According to public disclosure by… Engaging post, Read More…
thumbnail courtesy of thehackernews.com
Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk
Oracle has issued a fix, but many Micros systems could still be vulnerable…. Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk
Security Bug Affected 300,000 Oracle Point of Sale Systems Puts the Critical Business Data at Risk
Oracle POS Systems widely used in food and beverage solutions affected by a Security Bug that allows attackers to gain full access to the business data. Security researchers from ERPScan detected directory traversal vulnerability (CVE-2018-2636) in Oracle MICROS EGateway Application Service. Oracle issued a security patch for the vulnerability starting January 2018. The Flaw allows… Security Bug Affected 300,000 Oracle Point of Sale Systems Puts the Critical Business Data at Risk
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries.