Finding PAX point-of-sale devices
PAX Technologies, a China-based company that manufactures a LOT of point-of-sale (POS) terminal devices, has been in the news this week following an FBI raid of a PAX Florida facility. While the FBI didn’t officially confirm much beyond serving a court-authorized search, a Krebs on Security post surfaces some serious security concerns around PAX device use in cybercrime attack operations. Specifically, that some PAX devices are being used in command-and-control (C2) operations during attacks and for hosting malware files. PAX has denied any knowledge of or involvement related to criminal activities involving its products (and point-of-sale devices and systems are well-known to be common targets for cybercriminals). Regardless, some large payment processors, such as Worldpay, started replacing their PAX point-of-sale terminals earlier this month after receiving inadequate explanation from PAX around traffic originating from their devices to websites that were not listed in PAX documentation.
PAX Technologies has not yet released any security advisories or other guidance related to these security concerns involving their point-of-sale terminals.
Most PAX point-of-sale devices don’t offer up any open UDP or TCP ports, which limits the datapoints we have for fingerprinting or identifying those assets. However, we can leverage the MAC address OUI (organizationally unique identifier) to identify PAX-manufactured devices. From the Asset Inventory, use the following pre-built query to locate PAX point-of-sale assets in your network:
mac_vendor:"PAX Computer Technology"
Don’t have Rumble and need help finding your PAX assets? Start your Rumble trial today.
May 12, 2022
Wrangling the May 2022 Patch Tuesday
Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …Read More
May 5, 2022
Finding F5 BIG-IP instances
Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP …Read More
April 29, 2022
Finding Netatalk instances
A critical vulnerability in the Netatalk open source file server software was found in some popular network attached storage (NAS) devices. Netatalk provides services for the deprecated AFP (Apple Filing Protocol, formerly known as Appletalk Filing Protocol), and runs on a …Read More