Finding PAX point-of-sale devices
PAX Technologies, a China-based company that manufactures a LOT of point-of-sale (POS) terminal devices, has been in the news this week following an FBI raid of a PAX Florida facility. While the FBI didn’t officially confirm much beyond serving a court-authorized search, a Krebs on Security post surfaces some serious security concerns around PAX device use in cybercrime attack operations. Specifically, that some PAX devices are being used in command-and-control (C2) operations during attacks and for hosting malware files. PAX has denied any knowledge of or involvement related to criminal activities involving its products (and point-of-sale devices and systems are well-known to be common targets for cybercriminals). Regardless, some large payment processors, such as Worldpay, started replacing their PAX point-of-sale terminals earlier this month after receiving inadequate explanation from PAX around traffic originating from their devices to websites that were not listed in PAX documentation.
PAX Technologies has not yet released any security advisories or other guidance related to these security concerns involving their point-of-sale terminals.
Most PAX point-of-sale devices don’t offer up any open UDP or TCP ports, which limits the datapoints we have for fingerprinting or identifying those assets. However, we can leverage the MAC address OUI (organizationally unique identifier) to identify PAX-manufactured devices. From the Asset Inventory, use the following pre-built query to locate PAX point-of-sale assets in your network:
mac_vendor:"PAX Computer Technology"
Don’t have Rumble and need help finding your PAX assets? Start your Rumble trial today.
December 3, 2021
Finding HP printers and MFPs vulnerable to Printing Shellz
Do you have HP printers and multi-function printers (MFPs)? You might want to look at the two recently published vulnerabilities that affect 150+ models. Named “Printing Shellz” by the F-Secure security researchers who reported them, these vulns have been around for ~8 …Read More
November 10, 2021
Find Nucleus TCP/IP assets with accessible FTP services
Researchers at Forescout recently published findings on a new set of 13 vulnerabilities with the Nucleus RTOS TCP/IP stack, collectively referred to as NUCLEUS:13. Originally released in 1993, Nucleus is found in many different types of products, including devices in the …Read More
October 25, 2021
How to find Cisco devices running IOS XE
Cisco recently disclosed a command execution vulnerability that affects some versions of IOS XE SD-WAN software running on Cisco routing devices and virtual instances. With a CVSSv3 score of 7.8, this vulnerability (assigned CVE-2021-1529) is due to inadequate input …Read More