Confirmation via Krebs on Security that KMart has discovered card data-stealing malware on their Point of Sale hardware.
KMart has reported that "our systems were infected with a form of malware that was currently undetectable by anti-malware systems" which is not much of an excuse - the PCI DSS specifically mandates the use of PCI File Integrity Monitoring precisely for this reason. Zero Day malware is nothing new and it should now be expected that a Zero Day variant of malware WILL be used in any targeted attack. See more on POS protection from malware and the Brian Krebs article can be read in full below
Read the full article here