Security News
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active...
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]
It’s low tech, but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed...
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals. [...]
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...]
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack...
Ironically, perhaps, bank cash machines, better known as ATMs, make a perfect location for card skimming equipment. ATMs almost always grab onto your card mechanically and draw it right into the machine, out of sight and reach.
Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The issues have been addressed in ScrutisWeb version 2.1.38.
According to General Bytes, the outfit that sold the ATMs and had managed some of them with a cloud service, the attackers used an interface designed to upload videos to instead inject a malicious Java application, and then subverted ATM user privileges. "The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible," General Bytes explained in a statement.