Security News
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]
It’s low tech, but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed...
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals. [...]
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...]
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack...
Ironically, perhaps, bank cash machines, better known as ATMs, make a perfect location for card skimming equipment. ATMs almost always grab onto your card mechanically and draw it right into the machine, out of sight and reach.
Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The issues have been addressed in ScrutisWeb version 2.1.38.
According to General Bytes, the outfit that sold the ATMs and had managed some of them with a cloud service, the attackers used an interface designed to upload videos to instead inject a malicious Java application, and then subverted ATM user privileges. "The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible," General Bytes explained in a statement.
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the weekend.