Security News
As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.
The Federal Bureau of Investigation warns that victims of various fraud schemes are increasingly asked by criminals to use cryptocurrency ATMs and Quick Response codes, making it harder to recover their financial losses. "The FBI has seen an increase in scammers directing victims to use physical cryptocurrency ATMs and digital QR codes to complete payment transactions," the federal law enforcement agency said.
Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands. The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.
Simply navigating a smartphone camera over the image allows the device's QR translator-built into most mobile phones-to "Read" the code and open a corresponding website. "The problem with QR codes stems from how easy they are to use," they wrote in a report published Tuesday about the growing number of QR code scams.
Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks. The two are believed to have committed dozens of ATM jackpotting attacks in several European countries, stealing an estimated €230,000 in cash.
The Texas Bankers Association documented at least 139 chain gang attacks against Texas financial institutions in the year ending November 2020. Santor said the chain gang attacks have spread to other states, and that in the year ending June 2021 Travelers saw a 257 percent increase in the number of insurance claims related to ATM smash-and-grabs.
Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader - rather than swipe or insert it - to make a payment or extract money from a cash machine.
Unlike traditional ATM skimmers that run on hidden cell phone batteries, the ATM shimmers found in Mexico did not require any external power source, and thus could remain in operation collecting card data until the device was removed. Organized crime gangs that specialize in deploying skimmers very often will encrypt stolen card data as a way to remove the possibility that any gang members might try to personally siphon and sell the card data in underground markets.
Florian "The Shark" Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court. Tudor, a native of Craiova, Romania, moved to Mexico to set up Top Life Servicios, an ATM servicing company which managed a fleet of relatively new ATMs based in Mexico branded as Intacash.
The leader of Mexico's Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico's top tourist destinations over the past five years. Jose de la Peña Ruiz de Chávez, who leads the Green Ecologist Party of Mexico, was dismissed this month after it was revealed that his were among 79 bank accounts seized as part of an ongoing law enforcement investigation into a Romanian organized crime group that owned and operated an ATM network throughout the country.