Security News

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang
2021-02-19 16:25

The leader of Mexico's Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico's top tourist destinations over the past five years. Jose de la Peña Ruiz de Chávez, who leads the Green Ecologist Party of Mexico, was dismissed this month after it was revealed that his were among 79 bank accounts seized as part of an ongoing law enforcement investigation into a Romanian organized crime group that owned and operated an ATM network throughout the country.

£30m in contracts awarded in Post Office's £357m ATM overhaul
2021-02-01 12:22

The UK Post Office has awarded two contracts worth a total of £30m for a banking network and ATMs system in a procurement expected to be worth £357m once all contracts are awarded. UK government-owned company which runs the familiar local outlets has awarded Cennox a £26m contract for banking automation managed services while Vocalink has won a £4m contract for provision of a highly resilient, compliant and secure platform providing ATMs. The Post Office said last year it planned to close almost a third of its 2,000 cash machines, which are free to use and valuable to the public where alternative facilities are scarce.

ATM cash-out: A rising threat requiring urgent attention
2020-10-09 04:30

The PCI Security Standards Council and the ATM Industry Association issued a joint bulletin to highlight an increasing threat that requires urgent awareness and attention. An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.

North Korea ATM Hack
2020-09-01 06:17

This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command. Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise used by the North Korean government in an automated teller machine cash-out scheme­ - referred to by the U.S. Government as "FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks."

CERT/CC Warns of Vulnerabilities in Diebold Nixdorf, NCR ATMs
2020-08-21 09:34

The CERT Coordination Center at Carnegie Mellon University has published alerts on several vulnerabilities that impact Diebold Nixdorf ProCash and NCR SelfServ automated teller machines. A vulnerability in the Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30, CERT/CC reveals, could be abused by an attacker with physical access to internal machine components to commit deposit forgery.

ATM makers fix flaws allowing illegal cash withdrawals
2020-08-21 08:45

ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issueing valid commands to dispense currency. "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the cash and check deposit module and the host computer. An attacker with physical access to internal ATM components can intercept and modify messages, such as the amount and value of currency being deposited, and send modified messages to the host computer," the CERT Coordination Center at Carnegie Mellon University explained the root of CVE-2020-9062.

Diebold ATM Terminals Jackpotted Using Machine’s Own Software
2020-07-21 12:13

Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. So called Jackpotting attacks are those in which cybercriminals find a way to hack into an ATM machine to trigger the machine to release cash, much like a slot machine at a casino-hence the name.

Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems
2020-06-30 03:41

Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale systems and other devices, firmware security company Eclypsium warned on Monday. The firm now warns that the Windows drivers used in ATMs and PoS devices can be highly useful to threat actors targeting these types of systems.

TMD Security and Deloitte launch global program to help ATM deployers reduce operational costs
2020-06-08 00:30

TMD Security announced the launch of a global program with consulting firm Deloitte to help banks and ATM deployers understand the annual operational cost savings and benefits from replacing physical keys and manual processes with a key-less ATM and Branch Access Management solution. "Reducing ATM operational costs has never been more critical than it is today," said Cees Heuker of Hoek, CEO and Founder, TMD Security.

Report: ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office
2020-05-26 21:45

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general's office, according to a new complaint filed with the government's internal affairs division. As detailed this week by the Mexican daily Reforma, several Mexican federal, state and municipal officers filed a complaint saying the attorney general office responsible for combating corruption had initiated formal proceedings against them for investigating Romanians living in Mexico who are thought to be part of the ATM skimming operation.