CyberNews Briefs

Hackers Target ATM Maker for Bitcoins

General Bytes released a security alert on Friday concerning a zero-day bug detected in its Crypto Application Server (CAS). The Bitcoin ATM company explained how the exploit allowed hackers to steal an undisclosed amount of the digital currency. The advisory states that the attacker was able to create an admin user remotely by exploiting the zero-day vulnerability. General Bytes confirmed that this occurred due to the CAS administrative interface through a URL call located on the page, which was used for the default installation on the server and the administrative privileges.

The company is based in Prague and claims to be one of the world’s leaders in cryptocurrency ATMs. After giving themselves admin powers, the hackers were able to modify the cryptocurrency settings of the machines and siphon money. The attackers have not been identified by General Bytes and reportedly did not access the host operating system, file system, database, or passwords. The amount of funds stolen during the attack remains unclear. The CAS server has since been patched and those operating ATMs should complete a series of remediation steps before reopening the machines.

Read More: Hackers Target ATM Maker for Bitcoins

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.