Tag Archive for: bytes

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

/in


Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds.

The attackers, the company says, exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with batm user privileges.

“The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provider),” the company says.

The code execution provided the attackers with access to the database and access to API keys for accessing funds in hot wallets and exchanges.

The attackers were then able to transfer funds from hot wallets, steal account usernames and password hashes, and disable two-factor authentication.

Furthermore, the attackers gained the “ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM”, information that was logged by older versions of ATM software.

“We urge all our customers to take immediate action to protect their funds and personal information,” General Bytes tweeted on March 18. The incident prompted most ATM operators in the US to suspend operations.

In a security bulletin detailing the incident, the company has shared information on the steps customers should take to secure their GB ATM servers (CAS) and underlined that even those that might not have been impacted by the incident should implement the recommended security measures.

“Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN.  With VPN/Firewall attackers from open internet cannot access your server and exploit it. If your server was breached please reinstall the whole server including operation system,” the company notes.

The crypto ATM maker released a CAS security fix and urged customers to consider all user passwords and API keys to exchanges and hot wallets as being compromised and to change them. The company also shared the crypto…

Source…

Tech Bytes: Meta is fined, Tiktok denies hacking, new Apple Watch Pro

/in


Meta’s big fine. Facebook’s parent company has been hit with a 400-million dollar penalty, for breaking European Union data privacy rules, because of its treatment of children’s data on Instagram. Meta says it plans to appeal the fine, setting up what could be a lengthy legal battle.

Tiktok is denying reports that it’s been hacked. A hacking group claims it breached the platform and accessed more than two billion records, including user data. But Tiktok says it found no evidence of a security breach.

Images of what may be the new Apple Watch Pro are making their way around the internet, and they appear to show the reports about a new button on the device are true. However it’s purpose isn’t known. The pictures also appear to show both a larger display and casing.

Source…

POODLE attack takes bytes out of your encrypted data – here’s what to do

/in

Heartbleed, Shellshock, Sandworm…and now POODLE. It’s a security hole that could let crooks read your encrypted web traffic. Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English…
Naked Security – Sophos