Security Affairs
Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software

Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack.  Researchers from the Synack Red Team found multi flaws (CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189) in the ScrutisWeb ATM fleet monitoring software that can be exploited to remotely hack ATMs.  ScrutisWeb software is developed by Lagona, it allows to […]

ATMs ScrutisWeb ATM

Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack. 

Researchers from the Synack Red Team found multi flaws (CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189) in the ScrutisWeb ATM fleet monitoring software that can be exploited to remotely hack ATMs. 

ScrutisWeb software is developed by Lagona, it allows to remotely manage ATMs fleets. Operators can use the software to send and receive files to a device, modifying data, reboot a device or shut down a terminal.

The researchers discovered multiple vulnerabilities, including Absolute Path Traversal and Authorization Bypass Through User-Controlled Key issues, Hardcoded Cryptographic Key, and Unrestricted Upload of File with Dangerous Type.

Lagona addressed the vulnerabilities in July 2023 with the release of ScrutisWeb version 2.1.38. 

The CVE-2023-33871 is an Absolute Path Traversal that an allow to download configurations, logs and databases from the server.

The CVE-2023-35189 is a Remote Code Execution that could be chained with the other issues to gain user access to the ATM controller.

The CVE-2023-38257 is an Insecure Direct Object Reference that can be exploited to retrieve information about all users on the system.ì, including administrators.

The CVE-2023-35763 is Hardcoded encryption key that can allow to retrieve Plaintext administrator credentials.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory for these vulnerabilities, the agency also provides the following recommendations:

  • Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from business networks.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ScrutisWeb ATM)