Based on the product, it allows people to buy, trade, or deposit over 40 different cryptocurrencies.
This vulnerability has been present in CAS software since version 20201208, reads the General Bytes advisory.
These modified controls allowed the attackers to forward any cryptocurrency received by CAS to their wallets.
The attacks came three days after the company publicly announced the help Ukraine feature on ATMs, it added.
The company has provided CAS security fix in two server patch releases, 20220531.38 and 20220725.22.
The company has also provided achecklist of stepsthat need to be performed on the devices before using the services.
The majority of these exposed servers are situated in Canada.
source: www.techworm.net
