Saturday, June 25, 2022

Slide Slide
Home Cyber Security Cyber-security: Vulnerability found in PNB internal server

Cyber-security: Vulnerability found in PNB internal server

According to the cyber-security firm – CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers

Exposing personal and financial data of over 180 million bank customers, vulnerability was found in Punjab National Bank’s (PNB) internal server, which allegedly could let hackers get access to the highest level of admin privilege, according to cyber-security firm CyberX9.

Himanshu Pathak, Managing Director of the cyber-security firm, told BusinessLine it also leaves access to confidential internal e-mails and logins of all strata of employees across branches and systems, including the CMD, exposed.

He added that the data had been left exposed for nearly seven months, but his firm discovered the vulnerability on 17 November.

However, any exposure to important data was denied by PNB. The bank told PTI that it had tracked the vulnerability and no sensitive data was compromised. It also denied any customer’s data getting exposed.

“The server, wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive/critical data in this server”, PNB said.

According to the cyber-security firm – CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers.

“The vulnerability was found in an exchange server, to which all other systems and networks are attached. Through this, the hacker can get access to master admin login. Initially PNB denied the glitch. On November 19, we had filed a complaint with CERT-In and NCIIPC, post that they said that they have closed down the server”, Pathak said.

Meanwhile, the cyber-security firm – CyberX9 in its blog post asked for a thorough security audit of the bank’s systems.

Also readCIO News interviews Shri Wangki Lowang, Minister (IT) of Arunachal Pradesh

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics. 

khushbu Soni CIO News Mercadeo
Khushbu Soni
Chief Editor - CIO News | Founder & CEO - Mercadeo


Please enter your comment!
Please enter your name here

- Advertisment -1x1 banner1x1 banner1x1 banner1x1 banner

Most Popular

Digital literacy according to me is a seamless adoption of digital revolution, says Melwyn Rebeiro, Head of IT Security at AEON Credit Service India...

While youth have been at the forefront of technology adoption and will continue to be so, there has been a significant increase in digital...

India’s artificial intelligence investment to be 2.5% of global total in 2023

Firms are increasingly relying on contracting and gig models while focusing on building internal artificial intelligence talent through reskilling and up-skilling India, the world’s second...

Fin-tech start-up Setu acquired by Pine Labs in $70 to 75mn

Post the buyout, the fin-tech start-up, which has 90-100 employees will retain its brand identity, business and team The acquisition of the Bengaluru-based API fin-tech...

Cyber security strategist Dr. Mukesh Mehta joins Monarch Capital as Group CTO

Mehta describes himself as someone who is capable of solving the most critical problems revolving around the IT and the cyber security industries Cyber security...

Recent Comments