Monday, January 24, 2022

Slide Slide
Home Cyber Security Cyber-security: Vulnerability found in PNB internal server

Cyber-security: Vulnerability found in PNB internal server

According to the cyber-security firm – CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers

Exposing personal and financial data of over 180 million bank customers, vulnerability was found in Punjab National Bank’s (PNB) internal server, which allegedly could let hackers get access to the highest level of admin privilege, according to cyber-security firm CyberX9.

Himanshu Pathak, Managing Director of the cyber-security firm, told BusinessLine it also leaves access to confidential internal e-mails and logins of all strata of employees across branches and systems, including the CMD, exposed.

He added that the data had been left exposed for nearly seven months, but his firm discovered the vulnerability on 17 November.

However, any exposure to important data was denied by PNB. The bank told PTI that it had tracked the vulnerability and no sensitive data was compromised. It also denied any customer’s data getting exposed.

“The server, wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive/critical data in this server”, PNB said.

According to the cyber-security firm – CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers.

“The vulnerability was found in an exchange server, to which all other systems and networks are attached. Through this, the hacker can get access to master admin login. Initially PNB denied the glitch. On November 19, we had filed a complaint with CERT-In and NCIIPC, post that they said that they have closed down the server”, Pathak said.

Meanwhile, the cyber-security firm – CyberX9 in its blog post asked for a thorough security audit of the bank’s systems.

Also readCIO News interviews Shri Wangki Lowang, Minister (IT) of Arunachal Pradesh

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics. 

khushbu
Khushbu Sonihttps://www.cionews.co.in
Chief Editor - CIO News | Founder & CEO - Mercadeo

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -1x1 banner1x1 banner1x1 banner1x1 banner

Most Popular

Cloudflare signals expansion in Asian region

To bring more bucks through the Cloudflare door, another role, titled "Regional Major Account Executive – Gaming and Online Casino" gets the job of...

Security feature introduced by Google

The new security feature is rolling out across all Google Workspace, G Suite Basic and G Suite Business tiers To help users stay on top...

Technology developed by IIT researchers for charging EVs

One of the country’s leading electric vehicle manufacturers has also shown interest in this new technology and is ready to develop a full-fledged commercial...

84% of India Enterprises Prefer Hybrid Multicloud Operating Model

New report from Nutanix finds that India’s enterprises are moving to multicloud environments for security, performance, cost and business continuity, especially with the  rise of remote work. Bengaluru, India...

Recent Comments