Business

CyberX9 Says Vulnerability In PNB Server Exposed Customer Data

CyberX9 has claimed that the vulnerability provided access to the ent൩ire digital banking system of🌜 PNB with administrative control.

CyberX9 Says Vulnerability In PNB Server E🌱xposed Customer Data
info_icon

A vulnerability in the server of Punjab National Bank allegedly expo🅰sed the personal and financial information of its about 180 million customers for about seven months, according to cyber security firm CyberX9.

CyberX9 has claimed that the vulnerabil🌟ity provided access to the entire di𓆏gital banking system of PNB with administrative control.

Meanwhile, the bank has confirmed the glitch but denied any exposure of critical data due to the vuln🉐erability.

PNB said "💜;customer data/applications are not affected due to this" and "server has been shut down as a precautionary measure."

"Punjab National Bank kept severely compromising the security of funds, personal and financial information of ༒over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC," CyberX9 founder and MD Himanshu Pathak told PT🐼I.

He said the CyberX9 research team discovered a very critical security issue in P𝔍NB which was leading to admin access to internal servers hence exposing a massive number of banks' systems nationwide open for cyber-attacks for the last about seven months.

Pathak said that vulnerability was found in an exchange server that 🉐is interconnected with other exchanges and shares all access -- includin🧸g access to all email addresses which results in access to all email addresses.

"The vulnerability which we discovered was leading to the highest level of admin privilege in PNB's exchange servers. If you gain access to Domain Controller through an exchange server then the doors very easily open to making any computer accessible in thꦰe network.

"These computers even include those that are being used in their branches and othꦕer departments," Path🔯ak said.

When contacted, PNB said the𒁏 server in which the vulnerability was found had no sensitive or critical data.

"The server wherein the vulnerability was reported, was being used as o💃ne of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 3⛎65 Cloud. There is no sensitive/critical data in this server," PNB said.

PNB denied CyberX9's claim on 👍the impact of the vulnerability on customers' dataꦍ.

"The server is in a separate VLAN segment and customer data/applications are not affected due to this. Vulnerability assessments and penetration testing is done periodically by external Cert-in empanelled Information Security Auditors and th📖e observations are complied with.

Now this server has been shut𓆉 down as a precautionary measure," PNB🐬 said.

According to CyberX9, the vulnerability was mitigated on November 19, and it reported the🌳 incident to Indian cyber security watchdog Cert-��In and National Critical Information Infrastructure Protection Centre (NCIIPC).

(With PTI Inputs)

Today Sports News

Trending Stories

Latest Stories
  1. Women's T20 World Cup 2024: Who Won Yesterday? Check Highlights And Updated Points Table
  2. India Match Pakistan's World Record After Bowling Out Bangladesh In First T20I
  3. Daily Horoscope, October 7, 2024: Check Today's Astrological Prediction For Your Zodiac Sign
  4. Pakistan: 2 Chinese Nationals Dead After Targeted Explosion Near Karachi Airpo♕rt | What We Know
  5. Durga Puja👍 2024: Rituals And Astrological Significance Of The Festival
  6. Middle East Conflict: Links To Jerusalem, Iran's Support For Gaza, Its Allies Hezbollah, Houthis - Explained
  7. IAF Chennai A🐈irshow: Dehydration, Heatsroke Cl𝔉aim 5 Lives, 100 Hospitalised
  8. One Year Later, Israel's Bombardment Of Gaza Expands To Lebanon | Where The War Stands