Categories: Business

‘PNB server exposes customer data for about seven months

New Delhi: The vulnerability in the Punjab National Bank server allegedly exposed personal and financial information about around 180 million customers for about seven months, according to Cyber ​​Cyberx9 security company.
Cyberx9 has claimed that the vulnerability provides access to all PNB digital banking systems with administrative control.
Meanwhile, the bank has confirmed about that mistake but denied any important data exposure due to vulnerability.
PNB said “Customer data / applications are not affected because this server” and “has been turned off as a precaution.” “Punjab National Bank continues to endanger fund security, personal and financial information of more than 180 million (all) of its customers for about 7 months.
PNB only wakes up and improves vulnerabilities when Cyberx9 finds vulnerabilities and PNBs to be informed -in and NCIIPC,” said the founder of Cyberx9 and MD Himanshu Pathak told PTI.
He said the Cyberx9 research team found a very critical security problem in PNB which led to admin access to an internal server, then presented a large number of bank systems nationally open for cyber attacks over the past seven months.
Pathak said that vulnerabilities found on Exchange servers that are interconnected with other exchanges and share all access – including access to all email addresses that generate access to all email addresses.
“The vulnerability we find leads to the highest level admin privileges on the PNB exchange server.
If you get access to domain controllers through the Exchange server then the door is very easy to open to make a computer that can be accessed on the network.” This computer is even included in their branches and other departments, “said Pathak.
When contacted, PNB said the server where vulnerability was found not to have sensitive or critical data.” Servers where vulnerabilities are reported, are being used as one of the few Hybrid Exchange servers that are used to route e-mail from Cloud Office 365.
There is no sensitive / important data on this server, “PNB said.
PNB denied Cyberx9 claims about the impact of vulnerability in customer data Of course.
” The server is in a separate VLAN segment and customer data is not affected because of this.
Vulnerability assessment and penetration testing is carried out periodically by an external certificate information security auditor and observations are obeyed.
Now this server has been covered as a precaution, “said PNB.
According to Cyberx9, the vulnerability was reduced on November 19, and reported the incident to Indian Cyber ​​Security Watchdog Cert-in and the National Critical Information Infrastructure Infrastructure Protection Center (NCIIPC).

news2in

Share
Published by
news2in

Recent Posts

44 ordered to attack the procession

Ludhiana: The police have submitted FIR to four identified and at least 40 unknown attackers…

3 years ago

Punjab: Police Reject conspiracy theory in the case of Deep Sidhu

Sonīpat / Ludhiana / Ambala: Actor Punjabi - Activist Activist Deep Sidhu, who died in…

3 years ago

Punjab: Hidden Strength Working Behind PM Narendra Modi, Arvind Kejriwal, said Rahul Gandhi

PATIALA / MANSA / BARNALA: Attacking Prime Minister Narendra Modi and AAP National Convener Kejriawal,…

3 years ago

BJP made AAP to endanger the Congress, said Ajay

Jalandhar: BJP and AAM AAM AADMI parties are one party, Secretary General of the Ajay…

3 years ago

Our job is to make Punjab No. 1 State: Meenakshi Lekhi

Ludhiana: Minister of Union Culture Meenakshi Lekhi while campaigning to support the BJP candidate from…

3 years ago

Feb 20 is an opportunity to change the destiny of Punjab and his children: Bhagwant Mann

Machhiwara (Ludhiana): AAM AAM AADMI Party (AAP) Head of Punjab Candidate and Members of Parliament…

3 years ago