\"<p>PNB
PNB denied CyberX9 claim on impact of the vulnerability on customer's data.<\/span><\/figcaption><\/figure>New Delhi: A vulnerability in the server of Punjab National Bank<\/a> allegedly exposed the personal and financial information of its about 180 million customers for about seven months, according to cyber security firm CyberX9. CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB<\/a> with administrative control.

Meanwhile, the bank has confirmed about the glitch but denied any exposure of critical data due to the vulnerability.

PNB said \"customer data\/applications are not affected due to this\" and \"server has been shut down as a precautionary measure.\"

\"Punjab National Bank kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC,\" CyberX9 founder and MD Himanshu Pathak told PTI.

He said CyberX9 research team discovered a very critical security issue in PNB which was leading to admin access to internal servers hence exposing a massive number of banks' systems nationwide open for cyber-attacks for the last about seven months.

Pathak said that vulnerability was found in an exchange server which is interconnected with other exchanges and shares all access -- including access to all email addresses which results in access to all email addresses.

\"The vulnerability which we discovered was leading to the highest level of admin privilege in PNB's exchange servers. If you gain access to Domain Controller through an exchange server then the doors very easily open to make any computer accessible in the network.

\"These computers even include those that are being used in their branches and other departments,\" Pathak said.

When contacted, PNB said the server in which the vulnerability was found had no sensitive or critical data.

\"The server wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive\/critical data in this server,\" PNB said.

PNB denied CyberX9 claim on impact of the vulnerability on customer's data.

\"The server is in a separate VLAN segment and customer data\/applications are not affected due to this. Vulnerability assessments and penetration testing is done periodically by external Cert-in empanelled
Information Security Auditors<\/a> and the observations are complied with.

Now this server has been shut down as a precautionary measure,\" PNB said.

According to CyberX9, the vulnerability was mitigated on November 19, and it reported the incident to Indian cyber security watchdog Cert-In and National Critical Information Infrastructure Protection Centre (NCIIPC).<\/body>","next_sibling":[{"msid":87832514,"title":"Transparency on algorithms needs to be conscious step for social media platforms: Koo co-founder","entity_type":"ARTICLE","link":"\/news\/transparency-on-algorithms-needs-to-be-conscious-step-for-social-media-platforms-koo-co-founder\/87832514","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"seoschemas":false,"msid":87832554,"entity_type":"ARTICLE","title":"Vulnerability in PNB server exposed customer data for about seven months: CyberX9","synopsis":"CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB with administrative control.","titleseo":"telecomnews\/vulnerability-in-pnb-server-exposed-customer-data-for-about-seven-months-cyberx9","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":2175,"shares":0,"engagementtimems":7840000},"Alttitle":{"minfo":""},"artag":"PTI","artdate":"2021-11-21 17:05:46","lastupd":"2021-11-21 17:08:02","breadcrumbTags":["PNB data breach","Internet","PNB","cyber attack","cybersecurity news","cybersecurity","cyber attack news","PNG customer data","punjab national bank","information security auditors"],"secinfo":{"seolocation":"telecomnews\/vulnerability-in-pnb-server-exposed-customer-data-for-about-seven-months-cyberx9"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-11-21" data-index="article_1">

弱点暴露在PNB服务器客户数据大约七个月:CyberX9

CyberX9声称,银行体系脆弱性提供整个数字PNB的行政控制。

  • 2021年11月21日更新是05:08点
阅读: 100年行业专业人士
读者的形象读到100年行业专业人士
< p > PNB否认CyberX9声称对脆弱性的影响客户的数据。< / p >
PNB否认CyberX9声称对脆弱性的影响客户的数据。
新德里:一个服务器的漏洞旁遮普国家银行据说暴露其约1.8亿客户的个人和财务信息大约七个月,据网络安全公司CyberX9。CyberX9声称,银行体系脆弱性提供整个数字PNB行政控制。

与此同时,银行已确认故障,但否认有任何接触的关键数据由于弱点。

PNB说“客户数据/应用程序不受影响,由于这种“和“服务器已经关闭作为防范措施。”

广告
“旁遮普国家银行一直严重危及安全的资金,超过1.8亿的个人和财务信息(所有)客户约7个月。PNB只醒来和固定当CyberX9发现漏洞和脆弱性通知PNB通过、和NCIIPC,”帕沙克CyberX9创始人和MD Himanshu PTI说。

他说CyberX9研究小组发现了一个非常重要的安全问题在PNB导致管理访问内部服务器因此暴露出大量的银行系统在全国范围内对网络攻击过去七个月开放。

帕沙克说,漏洞被发现在一个exchange服务器相互联系与其他交流和共享所有访问,包括访问所有电子邮件地址导致访问所有电子邮件地址。

“我们发现的漏洞是导致最高水平的管理特权在PNB交换服务器。如果你获得域控制器通过一个exchange服务器然后门很容易打开任何计算机访问网络。

“这些计算机甚至包括那些被用于他们的分支机构和其他部门,”帕沙克说。

广告
联系时,PNB说的服务器漏洞被发现没有敏感或关键数据。

“服务器在漏洞被报道,被用作一个多个交换混合服务器用于On-prim的电子邮件路由到Office 365云。没有敏感/关键数据在这个服务器,”PNB说。

PNB否认CyberX9声称对脆弱性的影响客户的数据。

“服务器在一个单独的VLAN和客户数据/应用程序不受影响。脆弱性评估和渗透测试完成定期由外部、选任信息安全审计观察结果符合。

现在这个服务器已经关闭作为防范措施,”PNB说。

根据CyberX9,脆弱性是减轻11月19日,到印度网络安全监督机构、和国家关键信息基础设施保护中心(NCIIPC)。
  • 发布于2021年11月21日下午05:05坚持
是第一个发表评论。
现在评论

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序
\"&lt;p&gt;PNB
PNB denied CyberX9 claim on impact of the vulnerability on customer's data.<\/span><\/figcaption><\/figure>New Delhi: A vulnerability in the server of Punjab National Bank<\/a> allegedly exposed the personal and financial information of its about 180 million customers for about seven months, according to cyber security firm CyberX9. CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB<\/a> with administrative control.

Meanwhile, the bank has confirmed about the glitch but denied any exposure of critical data due to the vulnerability.

PNB said \"customer data\/applications are not affected due to this\" and \"server has been shut down as a precautionary measure.\"

\"Punjab National Bank kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC,\" CyberX9 founder and MD Himanshu Pathak told PTI.

He said CyberX9 research team discovered a very critical security issue in PNB which was leading to admin access to internal servers hence exposing a massive number of banks' systems nationwide open for cyber-attacks for the last about seven months.

Pathak said that vulnerability was found in an exchange server which is interconnected with other exchanges and shares all access -- including access to all email addresses which results in access to all email addresses.

\"The vulnerability which we discovered was leading to the highest level of admin privilege in PNB's exchange servers. If you gain access to Domain Controller through an exchange server then the doors very easily open to make any computer accessible in the network.

\"These computers even include those that are being used in their branches and other departments,\" Pathak said.

When contacted, PNB said the server in which the vulnerability was found had no sensitive or critical data.

\"The server wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive\/critical data in this server,\" PNB said.

PNB denied CyberX9 claim on impact of the vulnerability on customer's data.

\"The server is in a separate VLAN segment and customer data\/applications are not affected due to this. Vulnerability assessments and penetration testing is done periodically by external Cert-in empanelled
Information Security Auditors<\/a> and the observations are complied with.

Now this server has been shut down as a precautionary measure,\" PNB said.

According to CyberX9, the vulnerability was mitigated on November 19, and it reported the incident to Indian cyber security watchdog Cert-In and National Critical Information Infrastructure Protection Centre (NCIIPC).<\/body>","next_sibling":[{"msid":87832514,"title":"Transparency on algorithms needs to be conscious step for social media platforms: Koo co-founder","entity_type":"ARTICLE","link":"\/news\/transparency-on-algorithms-needs-to-be-conscious-step-for-social-media-platforms-koo-co-founder\/87832514","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"seoschemas":false,"msid":87832554,"entity_type":"ARTICLE","title":"Vulnerability in PNB server exposed customer data for about seven months: CyberX9","synopsis":"CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB with administrative control.","titleseo":"telecomnews\/vulnerability-in-pnb-server-exposed-customer-data-for-about-seven-months-cyberx9","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":2175,"shares":0,"engagementtimems":7840000},"Alttitle":{"minfo":""},"artag":"PTI","artdate":"2021-11-21 17:05:46","lastupd":"2021-11-21 17:08:02","breadcrumbTags":["PNB data breach","Internet","PNB","cyber attack","cybersecurity news","cybersecurity","cyber attack news","PNG customer data","punjab national bank","information security auditors"],"secinfo":{"seolocation":"telecomnews\/vulnerability-in-pnb-server-exposed-customer-data-for-about-seven-months-cyberx9"}}" data-news_link="//www.iser-br.com/news/vulnerability-in-pnb-server-exposed-customer-data-for-about-seven-months-cyberx9/87832554">