☰
CDSL Ventures Ltd. (CVL), a subsidiary of India’s leading Demat services provider Central Depository Services Limited (CDSL), greatly suffered from a vulnerability in its systems that exposed personal and financial information of about 43 million Indian investors twice in 10 days, as per Cyber9X.
Cybersecurity startup CyberX9 reported the vulnerability to CDSL on 19th October, which the securities depository took 7 days to fix.
According to CyberX9's blog, the various data types exposed include investor name, email address, income range, phone number, PAN, father's name, date of birth, and other personal information.
For the uninitiated, CDSL is a government-registered share depository responsible for managing investor accounts on the National Stock Exchange (NSE), Bombay Stock Exchange (BSE), and other stock exchanges. Whereas, CVL is a KYC (know your customer) registration agency. Both the entities are SEBI (Securities and Exchange Board of India) registered.
Himanshu Pathak, Founder and MD of CyberX9, described the exposed data in the CDSL vulnerability as a virtual gold mine for scammers, phishers, and malicious actors aiming to spread misinformation to manipulate Indian share markets.
Pathak also mentioned that two government entities NCIIPC (National Critical Information Infrastructure Protection Centre) and CERT-In (Indian Computer Emergency Response Team), accepted their vulnerability report for CDSL.
The cybersecurity researchers at CyberX9 stated that they verified the fix before publication, and it was no longer exploitable. On October 29th, their research team discovered an easy and full bypass for the initial fix that CDSL implemented to address the previously reported vulnerability in just a few minutes.
The Chandigarh-based security firm mentioned the vulnerability was not highly complex the second time their team discovered it. They believe that the attackers have already stolen the data, and the government must conduct an impartial security audit of CDSL.
Source Credit-
An accomplished professional in the field of content development, playing with words comes naturally to Nikita Chaurasia. After completing her post-graduate MBA degree in Advertising and PR, Nikita worked across numerous content-driven verticals, undertaking diverse r...
Swiftly Systems has reportedly achieved unicorn status, securing in funding through a Series C round. The prominent BRV Capital Management led this funding initiative. According to the earlier reports, Swiftly was adopted by hundreds of consumer b...
As per the reports, twelve nations with rainforests united to establish a collective initiative aiming to address climate change and safeguard biodiversity at summit held in Brazil. The declaration, titled "United for Our Forests," emerged ...
Meta Platforms has recently introduced Llama 2, an artificial intelligence large language model, for commercial use in collaboration with major cloud providers like Microsoft. Instead of charging for access or usage, Meta aims to share the model with...
Moderna Inc, a leading vaccine manufacturer, reportedly announced on Wednesday that it has entered into a memorandum of understanding (MoU) and a land collaboration agreement aimed at exploring opportunities for researching, developing, and producing...
The American footwear design & manufacturing company, Nike and Epic Games, the creators of the popular online game Fortnite, have joined forces in an exciting new collaboration. The partnership aims to bring about a groundbreaking change in the d...
© 2024 aeresearch.net. All Rights Reserved.