Remark trains AI models on human product experts to create personas that can answer questions with the same style of their human counterparts.
© 2024 TechCrunch. All rights reserved. For personal use only.
ICICI Bank, one of India’s top private banks, exposed the sensitive data of thousands of new credit cards to customers who were not their intended recipients.
The Mumbai-based bank confirmed to TechCrunch Thursday that its digital channels “erroneously mapped” about 17,000 credit cards issued in the past few days to “wrong” users. The issue came to light after some customers raised concerns on social media about the bank’s iMobile Pay app exposing unknown customers’ credit card details, including their full number and card verification value (CVV).
“Our customers are our utmost priority, and we are wholeheartedly dedicated to safe guarding their interests,” said Kausik Datta, corporate communications head at ICICI Bank, said in a statement emailed to TechCrunch. “We regret the inconvenience caused. No instance of misuse of a card from this set has been reported to us. However, we assure that the Bank will appropriately compensate a customer in case of any financial loss.”
The spokesperson added that the number of impacted credit cards constituted about 0.1% of the bank’s credit card portfolio.
As reported by the finance-related forum Technofino, sensitive data such as the full card number, expiry date and CVV of unknown customers’ credit cards suddenly appeared for some users on the iMobile Pay app.
“I have access to someone else’s Amazon Pay CC due to a security glitch on the iMobile app. Although OTP restricts domestic transactions, but I can do international transactions using the details from the iMobile app,” one of the users wrote on the forum.
The bank spokesperson told TechCrunch it blocked the affected cards and is issuing new cards to customers.
ICICI Bank, which has over 6,000 branches in India, is in 17 countries worldwide. The iMobile Pay app, launched in 2008, has over 28 million users.
Palo Alto Networks urged companies this week to patch against a newly discovered zero-day vulnerability in one of its widely used security products, after malicious hackers began exploiting the bug to break into corporate networks.
The vulnerability is officially known as CVE-2024-3400 and was found in the newer versions of the PAN-OS software that runs on Palo Alto’s GlobalProtect firewall products. Because the vulnerability allows hackers to gain complete control of an affected firewall over the internet without authentication, Palo Alto gave the bug a maximum severity rating. The ease with which hackers can remotely exploit the bug puts thousands of companies that rely on the firewalls at risk from intrusions.
Palo Alto said customers should update their affected systems, warning that the company is “aware of an increasing number of attacks” that exploit this zero-day — described as such because the company had no time to fix the bug before it was maliciously exploited. Adding another complication, Palo Alto initially suggested disabling telemetry to mitigate the vulnerability, but said this week that disabling telemetry does not prevent exploitation.
The company also said there is public proof-of-concept code that allows anyone to launch attacks exploiting the zero-day.
The Shadowserver Foundation, a nonprofit organization that collects and analyzes data on malicious internet activity, said its data shows there are more than 156,000 potentially affected Palo Alto firewall devices connected to the internet, representing thousands of organizations.
Security firm Volexity, which first discovered and reported the vulnerability to Palo Alto, said it found evidence of malicious exploitation going back to March 26, some two weeks before Palo Alto released fixes. Volexity said a government-backed threat actor that it calls UTA0218 exploited the vulnerability to plant a backdoor and further access its victims’ networks. The government or nation state that UTA0218 works for is not yet known.
This Palo Alto’s zero-day is the latest in a raft of vulnerabilities discovered in recent months targeting corporate security devices — like firewalls, remote access tools and VPN products. These devices sit at the edge of a corporate network and function as digital gatekeepers, but have a propensity to contain severe vulnerabilities that render their security and defenses moot.
Earlier this year, security vendor Ivanti fixed several critical zero-day vulnerabilities in its VPN product, Connect Secure, which allows employees remote access to a company’s systems over the internet. At the time, Volexity linked the intrusions to a China-backed hacking group, and mass exploitation of the flaw quickly followed. Given the widespread use of Ivanti’s products, the U.S. government warned federal agencies to patch their systems and the U.S. National Security Agency said it was tracking potential exploitation across the U.S. defense industrial base.
And the technology company ConnectWise, which makes the popular screen sharing tool ScreenConnect used by IT admins for providing remote technical support, fixed vulnerabilities that researchers deemed “embarrassingly easy to exploit” and also led to the mass exploitation of corporate networks.
Read more on TechCrunch:
It’s only Monday morning, but it already feels like Thursday given the sheer amount of news that’s flowing in.
We have two critical headlines for you today:
There’s lots more going on: The price ranges for Rubrik’s IPO have been leaked; ShareChat has suffered a valuation beheading haircut and global smartphone sales are picking up again. Hit play to catch up on what’s going to be the talk of Tech Twitter this week:
Equity is TechCrunch’s flagship podcast and airs every Monday, Wednesday and Friday. You can subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts.
You also can follow Equity on X and Threads at @EquityPod.
For the full interview transcript, for those who prefer reading over listening, read on, or check out our full archive of episodes over at Simplecast.
Founded in 2017, Atoms Lanka Solutions is a provider of IT consulting and software development services. Throughout the company’s history, we have worked with over 160 customers from 5+ countries..
