Nominet Confirms Cybersecurity Incident Linked to Ivanti VPN Hacks – TechCrunch
Nominet, the U.K. domain registry responsible for maintaining .co.uk domains, has been hit by a cybersecurity incident directly connected to the recent exploitation of a new vulnerability in Ivanti VPN software. This revelation comes in the midst of a wave of similar attacks targeting organizations worldwide.
The Breach Unveiled: What Happened?
According to reports from TechCrunch, Nominet informed its customers via email about an “ongoing security incident” that is currently under investigation. The breach was made possible by hackers gaining unauthorized access to Nominet’s systems through a third-party VPN software provided by Ivanti. This intrusion took advantage of a zero-day vulnerability, leaving Nominet with no time to implement necessary security patches.
A Chain Reaction: Impact on the Industry
Ivanti, the provider of the compromised VPN software, acknowledged that hackers had been exploiting a vulnerability in its Connect Secure enterprise VPN appliance. This vulnerability allowed them to infiltrate the networks of multiple customers. Although Ivanti has not disclosed the exact number of affected customers, cybersecurity experts from watchTowr Labs revealed that they have observed widespread compromises across various organizations.
Nominet’s Response: Current Status
As the first entity to publicly confirm falling victim to the Ivanti security flaw, Nominet assured its stakeholders that there is no evidence of any data breach or leakage at this time. To mitigate further risks, Nominet has taken proactive measures by restricting access to the compromised VPN software while conducting a thorough investigation into the incident.
This unfortunate event serves as a stark reminder of the ever-evolving landscape of cybersecurity threats faced by organizations of all sizes. The interconnected nature of modern technology systems highlights the importance of maintaining robust security measures and promptly addressing any vulnerabilities that may arise.
Remember, cybersecurity is everyone’s responsibility. Stay informed, stay vigilant, and prioritize the protection of your digital assets to safeguard against potential threats in an increasingly interconnected world.
