UK Domain Leader Nominet Discloses Cyberattack Linked to Ivanti VPN Vulnerability
Cybersecurity Breach at Nominet
Nominet, the prominent UK-based domain registry responsible for managing .co.uk domains, has revealed it suffered a cybersecurity breach connected to the recent exploitation of a vulnerability in Ivanti VPN software.
Security Incident Under Investigation
In an alert sent to its customers, Nominet communicated that the organization is currently dealing with an "ongoing security incident," which is under detailed investigation.
Access via Ivanti VPN Software
The breach was facilitated through "third-party VPN software provided by Ivanti," exploited via a zero-day vulnerability, which left Nominet without an opportunity to implement patches in time.
Widespread Compromises Reported
The vulnerability in question was confirmed by Ivanti last week, particularly affecting its widely-used enterprise VPN appliance, Connect Secure. Although Ivanti has not disclosed the number of its customers impacted, cybersecurity experts at watchTowr Labs reported observing "widespread" compromises of systems.
No Evidence of Data Breach
As the initial entity to announce its exposure to the Ivanti-related vulnerability, Nominet assured that there is "no evidence of data breach or leakage" at this stage. The company has taken precautious measures by restricting access to the VPN software during the ongoing investigation.