Nominet, the leading U.K. domain registry responsible for managing .co.uk domains, has confirmed a cybersecurity incident connected to a recently exploited vulnerability in Ivanti’s VPN software. The organization issued a formal warning to its customers about the current security breach, emphasizing that an investigation is actively in progress.
The recent incident highlights the exploitation of a newly discovered flaw in Ivanti’s VPN platform, sparking concerns about the security of the affected systems. Nominet is actively taking steps to tackle the situation and reduce any possible effects on its services.
According to Nominet, hackers gained access to its networks by using “third-party VPN software supplied by Ivanti.” The attack “exploited a zero-day vulnerability,” which prevented Nominet from applying updates in time.
Last week, Ivanti acknowledged that hackers were breaking into clients’ networks by taking advantage of a flaw in Connect Secure, a popular business VPN appliance. Although Ivanti has not disclosed the number of impacted clients, cybersecurity company Watchtower Labs informed TechJuice that it has seen “widespread” intrusions.
Nominet, the first organization to publicly acknowledge its impact from the Ivanti vulnerability, has stated that it presently possesses “no evidence of a data breach or leakage.” The company further stated that it had limited access to the VPN software during the course of its investigation into the incident.
