UK Domain Leader Nominet Reports Cybersecurity Breach Tied to Ivanti VPN Vulnerabilities

UK Domain Leader Nominet Reports Cybersecurity Breach Tied to Ivanti VPN Vulnerabilities

Nominet, the U.K. domain registry responsible for managing .co.uk domains, is currently facing a significant cybersecurity incident linked to a recently discovered Ivanti VPN vulnerability. This unfortunate event has raised concerns about the security of numerous organizations relying on the same VPN software.

Details of the Cybersecurity Incident

In an email sent to its customers, which was reviewed by TechCrunch, Nominet described the situation as an “ongoing security incident” that is currently being investigated. Here are the key points regarding the incident:

  • Nominet confirmed that hackers gained access to their systems through “third-party VPN software supplied by Ivanti.”
  • The attack exploited a zero-day vulnerability, which meant Nominet had no opportunity to apply necessary security patches.
  • Ivanti acknowledged that hackers are actively exploiting a vulnerability in its Connect Secure VPN, a popular enterprise solution.

Extent of the Vulnerability

While Ivanti has not disclosed the total number of affected customers, cybersecurity firm watchTowr Labs informed TechCrunch that they have observed a “widespread” compromise among various organizations. This raises alarms about the potential risks faced by those utilizing Ivanti’s VPN products.

Nominet’s Response and Investigation

Nominet is the first organization to publicly announce its involvement in this incident related to the Ivanti vulnerability. The company reassured its customers that, as of now, there is “no evidence of data breach or leakage.” Here are some of the actions Nominet has taken:

  1. They have restricted access to the VPN software while conducting a thorough investigation.
  2. They are closely monitoring their systems for any signs of further intrusion.
  3. They are communicating regularly with stakeholders to provide updates on the situation.
READ ALSO  Mastering Identity: The Key to Successful Zero Trust Implementation

As the investigation unfolds, Nominet is taking every precaution to safeguard its systems and customer data. It’s crucial for organizations using Ivanti’s Connect Secure VPN to remain vigilant and monitor their networks for any unusual activities.

For more information about cybersecurity best practices, you can visit the Cybersecurity and Infrastructure Security Agency (CISA) website.

Similar Posts

Hawcx Secures $3M Funding to Revolutionize Passwordless Authentication in Cybersecurity

Hawcx Secures $3M Funding to Revolutionize Passwordless Authentication in Cybersecurity

Bysupport

Hawcx, a cybersecurity startup focused on passwordless authentication, has raised $3 million in a pre-seed funding round led by Engineering Capital, with support from Boldcap. This funding will help Hawcx enhance its product and expand its market presence. Founded in 2023 by Riya Shanmugam and others, Hawcx aims to address security vulnerabilities tied to traditional passwords, which are linked to 86% of data breaches. Their platform integrates easily with existing systems, simplifying user login. CEO Shanmugam highlights the urgent need for innovation in authentication, as traditional passwords become obsolete in favor of more user-friendly solutions.

Paragon Confirms U.S. Government's Use of Their Spyware Solutions

Barcelona Spyware Startup Variston Closes Doors: Key Insights from Recent Filing

Bysupport

Variston, a Barcelona-based spyware vendor, has officially ceased operations, confirmed by a legal notice on February 10, 2023. Founded in 2018 by Ralf Wegener and Ramanan Jayaraman, the company gained notoriety after being unveiled in a 2022 Google report, prompting scrutiny and subsequent downsizing. Former employees noted that the exposure significantly contributed to Variston’s downfall. The closure raises concerns about the future of the spyware industry and its ethical implications, as the balance between innovation and privacy comes into question. Attempts to contact company representatives for comments have gone unanswered, highlighting their retreat from public visibility.

Insight Partners Confirms January Cyberattack: What You Need to Know

Insight Partners Confirms January Cyberattack: What You Need to Know

Bysupport

U.S. venture capital firm Insight Partners disclosed a significant cybersecurity breach occurring in January, where hackers accessed its systems via a social engineering attack. The firm acted quickly to contain the breach and launched an investigation shortly after detection. While specific details remain undisclosed, Insight Partners, which manages over $90 billion in assets, has notified stakeholders and recommended enhanced security protocols, suggesting possible data access. Despite the incident, the firm assured stakeholders that operations would continue without disruption. This breach underscores rising data security concerns in the investment sector as organizations face evolving cybersecurity threats.

Massive PowerSchool Data Breach Exposes Personal Information of 16,000 UK Students

Massive PowerSchool Data Breach Exposes Personal Information of 16,000 UK Students

Bysupport

The PowerSchool data breach has raised alarms over student data security in the UK, affecting around 16,000 students from four schools. Hackers accessed sensitive personal information, including contact details and limited medical data, through compromised credentials in the company’s customer support portal. Although PowerSchool has communicated with those impacted outside the U.S. and Canada, it has not offered credit monitoring and has not reported the breach to the UK’s Information Commissioner’s Office (ICO). The breach potentially impacts over 62 million students and 9.5 million teachers globally, although PowerSchool has not confirmed this figure.

Paragon Spyware Unveils New Target: Latest Developments in Cybersecurity Threats

Paragon Spyware Unveils New Target: Latest Developments in Cybersecurity Threats

Bysupport

Mediterranea Saving Humans, an Italian nonprofit focused on rescuing migrants, announced that its founder, Luca Casarini, was targeted in a spyware campaign aimed at WhatsApp users. The spyware, developed by Israeli startup Paragon Solutions, affected around 90 individuals, including activists and journalists challenging Italy’s far-right government. Mediterranea expressed concerns about potential government involvement in the operation. While Paragon’s U.S. subsidiary claimed a zero-tolerance policy against targeting civil society figures, they did not clarify if the Italian government is a client. The Citizen Lab is investigating Casarini’s phone for spyware, underscoring the risks associated with the surveillance industry.

Garantex Administrator Arrested in India: Extradition Law Enforcement in Action

Garantex Administrator Arrested in India: Extradition Law Enforcement in Action

Bysupport

Indian authorities arrested Aleksej Besciokov, co-founder of the sanctioned Russian cryptocurrency exchange Garantex, in Kerala. This action follows a U.S. Department of Justice indictment accusing him of facilitating money laundering linked to North Korean hackers. Besciokov was apprehended under India’s extradition law and is set to appear in court. Garantex has suspended operations and is facing scrutiny from U.S. authorities, who have seized its websites and frozen over $26 million in cryptocurrency. Despite these challenges, Garantex aims to fulfill its obligations to users and plans to compensate for blocked assets through resources in Russia.