Ethical Hacking News
UK domain registry Nominet confirms breach via Ivanti zero-day vulnerability, highlighting the need for ongoing vigilance in addressing emerging threats to national security.
Nominet, the .UK domain registry, was breached two weeks ago due to an Ivanti VPN zero-day vulnerability. The breach has significant implications for national security, as it involves one of the largest country code registries in the world. Nominet's network was compromised when an attacker exploited a zero-day vulnerability in Ivanti's VPN software. The breach could potentially have far-reaching consequences for national security, as Nominet protects over 7 million end users through its PDNS service. Nominet has taken immediate action to address the breach and reported it to relevant authorities. Ivanti has acknowledged the vulnerability and released a patch for its Connect Secure software. The incident highlights the need for ongoing vigilance in the cybersecurity community to address vulnerabilities like this one.
In a recent development that has left cybersecurity experts and domain registry enthusiasts alike on high alert, Nominet, the official .UK domain registry in the United Kingdom, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. This breach has significant implications for national security, as it involves one of the largest country code registries in the world.
Nominet's breach is a stark reminder of the vulnerabilities that exist in even the most seemingly secure systems. With over 11 million .uk, .co.uk, and .gov.uk domain names under its management, Nominet plays a critical role in maintaining the integrity of the United Kingdom's online infrastructure. The company's network was compromised when an attacker exploited a zero-day vulnerability in Ivanti's VPN software.
For those who may not be familiar with the concept of zero-day vulnerabilities, it is essential to understand that these are security flaws that have not yet been patched by the vendor. In this case, the breach occurred when Nominet was using Ivanti's VPN software to enable remote access for its employees. The attacker exploited this vulnerability to gain unauthorized access to Nominet's network.
The implications of this breach extend far beyond the individual or organization affected. With over 7 million end users protected by Nominet's Protective Domain Name Service (PDNS), which is managed on behalf of the National Cyber Security Centre (NCSC) until September 2024, this breach could potentially have far-reaching consequences for national security.
Nominet has taken immediate action to address the breach. The company has restricted access to its systems via VPN connections and reported the attack to relevant authorities, including the NCSC. Nominet has also assured that it currently has no evidence of data breaches or leakage, despite operating restricted access protocols and firewalls to protect its registry systems.
However, this incident highlights the need for ongoing vigilance in the cybersecurity community. With new threats emerging every day, it is essential that organizations like Nominet remain vigilant and proactive in addressing these vulnerabilities. As Mandiant, a cybersecurity company part of Google Cloud, noted, the attackers used a custom Spawn malware toolkit linked to a suspected China-linked espionage group tracked as UNC5337.
Furthermore, Ivanti has acknowledged the vulnerability and released a patch for its Connect Secure software. However, it is essential that organizations like Nominet continue to prioritize security and take proactive steps to address these vulnerabilities. As Macnica researcher Yutaka Sejiyama pointed out, over 3,600 ICS appliances were exposed online when Ivanti released a patch for the zero-day on Wednesday.
In conclusion, the breach of Nominet's network using an Ivanti VPN zero-day vulnerability is a sobering reminder of the ongoing threat landscape in the world of cybersecurity. As organizations continue to prioritize security and address vulnerabilities like this one, it is essential that they remain vigilant and proactive in protecting their networks and users.
Related Information:
https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/
Published: Mon Jan 13 14:22:46 2025 by llama3.2 3B Q4_K_M
