1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Nominet says it was hit by cyberattack following recent Ivanti VP

    From TechnologyDaily@1337:1/100 to All on Tue Jan 14 10:45:05 2025
    Nominet says it was hit by cyberattack following recent Ivanti VPN security issue

    Date:
    Tue, 14 Jan 2025 10:36:50 +0000

    Description:
    Nominet says criminals abused zero-day in an Ivanti VPN.

    FULL STORY ======================================================================Nominet warns customers about a recent cyberattack The company says the attackers abused an Ivanti zero-day So far, there is no evidence of data tampering or backdoor dropping

    Top domain registrar company Nominet has warned its customers of a
    cyberattack it suffered due to a zero-day vulnerability in Ivanti VPN products.

    Citing a letter being sent to affected individuals, The Register claims the company suggests the criminals may have made their way in using the recently-highlighted Ivanti security flaws .

    The entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely." the letter apparently reads. "The unauthorized intrusion into our network exploited a zero-day vulnerability." Abusing a zero-day

    Nominet says it has not yet found any evidence of data leaks, or theft, and says that the attackers did not plant any backdoors or other malware onto its systems.

    "Aided by external experts, our investigation continues, and we have put additional safeguards in place, including restricted access to our systems from VPN," it said.

    The company confirmed its systems are operating normally and that the attack did not cause any significant disruption.

    While it was not specifically mentioned, The Register speculates the
    attackers could have abused CVE-2025-0282, a zero-day recently found in
    Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

    Ivanti had recently warned customers of a critical vulnerability impacting
    its VPN appliances being actively exploited in the wild to drop malware. In a security advisory, the company said it uncovered two vulnerabilities recently - CVE-2025-0282 and CVE-2025-0283, both of which are impacting Ivanti Connect Secure VPN appliances.

    The former was given a severity score of 9.0 (critical), and is described as an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network, it was said.

    The company urged customers to apply the patch immediately, and provided further details about the threat actors and their tools.

    Via The Register You might also like US Treasury declares major incident after apparent state-sponsored Chinese hack Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/nominet-says-it-was-hit-by-cyberattack- following-recent-ivanti-vpn-security-issue


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)