b2b-daily
Search
Close this search box.
Search
Close this search box.
Home | IT | Cyber Security

Nominet Hit by Zero-Day Vulnerability in Ivanti VPN Products, Patches Released

Avatar photo
by Craig Anderson
January 17, 2025
Nominet Hit by Zero-Day Vulnerability in Ivanti VPN Products, Patches Released

In a significant security breach, Nominet, the UK’s top-level domain registry responsible for managing over 11 million domains including .uk, .wales, and .cymru, recently experienced a zero-day vulnerability in Ivanti VPN products. The incident, which came to light in late December, triggered concern among the cybersecurity community due to its potential for widespread impact. The zero-day attack was traced to a buffer overflow vulnerability in Ivanti Connect Secure, a critical flaw that scored a high 9.0 on the CVSS scale. This particular vulnerability leaves the system susceptible to unauthenticated remote code execution, posing a substantial risk to sensitive internet infrastructure. Additionally, this flaw affected versions of Ivanti Connect Secure before 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3.

Quick Patching and Response

On January 8th, Ivanti quickly rolled out a patch for Connect Secure and pledged to fix other affected products by January 21. Nominet responded immediately, applying the patches and notifying the authorities about the breach. Additionally, Nominet enhanced its security measures by tightening VPN access controls to prevent future exploits. During the incident, Nominet collaborated with external experts to investigate the breach, aiming to minimize any damage swiftly. Initial findings showed no data loss or presence of backdoors, and crucial domain registration and management systems remained operational, ensuring uninterrupted services.

This incident underscores the vital importance of rapid detection and response to zero-day vulnerabilities. It reminds us that even well-secured organizations can be targeted and must be equipped to respond promptly to reduce potential damage. As the investigation delved into the specifics of the intrusion, the focus was on understanding the breach’s depth and preventing future occurrences. The swift responses from Ivanti and Nominet highlighted the need for vigilant and adaptive security measures in today’s constantly changing cybersecurity environment.

Information Security

Explore more

Matillion Launches AI Tool Maia for Enhanced Data Engineering
June 9, 2025

Matillion has unveiled a groundbreaking innovation in data engineering with the introduction of Maia, a comprehensive suite of AI-driven data agents designed to simplify and automate the multifaceted processes inherent in data engineering. By integrating sophisticated artificial intelligence capabilities, Maia holds the potential to significantly boost productivity for data professionals by reducing the manual effort required in creating data pipelines.

How Is AI Reshaping the Future of Data Engineering?
June 9, 2025

In today’s digital age, the exponential growth of data has been both a boon and a challenge for various sectors. As enormous volumes of data accumulate, the global big data and data engineering market is poised to experience substantial growth, surging from $75 billion to $325 billion by the decade’s end. This expansion reflects the increasing investments by businesses in

UK Deploys AI for Arctic Security Amid Rising Tensions
June 9, 2025

Amid an era marked by shifting global power dynamics and climate transformation, the Arctic has transitioned into a strategic theater of geopolitical importance. As Arctic ice continues to retreat, opening previously inaccessible shipping routes and exposing untapped reserves of natural resources, the United Kingdom is proactively bolstering its security measures in the region. This move underscores a commitment to leveraging

Ethical Automation: Tackling Bias and Compliance in AI
June 9, 2025

With artificial intelligence (AI) systems progressively making decisions once reserved for human discretion, ethical automation has become crucial. AI influences vital sectors, including employment, healthcare, and credit. Yet, the opaque nature and rapid adoption of these systems have raised concerns about bias and compliance. Ensuring that AI is ethically implemented is not just a regulatory necessity but a conduit to

AI Turns Videos Into Interactive Worlds: A Gaming Revolution
June 9, 2025

The world of gaming, education, and entertainment is on the cusp of a technological shift due to a groundbreaking innovation from Odyssey, a London-based AI lab. This cutting-edge AI model transforms traditional videos into interactive worlds, providing an experience reminiscent of the science fiction “Holodeck.” This research addresses how real-time user interactions with video content can be revolutionized, pushing the