Friday, January 15, 22:40
Home security Zero-Day bug in Verisign & IaaS services lets hackers fix ...

Zero-Day bug in Verisign & IaaS services lets hackers fix fake domains

A critical zero-day bug that affected her Verisign and many IaaS services such as Google, Amazon, and DeigitalOcean let hackers register homographs (.com and .net).

Successful registration of these domain homographs resembles the same well-known domains and sub domains that are used to perform social engineering and internal attacks and are similar procedure with the IDN homograph attack.

Researchers have identified several domain names that have been active since 2017 with an HTTPS certificate that mimics the various domains that include financial, marketplace Internet, technology and other Fortune 100 sites.

Matt Hamilton, a researcher from Soluble, found that several Generic top-level domains (gTLDs) can be registered using the Unicode Latin IPA Extension character and was also able to register the following domain names.

The above listed domains are identical to the original original domains but essentially made using the Unicode Latin IPA.

Similarly, the researcher looked at about 300 significant domains and vulnerability is believed to be used only in campaigns social engineering high targeting that they intend to install malware and steal sensitive data.

According to the detailed report "It seems that Verisign and other providers did not know the so-called" homoglyphs "in the character set Unicode Latin IPA Extension".

Enter the domain domain with a mixture of Unicode and Latin characters

Basically, Verisign is blocking them users register domains that use mixed scripts such as “google.com” using Cyrillic “о”.

Biden

However, due to the zero-day bug, it was possible to register a domain with a combination of Unicode and Latin characters, since the Unicode characters were the same in Latin.

Companies like Verisign impose explicit measures against homographs (banning mixed scripts) because they do not want similar domains in the gTLD. The public services that exist in a communal root, such as “s3.amazonaws.com”, “storage.googleapis.com” or other services that allow users to create arbitrary sub domains should apply the same restrictionsSaid the researcher.

This bug not only affected VeriSign's gTLDs but most likely any TLD that allows for IPA Latin characters.

This vulnerability is considered zero day, as multiple occurrences of certificate logs were detected HTTPS through Certificate Transparency, as well as an "informal" library JavaScript hosted in a "prominent domain".

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...