Thursday, May 22, 2025
HomeCVE/vulnerabilityZero-Day Bug in Verisign & IaaS Services Such as Google, Amazon let...

Zero-Day Bug in Verisign & IaaS Services Such as Google, Amazon let Hackers to Register Malicious Domains

Published on

SIEM as a Service

Follow Us on Google News

A critical zero-day vulnerability that affected Verisign and multiple IaaS services companies such as Google, Amazon and DeigitalOcean let attackers register t homograph domain names ( .com and .net).

Successfully register these Homograph domains looks like the same well-known domains, and subdomains used to perform social engineering attacks & insider attackers to the organization and it is similar to the IDN Homograph attack

Researchers identified several homograph domains are active since 2017 with HTTPS certificate that mimics the various sectors domains incusing financial, internet shopping, technology, and other Fortune 100 sites.

- Advertisement - Google News

Matt Hamilton, a researcher from Soluble identified that several Generic top-level domains (gTLDs) are possible to register using the Unicode Latin IPA Extension character, and also he was able to register the following Homograph domains.

amɑzon.com**
chɑse.com
sɑlesforce.com
ɡmɑil.com
ɑppɩe.com
ebɑy.com
ɡstatic.com
steɑmpowered.com
theɡuardian.com
theverɡe.com
washinɡtonpost.com
pɑypɑɩ.com
wɑlmɑrt.com
wɑsɑbisys.com
yɑhoo.com
cɩoudfɩare.com
deɩɩ.com
gmɑiɩ.com
gooɡleapis.com
huffinɡtonpost.com
instaɡram.com
microsoftonɩine.com
ɑmɑzonɑws.com**
ɑndroid.com
netfɩix.com
nvidiɑ.com
ɡoogɩe.com

The above registered homographic domains are exactly similar to the respective original domains with the use of Unicode Latin IPA.

Similarly, the researcher tested nearly 300 prominent domains and the vulnerability believed to be only used in highly-targeted social engineering campaigns that will install malware, and steal sensitive data.

According to the Soluble report ” It appears that Verisign and other providers have been unaware of the homoglyphs within the Unicode Latin IPA Extension character set”

Register Homographic Domain by a Mix of Unicode & Latin characters

Basically, Verisign prevents users to register the domains that used mixed scripts such as “gооgle.com” using Cyrillic “о”s .

But due to the Zero-day bug, it was possible to register domains with a mix of Unicode and Latin characters as long as the Unicode characters were themselves Latin.

“Registrars, like Verisign, explicitly enforce anti-homograph measures (disallowing mixed-scripts) because they don’t want lookalike domains on their gTLDs. Public services that exist on a shared root, such as “s3.amazonaws.com”, “storage.googleapis.com”, or other services which allow users to create arbitrarily-named subdomains, should apply these same restrictions—they are effectively acting as registrars for those roots in the same way Verisign does for “.com”. Researcher said.

This bug affected not only VeriSign gTLDs but, any TLD which allows Latin IPA characters is likely affected. 

This vulnerability consider as Zero-day since multiple instances of HTTPS certificate logs through Certificate Transparency have been identified, also one “unofficial” JavaScript library hosted at a prominent domain.

Follow us on TwitterLinkedinFacebook for Daily cyber security & hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party...

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate...

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Ivanti EPMM 0-Day RCE Vulnerability Under Active Attack

Critical vulnerability chain in Ivanti’s Endpoint Manager Mobile (EPMM) has been actively exploited.  The vulnerabilities,...

Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure

Cybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability...

CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog

Cybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti...