Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking.
MarkMonitor, now part of Clarivate, is a domain management company that "helps establish and protect the online presence of the world's leading brands - and the billions who use them."
The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
read more
Ian Carroll:
"Many companies — including MarkMonitor themselves — do not run a vulnerability disclosure or bug bounty program, so they are not included in my scanning and would not have been detected. Luckily, since all of these domains use a static IP address, we can see exactly how many domains on the internet were pointed to the vulnerable service.
MarkMonitor, now part of Clarivate, is a domain management company that "helps establish and protect the online presence of the world's leading brands - and the billions who use them."
The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
read more
Ian Carroll:
"Many companies — including MarkMonitor themselves — do not run a vulnerability disclosure or bug bounty program, so they are not included in my scanning and would not have been detected. Luckily, since all of these domains use a static IP address, we can see exactly how many domains on the internet were pointed to the vulnerable service.
