Special announcement
To all our regular readers and subscribers, thank you for your interest! We would like to inform you that, after this week’s issue, the newsletter will be put on pause. We will evaluate your valuable feedback and hopefully come back at a later date.
Wondering about the latest threats to your apps and corporate networks?
This week’s notable security news include a remote code execution in time syncing software used by many large corporations and government networks, and a relatively new type of impactful SAML implementations bugs.
Also, you might want to check out if you are one of the 533 million Facebook users who had their personal data leaked…
Notable Security News

Facebook data of 533 million users was posted to cyber-crime forums. The leak includes phone numbers, names, dates of birth, email addresses, location information, gender details, job data…
More worrying than having such sensitive information (that doesn’t expire) exposed is Facebook’s response. They are not planning to notify affected users, so if you want to know whether your phone number and email were exposed, they are searchable in Have I Been Pwned.

Vulnerability in time-syncing software puts a ton of corporate networks at risk
The Domain Time II software used for time synchronization inside corporate networks of many large corporations and government agencies is vulnerable to Man-on-the-Side (MotS) attacks.
Threat actors with access to a victim’s network traffic can hijack the software’s upgrade process to download malware, gain remote code execution and spread laterally across the network.

Official PHP Git server targeted in attempt to bury malware in code base
Unknown actors attempted to plant a backdoor in the PHP programming language’s source code. Almost 80% of websites use PHP. So, this would have a been a serious supply chain attack if it weren’t for maintainers of the PHP Git repo noticing the unauthorized commits.
They released a post-mortem report with details on the attack and remediation actions taken.

Vulnerabilities in Single Sign-On services could be abused to bypass authentication controls
Adam Roberts, a security researcher at NCC Group, published details of a vulnerability class commonly found in Single Sign-On services, specifically in SAML implementations.
Given the impact (unauthorized access to arbitrary user accounts), it is important for both developers and penetration testers working with SAML to be aware of these flaws.

Ransomware: Nearly a fifth of victims who pay off extortionists fail to get their data back
Kaspersky published an interesting report after polling 15,000 consumers worldwide on their attitudes towards online privacy.
Amongst other findings, more than half ransomware victims paid the ransom, but nearly one in five (17%) didn’t get their data back despite paying. Also, half of users who lost devices had sensitive information stolen and exposed.
Other Interesting News
Cybercrime
- Google: North Korean hackers are still targeting security researchers
- Another supply-chain attack? Android maker Gigaset injects malware into victims’ phones via poisoned update
- GitHub investigating crypto-mining campaign abusing its server infrastructure
- Call of Duty Cheats Expose Gamers to Malware, Takeover
- SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers
- FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited
- How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants
Data breaches
- Another 500 million accounts have leaked online, and LinkedIn’s in the hot seat
- Whistleblower claims Ubiquiti Networks data breach was ‘catastrophic’
- Leaker Dismisses MobiKwik’s Not-So-Nimble Breach Denial
- Booking.com fined €475,000 for reporting data breach too late
Vulnerabilities
- BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE
- Popular remote lesson monitoring program could be exploited to attack student PCs
- Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection
- NSA workflow application Emissary vulnerable to malicious takeover
- 5G network slicing flaws pose denial-of-service, data theft risk
- SSRF vulnerability in NPM package Netmask impacts up to 279k projects
Tech
- Most loved programming language Rust sparks privacy concerns
- IETF officially deprecates TLS 1.0 and TLS 1.1
Misc.
- Pwn2Own 2021 hacking contest ends with a three-way tie
- CISA gives federal agencies 5 days to find hacked Exchange servers
- President Biden’s new executive order could oblige software vendors to tell Uncle Sam about security breaches
- Swiss security provocateur who leaked Intel secrets indicted by US authorities
- NIST Drafts Election Security Guidance