Security Snacks #23 – Facebook leak & Corporate networks at risk of “Domain Time II” vulnerability

By Anna Hammond

April 9, 2021

Security Snacks #23 – Facebook leak & Corporate networks at risk of “Domain Time II” vulnerability

Special announcement

To all our regular readers and subscribers, thank you for your interest! We would like to inform you that, after this week’s issue, the newsletter will be put on pause. We will evaluate your valuable feedback and hopefully come back at a later date.

Click here to subscribe

Wondering about the latest threats to your apps and corporate networks?

This week’s notable security news include a remote code execution in time syncing software used by many large corporations and government networks, and a relatively new type of impactful SAML implementations bugs.

Also, you might want to check out if you are one of the 533 million Facebook users who had their personal data leaked…

Notable Security News

Facebook says dump of 533m accounts is old news. But my date of birth, name, etc haven’t changed in years, Zuck

Facebook data of 533 million users was posted to cyber-crime forums. The leak includes phone numbers, names, dates of birth, email addresses, location information, gender details, job data…

More worrying than having such sensitive information (that doesn’t expire) exposed is Facebook’s response. They are not planning to notify affected users, so if you want to know whether your phone number and email were exposed, they are searchable in Have I Been Pwned.

Vulnerability in time-syncing software puts a ton of corporate networks at risk

The Domain Time II software used for time synchronization inside corporate networks of many large corporations and government agencies is vulnerable to Man-on-the-Side (MotS) attacks.

Threat actors with access to a victim’s network traffic can hijack the software’s upgrade process to download malware, gain remote code execution and spread laterally across the network.

Official PHP Git server targeted in attempt to bury malware in code base

Unknown actors attempted to plant a backdoor in the PHP programming language’s source code. Almost 80% of websites use PHP. So, this would have a been a serious supply chain attack if it weren’t for maintainers of the PHP Git repo noticing the unauthorized commits.

They released a post-mortem report with details on the attack and remediation actions taken.

Vulnerabilities in Single Sign-On services could be abused to bypass authentication controls

Adam Roberts, a security researcher at NCC Group, published details of a vulnerability class commonly found in Single Sign-On services, specifically in SAML implementations.

Given the impact (unauthorized access to arbitrary user accounts), it is important for both developers and penetration testers working with SAML to be aware of these flaws.

Ransomware: Nearly a fifth of victims who pay off extortionists fail to get their data back

Kaspersky published an interesting report after polling 15,000 consumers worldwide on their attitudes towards online privacy.

Amongst other findings, more than half ransomware victims paid the ransom, but nearly one in five (17%) didn’t get their data back despite paying. Also, half of users who lost devices had sensitive information stolen and exposed.

Other Interesting News


Data breaches




You may also like