Access and Metadata - Information Management Today

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Security Affairs

JANUARY 19, 2025

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5)

Metadata

Metadata Authentication Consumer Services Cloud

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

CDRThief specifically targets internal MySQL databases running in the devices to steal call metadata, including IP addresses of the callers, phone numbers, start time and duration of the call, call route, and call type. “To steal this metadata, the malware queries internal MySQL databases used by the Softswitch.”

Metadata

Metadata Encryption File names Passwords

DeepSeek database exposed highly sensitive information

Security Affairs

JANUARY 30, 2025

Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, exposing chat history, secret keys, and backend details. “Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data. ” concludes the report.

Metadata

Metadata Authentication Access Passwords

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

What is Metadata and Why is it Important?

AIIM

MARCH 9, 2021

One such tool is Metadata. Metadata offers significant benefits in terms of understanding information in new ways and in being able to leverage that intelligence to drive innovation and the customer experience. What is Metadata? The US Department of Defense has a definition of metadata in its DoD 5015.2

Metadata

Metadata IT Customer Experience Records Management

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

Data Breach Today

JUNE 10, 2019

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata.

Metadata

Metadata Access Security IT

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

CDRThief specifically targets internal MySQL databases running in the devices to steal call metadata, including IP addresses of the callers, phone numbers, start time and duration of the call, call route, and call type. “To steal this metadata, the malware queries internal MySQL databases used by the Softswitch.”

Metadata

Metadata Encryption File names Passwords

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

DECEMBER 1, 2021

The document analyzes lawful access to multiple encrypted messaging apps, including iMessage, Line, Signal, Telegram, Threema, Viber, WhatsApp, WeChat, or Wickr. “ The information reported in the training documents provides an up to date picture of the abilities of law enforcement in accessing the content of popular messaging apps. .

Encryption

Encryption FOIA Access Metadata

Unsecured Database Leaves 8.4 TB of Email Metadata Exposed

Data Breach Today

JUNE 11, 2019

TB of email metadata. While it's not clear if anyone accessed the data, an attacker could have seen all email being sent or received by a specific person.

Metadata

Metadata Access Security IT

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

The researchers analyzed the LNK files’ metadata, including Machine ID and MAC addresses, to trace infections linked to the same threat actor. The Coyote Banking Trojan monitors active windows and contacts its C2 servers when a target site is accessed. Then the malware starts monitoring the active window.

Metadata

Metadata Phishing Access Cybersecurity

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. Once compromised the eDNS servers, the attackers deployed a custom backdoor, tracked as SLAPSTICK, that allowed them to access the Solaris Pluggable Authentication Module (PAM).

Access

Access Passwords Metadata Authentication

Court documents show FBI could use a tool to access private Signal messages on iPhones

Security Affairs

FEBRUARY 13, 2021

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. ” states Forbes.

Access

Access Encryption Metadata Security

Supercharge Your Search Accuracy with Auto-Applied Email Metadata Upon Ingestion

AIIM

JULY 1, 2021

The ever increasing petabytes of data required to do business in the modern world of work require utilizing metadata to tag content. Why Metadata? Metadata (aka tags, properties, labels) is the key component in any robust Information Architecture plan. Break down silos.

Metadata

Metadata Information architecture Content services Records Management

Law Enforcement Access to Chat Data and Metadata

Schneier on Security

DECEMBER 10, 2021

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst. Signal protects the most metadata. Rolling Stone broke the story and it’s been written about elsewhere.

Metadata

Metadata Access Encryption IT

Active metadata for your business value

Collibra

DECEMBER 12, 2024

Managing metadata is even harder. So why do I need to care about metadata? What is the value of metadata? Active metadata will help you answer this question. Curious about what active metadata is and how it can help. What is active metadata? Traditional metadata is like a static description of your data.

Metadata

Metadata Compliance Privacy Analytics

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings. Experts believe threat actors exploited an insecure direct object reference (IDOR) vulnerability to access internal Webex meetings.

Government

Government Metadata Military Passwords

MongoDB investigates a cyberattack, customer data exposed

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information. . We detected suspicious activity on Wednesday (Dec.

Metadata

Metadata Data breaches Phishing Passwords

Two flaws in Apache SuperSet allow to remotely hack servers

Security Affairs

SEPTEMBER 7, 2023

addressed two vulnerabilities, respectively tracked as CVE-2023-39265 and CVE-2023-37941 , that could be exploited to take control of Superset’s metadata database. Below is the description for the flaw CVE-2023-39265 described as SQLite Access via SQLAlchemy URI Bypass. Version 2.1.1

Metadata

Metadata Access IT Security

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Security Affairs

APRIL 5, 2025

Call metadata can enable real-time surveillance if misused. With access to call history, attackers can map routines, contacts, and movements, risking the safety of whistleblowers, journalists, dissidents, and others. The issue likely affected most Verizon Wireless users, as the service is often enabled by default.

Metadata

Metadata Risk Passwords Authentication

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

Security Affairs

AUGUST 21, 2024

An attacker can exploit the vulnerability to access sensitive information. Combined with a useful SSRF protection bypass, we used this flaw to get access to Microsoft’s internal infrastructure for Copilot Studio, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances.”

Metadata

Metadata Access Authentication Cloud

GitHub addressed a critical vulnerability in Enterprise Server

Security Affairs

OCTOBER 15, 2024

GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. and 3.14.2.

Metadata

Metadata Encryption Phishing Authentication

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Security Affairs

APRIL 15, 2024

Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts. The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g.,

Data breaches

Data breaches Metadata Authentication Phishing

Multiple vulnerabilities affect the Juniper Junos OS

Security Affairs

OCTOBER 28, 2022

One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path injection and traversal, or local file inclusion.” “Phar files (PHP Archive) files contain metadata in serialized format, which when parsed by a PHP file operation function leads to the metadata getting deserialized.

Metadata

Metadata Archiving Authentication Access

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs

MAY 28, 2022

In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. On April 12, the company launched an investigation into a series of unauthorized access to data stored in repositories of dozens of organizations.

Metadata

Metadata Passwords Archiving Access

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

They also enrich documents with metadata and place them in crypto-containers, access to which is only granted by permission. G-71 created the state-of-the-art information security solution LeaksID to protect private and corporate documents from illegal access, complementing DLP systems. Identifying leakage.

Access

Access Marketing Metadata Information Security

SoReL-20M Sophos & ReversingLabs release 10 million disarmed samples for malware study

Security Affairs

DECEMBER 14, 2020

The SoReL-20M database includes a set of curated and labeled samples and security-relevant metadata that could be used as a training dataset for a machine learning engine used in anti-malware solutions. The availability of large and well-formed training sets is a major problem for the implementation of machine learning models.

Metadata

Metadata Security Access Information Security

Digitizing Records: Understanding Metadata Requirements

National Archives Records Express

JUNE 12, 2023

S49-07-001 – STS-049 – In cabin view of crewmember at the forward flight deck with laptop terminal National Archives Identifier: 22702275 In this blog post, we will explore the key aspects of metadata requirements and their significance in recordkeeping.

Metadata

Metadata Digital transformation File names Archiving

50% of internet-facing GitLab installations are still affected by a RCE flaw

Security Affairs

NOVEMBER 2, 2021

Threat actors created two user accounts with admin privileges on a publicly-accessible GitLab server belonging to this organization. If you need to access your GitLab from the internet, consider placing it behind a VPN.” ” reads the analysis published by HN Security. The flaw was initially rated with a CVSS score of 9.9,

Metadata

Metadata Access Cybersecurity Security

Western Digital addressed a critical bug in My Cloud OS 5

Security Affairs

MARCH 27, 2022

The CVE-2021-44142 vulnerability is a Samba out-of-bounds heap read/write that impacts the vfs_fruit VFS module when parsing EA metadata when opening files in smbd. The specific flaw exists within the parsing of EA metadata when opening files in smbd. reads the security advisory for this flaw.

Cloud

Cloud Metadata Access Security

Drupal addressed XSS and information disclosure flaws

Security Affairs

SEPTEMBER 17, 2020

. “A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.” ” reads the advisory. ” reads the advisory. ” reads the advisory. ” continues the advisory.

CMS

CMS Metadata Access Security

Experts discovered millions of.git folders exposed to public

Security Affairs

OCTOBER 19, 2022

A.git folder contains essential information about projects, such as remote repository addresses, commit history logs, and other essential metadata. Leaving this data in open access can lead to breaches and system exposure. The source code was leaking due to poor control of access to the.git folder. Original Post at [link].

Metadata

Metadata Access Risk IT

GUAC – A Google Open Source Project to secure software supply chain

Security Affairs

OCTOBER 21, 2022

GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata.” GUAC aggregates metadata from different sources, including databases of vulnerabilities, SLSA (Supply chain Levels for Software Artifacts), and software bills of materials (SBOM).

Metadata

Metadata Security Risk IT

GitHub fixed a new critical flaw in the GitHub Enterprise Server

Security Affairs

AUGUST 22, 2024

The vulnerability resides in the GHES’s SAML authentication and allows attackers with network access to forge SAML responses, potentially granting unauthorized site administrator access without prior authentication. ” reads the advisory. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14.

Authentication

Authentication Metadata Access Compliance

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

. “While SunBird features remote access trojan (RAT) functionality – a malware that can execute commands on an infected device as directed by an attacker – Hornbill is a discreet surveillance tool used to extract a selected set of data of interest to its operator.” ” concludes the report.

Metadata

Metadata Military Manufacturing Access

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Hashed passwords to access user accounts on the DTT trading platform were also leaked. Source: Cybernews Sensitive data leaked The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, emails sent by the company, and IP addresses. Leaked emails.

Metadata

Metadata Passwords Risk Cybersecurity

Hackers can abuse Microsoft Teams updater to deliver malicious payloads

Security Affairs

AUGUST 6, 2020

. “As per the patch, Microsoft Teams Updater will allow only local network paths to access and update, that means it will detect the string “http/s”, “:”, “/” and port numbers in the updater URL, blocks and log the activity under %localappdata%MicrosoftTeamsSquirrelSetup.log.”

Metadata

Metadata Access IT Security

Android.Cynos.7.origin trojan infected +9 million Android devices

Security Affairs

NOVEMBER 23, 2021

“At first glance, a mobile phone number leak may seem like an insignificant problem. “At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games’ main target audience.” ” states the report.

Metadata

Metadata Access IT Security

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Security Affairs

DECEMBER 1, 2021

The reports will also include up-to-date VirusTotal analysis metadata. Collections are open to our VirusTotal Community (registered users) and they will be enhanced with VirusTotal analysis metadata providing the latest information we have for the IoCs, along with some aggregated tags.”

Metadata

Metadata Security Access IT

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges

Security Affairs

MARCH 31, 2020

The issue resides in an unprotected REST-API endpoint, the issue could be exploited by an unauthenticated attacker to update arbitrary metadata, which ones that could grant or revoke administrative privileges for any registered user. ” reads the analysis published by WordFence. . ” continues the post.

Metadata

Metadata GDPR Authentication Access

Opportunity for Comment: Draft NARA Bulletin on Metadata Guidance for Transfer of Classified Electronic Records

National Archives Records Express

JULY 31, 2024

We are requesting comments on a draft NARA Bulletin: Metadata Guidance for the Transfer of Classified Electronic Records Please send comments or questions to rmstandards@nara.gov by August 16, 2024. This metadata documents the access restrictions, review and declassification, and other metadata elements.

Metadata

Metadata Archiving Access Security

A flaw in the R programming language could allow code execution

Security Affairs

MAY 1, 2024

. “Lazy evaluation is a strategy that allows for symbols to be evaluated only when needed, i.e., when they are accessed.” Once the symbol ‘y’ is accessed, the expression assigning the value of ‘x’ to ‘y’ is run. The key here is that ‘y’ is not assigned the value 1 because ‘y’ is not assigned to ‘x’ until it is accessed.

Metadata

Metadata Libraries Access IT

Common Problems with Content Migrations

AIIM

JULY 23, 2020

Does this information still need to be actively accessible? Process Dependencies: Work processes, both manual and automated, may rely on how a system works, what its reports contain, how its metadata is structured, and more. This is also known as metadata enrichment. Process Issues. What Do I Do with My Old System and Data?".

Metadata

Metadata Data structuring Records Management ROT

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Security Affairs

MARCH 3, 2021

The leaked data numbers in the millions and was accessible to anyone who possessed the link. There was no need for a password or login credentials to access the information, and the data was not encrypted. The voice recording information could be accessed by anyone with a link and an Internet connection, leaving millions vulnerable.

Data breaches

Data breaches Metadata Phishing B2B

What We Can Learn from the Capital One Hack

Krebs on Security

AUGUST 2, 2019

Since then, many have speculated the breach was perhaps the result of a previously unknown “zero-day” flaw, or an “insider” attack in which the accused took advantage of access surreptitiously obtained from her former employer. But new information indicates the methods she deployed have been well understood for years.

Metadata

Metadata Cloud Data breaches Access

Data leak exposes users of car-sharing service Blink Mobility

Security Affairs

DECEMBER 21, 2023

Its metadata was then indexed by search engines and discovered by Cybernews researchers on October 17th. Cybernews researchers reported the incident to the company the same day it was discovered, and two days later, the database was no longer accessible. Anyone with any MongoDB viewer could have accessed the public-facing database.

Passwords

Passwords Phishing Metadata Personal data

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Webinars

Trending Sources

DeepSeek database exposed highly sensitive information

Webinars

What is Metadata and Why is it Important?

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

CDRThief Linux malware steals VoIP metadata from Linux softswitches

FBI training document shows lawful access to multiple encrypted messaging apps

Unsecured Database Leaves 8.4 TB of Email Metadata Exposed

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

China-linked LightBasin group accessed calling records from telcos worldwide

Court documents show FBI could use a tool to access private Signal messages on iPhones

Supercharge Your Search Accuracy with Auto-Applied Email Metadata Upon Ingestion

Law Enforcement Access to Chat Data and Metadata

Active metadata for your business value

Cisco addressed Webex flaws used to compromise German government meetings

MongoDB investigates a cyberattack, customer data exposed

Two flaws in Apache SuperSet allow to remotely hack servers

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

GitHub addressed a critical vulnerability in Enterprise Server

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Multiple vulnerabilities affect the Juniper Junos OS

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

SoReL-20M Sophos & ReversingLabs release 10 million disarmed samples for malware study

Digitizing Records: Understanding Metadata Requirements

50% of internet-facing GitLab installations are still affected by a RCE flaw

Western Digital addressed a critical bug in My Cloud OS 5

Drupal addressed XSS and information disclosure flaws

Experts discovered millions of.git folders exposed to public

GUAC – A Google Open Source Project to secure software supply chain

GitHub fixed a new critical flaw in the GitHub Enterprise Server

Experts spotted two Android spyware used by Indian APT Confucius

Data leak at fintech giant Direct Trading Technologies

Hackers can abuse Microsoft Teams updater to deliver malicious payloads

Android.Cynos.7.origin trojan infected +9 million Android devices

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges

Opportunity for Comment: Draft NARA Bulletin on Metadata Guidance for Transfer of Classified Electronic Records

A flaw in the R programming language could allow code execution

Common Problems with Content Migrations

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

What We Can Learn from the Capital One Hack

Data leak exposes users of car-sharing service Blink Mobility

Stay Connected