Metadata and Security - Information Management Today

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Security Affairs

JANUARY 19, 2025

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5)

Metadata

Metadata Authentication Consumer Services Cloud

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment. “To steal this metadata, the malware queries internal MySQL databases used by the Softswitch.”

Metadata

Metadata Encryption File names Passwords

Crooks hide e-skimmer code in favicon EXIF Metadata

Security Affairs

JUNE 26, 2020

Malwarebytes experts observed crooks hiding a software skimmer in the EXIF metadata of an image that was surreptitiously loaded by compromised online stores. While investigating a Magecart attack, experts found an e-skimmer code hidden in the EXIF metadata of an image file and surreptitiously loaded by compromised online stores.

Metadata

Metadata Archiving Security IT

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

What is Metadata and Why is it Important?

AIIM

MARCH 9, 2021

One such tool is Metadata. Metadata offers significant benefits in terms of understanding information in new ways and in being able to leverage that intelligence to drive innovation and the customer experience. What is Metadata? The US Department of Defense has a definition of metadata in its DoD 5015.2

Metadata

Metadata IT Customer Experience Records Management

DeepSeek database exposed highly sensitive information

Security Affairs

JANUARY 30, 2025

After responsible disclosure, DeepSeek promptly secured the issue. Researchers discovered two unusual open ports (8123 and 9000) on DeepSeek’s servers, which provided access to a publicly exposed ClickHouse database without authentication, raising significant security concerns. ” reads the report published by Wiz.

Metadata

Metadata Authentication Access Passwords

Shanghai Jiao Tong University data leak – 8.4TB in email metadata exposed

Security Affairs

JUNE 10, 2019

Security expert discovered an exposed database belonging to Shanghai Jiao Tong University containing 8.4TB in email metadata. The exposed database containing 8.4TB in email metadata was discovered on May 22, 2019, through a Shodan search. . This database contained metadata related to a huge amount of emails. es website.

Metadata

Metadata Archiving Authentication Security

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

Data Breach Today

JUNE 10, 2019

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata.

Metadata

Metadata Access Security IT

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment. “To steal this metadata, the malware queries internal MySQL databases used by the Softswitch.”

Metadata

Metadata Encryption File names Passwords

Unsecured Database Leaves 8.4 TB of Email Metadata Exposed

Data Breach Today

JUNE 11, 2019

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4 TB of email metadata.

Metadata

Metadata Access Security IT

How to Build a Metadata Plan in Five Steps

AIIM

MARCH 16, 2021

Metadata resides at the center of many of the essential aspects of content management. In addition to helping organize and classify content, Metadata enables good findability, can trigger workflow and transactional processes, reveals document usage patterns and history, and helps establish retention and disposition events.

Metadata

Metadata ECM Customer Experience Analytics

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

The researchers analyzed the LNK files’ metadata, including Machine ID and MAC addresses, to trace infections linked to the same threat actor. “Consequently, it highlights the critical need for robust security measures for both individuals and institutions to safeguard against evolving cyber threats.”

Metadata

Metadata Phishing Access Cybersecurity

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Security Affairs

APRIL 5, 2025

Call metadata can enable real-time surveillance if misused. Since Cequints own website is down, concerns arise about how much user data this lesser-known company holdsand how securely it’s managed. The issue likely affected most Verizon Wireless users, as the service is often enabled by default.

Metadata

Metadata Risk Passwords Authentication

Active metadata for your business value

Collibra

DECEMBER 12, 2024

Managing metadata is even harder. So why do I need to care about metadata? What is the value of metadata? Active metadata will help you answer this question. Curious about what active metadata is and how it can help. What is active metadata? Traditional metadata is like a static description of your data.

Metadata

Metadata Compliance Privacy Analytics

Leveraging Metadata for Enhanced Information Governance

Gimmal

NOVEMBER 21, 2024

Enter metadata—a powerful tool that can revolutionize your information governance strategy. Ineffective Search Capabilities : Without additional metadata, searches are limited to file names or basic content, making it difficult to perform targeted searches. The Power of Metadata So, what is metadata?

Metadata

Metadata Information governance Government Records Management

Magecart Card Skimmer Hidden in Image's EXIF Metadata

Data Breach Today

JUNE 29, 2020

Malwarebytes Researchers Find Malicious JavaScript in WordPress Plugin Payment card hackers are now hiding malicious JavaScript inside an image's EXIF metadata and then sneaking the image onto e-commerce sites, according to the security firm Malwarebytes.

Metadata

Metadata Security

Security Affairs newsletter Round 270

Security Affairs

JUNE 28, 2020

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 270 appeared first on Security Affairs. Pierluigi Paganini.

Security

Security Sales Metadata Ransomware

Two flaws in Apache SuperSet allow to remotely hack servers

Security Affairs

SEPTEMBER 7, 2023

A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. addressed two vulnerabilities, respectively tracked as CVE-2023-39265 and CVE-2023-37941 , that could be exploited to take control of Superset’s metadata database. Version 2.1.1

Metadata

Metadata Access IT Security

MongoDB investigates a cyberattack, customer data exposed

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information. We detected suspicious activity on Wednesday (Dec.

Metadata

Metadata Data breaches Phishing Passwords

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

“In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers hosted in our Frankfurt data center.” ” continues the advisory.

Government

Government Metadata Military Passwords

Metadata Left in Security Agency PDFs

Schneier on Security

MARCH 12, 2021

We gathered a corpus of 39664 PDF files published by 75 security agencies from 47 countries. We have also measured the adoption of PDF files sanitization by security agencies. We identified only 7 security agencies which sanitize few of their PDF files before publishing. Short summary: no one is doing great.

Metadata

Metadata Security Paper IT

On Cell Phone Metadata

Schneier on Security

NOVEMBER 2, 2021

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked.

Metadata

Law Enforcement Access to Chat Data and Metadata

Schneier on Security

DECEMBER 10, 2021

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst. Signal protects the most metadata. Rolling Stone broke the story and it’s been written about elsewhere.

Metadata

Metadata Access Encryption IT

SoReL-20M Sophos & ReversingLabs release 10 million disarmed samples for malware study

Security Affairs

DECEMBER 14, 2020

The SoReL-20M database includes a set of curated and labeled samples and security-relevant metadata that could be used as a training dataset for a machine learning engine used in anti-malware solutions. The availability of large and well-formed training sets is a major problem for the implementation of machine learning models.

Metadata

Metadata Security Access Information Security

Multiple vulnerabilities affect the Juniper Junos OS

Security Affairs

OCTOBER 28, 2022

Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Phar files (PHP Archive) files contain metadata in serialized format, which when parsed by a PHP file operation function leads to the metadata getting deserialized. ” reads the advisory published by the vendor.

Metadata

Metadata Archiving Authentication Access

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Security Affairs

MARCH 19, 2021

Amazon EKS and the Need for Security. It also applies the newest security patches to a cluster’s control plane as a means of giving customers a more secure Kubernetes environment. Best Practices for Container Runtime Security in EKS. Admins can follow some best practices to ensure container runtime security in EKS.

Security

Security Metadata Cloud Access

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Security Affairs

APRIL 15, 2024

The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack. The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g.,

Data breaches

Data breaches Metadata Authentication Phishing

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

Security Affairs

AUGUST 21, 2024

Researchers have disclosed a critical security vulnerability in Microsoft’s Copilot Studio that could lead to the exposure of sensitive information. Researchers disclosed a critical security vulnerability, tracked as CVE-2024-38206 (CVSS score: 8.5), impacting Microsoft’s Copilot Studio.

Metadata

Metadata Access Authentication Cloud

Android Pie introduces important security and privacy enhancements

Security Affairs

DECEMBER 27, 2018

The tech giant updated the File-Based Encryption implementing the support for external storage media, it also included the metadata encryption with hardware support. ” reads a post written by Vikrant Nanda and René Mayrhofer from Android Security & Privacy Team. ” concluded Google.

Privacy

Privacy Security Encryption Authentication

50% of internet-facing GitLab installations are still affected by a RCE flaw

Security Affairs

NOVEMBER 2, 2021

The vulnerability was actively exploited in the wild, researchers from HN Security described an attack one of its customers. The vulnerability resides in ExifTool , an open source tool used to remove metadata from images, which fails in parsing certain metadata embedded in the uploaded image, resulting in code execution as described here.”

Metadata

Metadata Access Cybersecurity Security

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs

MAY 28, 2022

The experts first detected the intrusion on April 12 when the company’s security team identified unauthorized access to their npm production infrastructure using a compromised AWS API key. All private npm package manifests and package metadata as of April 7, 2021. ” concludes the announcement. Pierluigi Paganini.

Metadata

Metadata Passwords Archiving Access

Digitizing Records: Understanding Metadata Requirements

National Archives Records Express

JUNE 12, 2023

S49-07-001 – STS-049 – In cabin view of crewmember at the forward flight deck with laptop terminal National Archives Identifier: 22702275 In this blog post, we will explore the key aspects of metadata requirements and their significance in recordkeeping.

Metadata

Metadata Digital transformation File names Archiving

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa ( @_notdodo_ ), Security Engineer at Prima Assicurazioni. Cloud Security Context.

Cloud

Cloud Security Metadata Data breaches

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Metadata

Metadata Personal data Sales Privacy

Poland institutions and individuals targeted by an unprecedented series of cyber attacks

Security Affairs

JUNE 16, 2021

The media reported that the politicians targeted by the hackers used their private Gmail accounts for communications, instead of using their secure government accounts. Media reported that the metadata of the leaked documents shows that they were edited by a person using Russian-language software. Pierluigi Paganini.

Metadata

Metadata Government Phishing Communications

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

DECEMBER 1, 2021

Which are the most secure encrypted messaging apps? We got an FBI training doc on obtaining data from secure messaging apps, and shared it w/ @AndyKroll / @RollingStone. Anyway, depending on the single encrypted messaging apps, law enforcement could extract varying metadata that could allow unmasking the end-users.

Encryption

Encryption FOIA Access Metadata

Western Digital addressed a critical bug in My Cloud OS 5

Security Affairs

MARCH 27, 2022

The CVE-2021-44142 vulnerability is a Samba out-of-bounds heap read/write that impacts the vfs_fruit VFS module when parsing EA metadata when opening files in smbd. The specific flaw exists within the parsing of EA metadata when opening files in smbd. reads the security advisory for this flaw. Pierluigi Paganini.

Cloud

Cloud Metadata Access Security

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server. VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications.

IT

IT Security Encryption Passwords

GitHub addressed a critical vulnerability in Enterprise Server

Security Affairs

OCTOBER 15, 2024

To exploit this vulnerability, the attacker needed GitHub Enterprise Server’s encrypted assertions feature enabled, direct network access, and a signed SAML response or metadata document. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document. and 3.14.2. and 3.14.2,

Metadata

Metadata Encryption Phishing Authentication

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Security Affairs

DECEMBER 1, 2021

VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). The reports will also include up-to-date VirusTotal analysis metadata. ” reads the announcement published by Virus Total. ” reads the announcement published by Virus Total.

Metadata

Metadata Security Access IT

Chinese Hackers Play Operator With Global Telcos

Data Breach Today

JUNE 25, 2019

Cybereason Says Theft of Subscribers' Call Metadata Could Be Linked to Chinese APT Group Attackers - likely operating from China - have been surreptitiously hacking into global telecommunications providers' networks to quietly steal metadata and track subscribers - and those with whom they communicate - as part of an ongoing cyber espionage operation, (..)

Metadata

Metadata Communications Security

Poland: The leader of the PiS party blames Russia for the recent attack

Security Affairs

JUNE 20, 2021

The media reported that the politicians targeted by the hackers used their private Gmail accounts for communications, instead of using their secure government accounts. Media reported that the metadata of the leaked documents shows that they were edited by a person using Russian-language software. . Pierluigi Paganini.

Metadata

Metadata Government Phishing Communications

Microsoft publicly discloses details on critical ChromeOS flaw

Security Affairs

AUGUST 23, 2022

Google addressed the vulnerability in June, an attacker can trigger the flaw using malformed metadata associated with the songs. The OS Audio Server contains a method that extracts the ‘identity’ from metadata representing a song’s title. “we discovered the vulnerability could be remotely triggered by manipulating audio metadata.

Metadata

Metadata Security Information Security IT

WordPress version 5.0.1 addressed several vulnerabilities

Security Affairs

DECEMBER 14, 2018

Karim El Ouerghemmi discovered that security issues allows authors to alter metadata and delete files that they normally would not be authorized to delete. Security expert Sam Thomas discovered that contributors could use specially crafted metadata for PHP object injection. Security Affairs –WordPress, security).

CMS

CMS Metadata Passwords Security

Security Affairs newsletter Round 218 – News of the week

Security Affairs

JUNE 15, 2019

The best news of the week with Security Affairs. Shanghai Jiao Tong University data leak – 8.4TB in email metadata exposed. Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws. Yubico is replacing for free YubiKey FIPS devices due to security weakness. Kindle Edition. Paper Copy. Once again thank you!

Security

Security Metadata Libraries Data breaches

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Webinars

Trending Sources

Crooks hide e-skimmer code in favicon EXIF Metadata

Webinars

What is Metadata and Why is it Important?

DeepSeek database exposed highly sensitive information

Shanghai Jiao Tong University data leak – 8.4TB in email metadata exposed

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Unsecured Database Leaves 8.4 TB of Email Metadata Exposed

How to Build a Metadata Plan in Five Steps

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Active metadata for your business value

Leveraging Metadata for Enhanced Information Governance

Magecart Card Skimmer Hidden in Image's EXIF Metadata

Security Affairs newsletter Round 270

Two flaws in Apache SuperSet allow to remotely hack servers

MongoDB investigates a cyberattack, customer data exposed

Cisco addressed Webex flaws used to compromise German government meetings

Metadata Left in Security Agency PDFs

On Cell Phone Metadata

Law Enforcement Access to Chat Data and Metadata

SoReL-20M Sophos & ReversingLabs release 10 million disarmed samples for malware study

Multiple vulnerabilities affect the Juniper Junos OS

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

Android Pie introduces important security and privacy enhancements

50% of internet-facing GitLab installations are still affected by a RCE flaw

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Digitizing Records: Understanding Metadata Requirements

NUVOLA: the new Cloud Security tool

NSA buys internet browsing records from data brokers without a warrant

Poland institutions and individuals targeted by an unprecedented series of cyber attacks

FBI training document shows lawful access to multiple encrypted messaging apps

Western Digital addressed a critical bug in My Cloud OS 5

Why Your VPN May Not Be As Secure As It Claims

GitHub addressed a critical vulnerability in Enterprise Server

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Chinese Hackers Play Operator With Global Telcos

Poland: The leader of the PiS party blames Russia for the recent attack

Microsoft publicly discloses details on critical ChromeOS flaw

WordPress version 5.0.1 addressed several vulnerabilities

Security Affairs newsletter Round 218 – News of the week

Stay Connected