Malicious JavaScript in image metadata used to steal data; then, images are used again to exfiltrate data:

– Malware uses Exif metadata to inject JavaScript that steals data.
– Afterward, the data is exfiltrated as an image via GET/POST to another server.
– As a server admin, frequently update the server software, and monitor file integrity + network traffic. Moreover, set a strict Content Security Policy.

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community