Israeli mobile forensics firm Cellebrite has announced that it has suffered a data breach Attack.Databreach following an unauthorized access to an external web server . “ The impacted server included a legacy database backup of my.Cellebrite , the company ’ s end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , ” the company stated , and added that it is still investigating the attack . They are also notifying affected customers , and advising them to change their passwords . The confirmation comes a few hours after Motherboard released Attack.Databreach general information about 900 GB of data that they obtained Attack.Databreach and has supposedly been stolen Attack.Databreach from the firm . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company ’ s my.cellebrite domain , ” the publication noted . “ The dump Attack.Databreach also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices ” . The hacker that shared the data with the publication and is apparently behind the breach also noted that access to the compromised servers has been traded among hackers in IRC chat rooms , so it ’ s possible that other persons have exfiltrated Attack.Databreach potentially sensitive data . “ The Cellebrite breach Attack.Databreach shows that anyone can be hacked , even firms whose bread and butter is data exfiltration Attack.Databreach . And Cellebrite isn ’ t the first organization of this type to be targeted – Hacking Team and Gamma International have both experienced similar attacks by groups opposed to government surveillance , ” Tony Gauda , CEO of ThinAir , commented for Help Net Security . “ While the 900 GB of data hasn ’ t been released publicly , it ’ s safe to assume that the information is highly sensitive . Besides customer information , the hackers managed to retrieve Attack.Databreach technical data , which could have serious repercussions if it were to fall into the wrong hands . Incidents such as this are the cyber equivalent of robbing a gun store , and I wouldn ’ t be surprised if the proprietary info stolen Attack.Databreach eventually made its way online . Demand for advanced hacking tools and techniques has never been higher and until these firms start securing their digital arsenals with technology capable of rendering data useless when it ’ s compromised , they will continue to find themselves in the crosshairs of hackers ” . Cellebrite ’ s name has become widely known after reports that the company has been asked for help to exfiltrate data Attack.Databreach from the locked iPhone belonging to Syed Farook , one of the San Bernardino shooters

Researchers from the University of Negvu have developed a way in which hackers can extract Attack.Databreach data from a victim ’ s computer using the LED lights displayed on their router . They can do so using a malware named xLED , as reported by JPost . The Cyber Security Research Center at the Ben-Gurion University of the Negvu which is located in Israel have come up with a way to hack into a user ’ s computer and steal Attack.Databreach vital data in the form of LED lights that are displayed on a router . Essentially , the operation would require a specially crafted malware named xLED which will need to be installed on a router in order to hack a victim . That is , the router needs to have a security flaw so as to allow the hacker to install the malware in the first place . It can also be possible if a flawed firmware has been installed in the router , thus making it easier for the attacker to break through the device . Once the malware is installed , the data can be exfiltrated Attack.Databreach in the binary form represented by the blinking of lights . Hence , when the light is off , it will represent a zero while when it is on , it will represent a one . A video recording device can be used to capture the blinking pattern and utilized to steal Attack.Databreach vital information that is being transmitted through the router . The device can be anything from a recording drone to a CCTV camera . As long as the camera captures the blinking lights , the data being transmitted can be easily stolen Attack.Databreach . The researchers indicated that since the rate of exfiltration Attack.Databreach of data depends upon the number of LEDs being present on a router , it goes without saying that the more number of LEDs on a router , the more amount of data can be exfiltrated Attack.Databreach at any one time . Furthermore , the researchers tested various video-recording setups to see which is the most efficient and found out that the method involving Optical Sensors was the best . This is because it received data at a higher rate and was able to sample the LED lights more quickly than any other methods . Primarily , a data exfiltration Attack.Databreach rate of 1000 bit/sec per LED was achieved using Optical Sensors . Although the researchers indicated that the method is the most effective one to steal Attack.Databreach a large amount of data , they , however , stated that since the method involves installing malware on a router , a number of other techniques can be used to extract Attack.Databreach data anyway . This is because once the malware is already on the router , there are other ways in which attackers can directly intercept Attack.Databreach the data being transmitted without the need of any video recording devices .

Lost evidence includes all body camera video , some in-car video , some in-house surveillance video , some photographs , and all Microsoft Office documents . Data from that period backed up on DVDs and CDs remained intact . While archived data has its importance , more worrying is that the department lost data from ongoing investigations . In an interview with WFAA , who broke the story , Stephen Barlag , Cockrell Hill 's police chief , said that none of the lost data was critical . The department also notified the Dallas County District Attorney 's office of the incident . The department says the infection was discovered on December 12 , last year , and the crooks asked for Attack.Ransom a $ 4,000 ransom fee Attack.Ransom to unlock the files . After consulting with the FBI 's cyber-crime unit , the department decided to wipe their data server and reinstall everything . Data could not be recovered from backups , as the backup procedure kicked in shortly after the ransomware took root , and backed up copies of the encrypted files . According to the department 's press release , the Cockrell Hill police IT staff said they were infected with the OSIRIS ransomware . It 's quite possible that the department 's server was infected with the Locky ransomware , which a few days prior had come out with a new version that appended the `` .osiris '' extension at the end of encrypted files . The press release says the infection took place after an officer opened a spam message from a cloned ( spoofed ) email address imitating Attack.Phishing a department issued email address . The infection did not spread to other computers because the server was taken offline and disconnected from the local network as soon as staff discovered the ransom demand Attack.Ransom . The department also said there was no evidence of data exfiltration Attack.Databreach to a remote server .

Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers . It 's not clear what the malware 's end goal is , but in at least one case it was used to exfiltrate Attack.Databreach data from a bank 's computer to an external server . The nature of the stolen information could not be immediately determined because it was encrypted , Polish IT news blog Zaufana Trzecia Strona reported Friday . After the malware program is downloaded and executed on a computer , it connects to remote servers and can be used to perform network reconnaissance , lateral movement and data exfiltration Attack.Databreach , the BadCyber researchers said in a blog post . The malware is similar to other crimeware tools , but has not been documented before .