Digital Forensics Company Cellebrite Targeted by Hackers

This week we hear about how Digital Forensics Company Cellebrite Targeted by Hackers and Jenkins Remote Code Vulnerability.

Breach

Digital Forensics Company Cellebrite Targeted by Hackers

The mobile forensics solutions company Cellebrite was breached by computer hackers and sensitive company data has been disclosed to technology journalists. The obtained data totals 900 GB in size and contains customer information, various databases and detailed technical information about the company's products.

Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system. Cellebrite is in the process of notifying affected customers and working with relevant authorities.

References: Hacker Steals 900 GB of Cellebrite Data | Digital Forensics Company Cellebrite Targeted By Hackers | Cellebrite Data Hacked Disclosed 

 

 

Mitigation Strategies:

Malware

Jenkins Remote Code Vulnerability

Jenkins, an unauthenticated remote code execution vulnerability allows attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. 

References:  Jenkins Security Advisory | Jenkins Security Advisory 2016 | Exploit for CVE-2016-9299 (Jenkins CLI Ldap Deser)

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity
  • Web application firewall management and advanced anomaly detection. 

This Week's Suspicious IP Addresses

218.65.30.61 153.99.182.14
112.85.42.106 153.99.182.3
182.100.67.120 118.170.130.207

*IP addresses provided by Recorded Future.