The Anatomy of Public Corruption

Showing posts with label Data Breach. Show all posts
Showing posts with label Data Breach. Show all posts

The Nashville Bombing and the AT&T Central connections to Nuclear Plants

Just a teaser - yes it's true
Share:

The Equifax Data Breach - The Cheap Visa Trojan Horse

Equifax Inc. has filed 459 labor condition applications for H1B visa and 25 labor certifications for green card from fiscal year 2017 to 2019. Equifax was ranked 500 among all visa sponsors. Please note that 6 LCA for H1B Visa and 0 LC for green card have been denied or withdrawn during the same period.
Contact(edit)NameJob TitlePhoneEmail
LCA for H1B VisaMarianne PettyHr Consultant770-405- xxxxxxxx @equifax.com
LC for Green CardMarianne Petty-770-740- xxxxxxxx @equifax.com
sign in to view all contacts
H1B VisaSalaryCertifiedCertified-Withdrawn(?)DeniedWithdrawn
2019$111,405140110
2018$104,000186850
2017$99,078116200
Green CardSalaryCertifiedCertified-ExpiredDeniedWithdrawn
2019-0000
2018$105,5491100
2017$112,71817600
Willful Violator:No  (?)H1B Dependent:No  (?)
Economic Sector:Other Economic Sector
NAICS Industry:Other Information Services

Visa Job Locations:Alpharetta,GA(273)Atlanta,GA(86)St. Louis,MO(57)Palo Alto,CA(8)Auburn,AL(5),
H1B Visa Jobs:Application Developer - Career(38)Software Engineer, Prod Dev - Career(34)Software Engineer, Prod Dev - Intermediate(25)Application Developer - Intermediate(24)Application Developer - Entry(10);
Green Card Jobs:Software Developers, Applications(8)Statisticians(6)Computer Systems Analysts(4)Computer Occuptions, All Other(2)Network and Computer Systems Administrators(2);
H1B Occupations:Software Developers, Applications(213)Computer Occupations, All Other(63)Software Developers, Systems Software(48)Statisticians(41)Computer Systems Analysts(29);
Green Card Occupations:Software Developers, Applications(15)Statisticians(9)Computer Systems Analysts(7)Computer and Information Systems Managers(3)Computer Occupations, All Other(2);

Profiles of forein workers who applied for green card under PERM:
Citizenship:India(1)
Class of Admission:H-1B(1)
Education:Bachelor's(1)
College:University Of Allahabad,India(1)
Major:Engineering(1)


Note: Before Equifax Inc. can hire foreign workers permanently or temporarily, it must file labor certifications with the Department of Labor(DOL), demonstrating that it is paying the required wage for the positions in the geographic region where the jobs are located. Above table reports Labor Condition Application(LCA) for H1B visa and Labor Certification(LC) for green card filed by Equifax Inc.. The data only indicates the number of applications filed by Equifax Inc.. It does not mean that Equifax Inc. actually got the visa and hired the workers.

Our LCA data includes LCA submitted for not only new employment, but also continuation or change in previously approved employment, new concurrent employment, change in employer and amended petition. Usually, only LCA for new employment needs H1B Visa quota if it is not cap-exempt.

Equifax Inc. has applied for 626 LC and LCA from fiscal year 2017 to 2019. But this does not mean they really hired 626 foreign workers during this period. The visa applications might have been denied. When an employee renews or transfers his H1B visa or change work location under some circumstances, he will also file a new LCA application.

Department of Labor(DOL) typically certifies more than 3 times the number of foreign work requests than the number of H1B visas issued by USCIS. So there is no one to one relationship between the number of workers certified by the DOL and the number of H1B work visas issued by the United States Citizenship and Immigration Services (USCIS).

Share:

17 CFR § 248.30 - Procedures to safeguard customer records and information; disposal of consumer report information.

EDIT

The 2011 PG&E Data Breach from the PG&E Microsoft Sharepoint Server

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoNyRynomd4CrjLLq55Lfqd13233PDWjwJ3l5eYJtZpgHMhGIFGqZ1aGVRv4G4_KMCjwyyL3DoKtwix98G5aZHwm14zwFPgqtrToNj0nchKI1w1HiqceqNs3IIF3-7b9kleToScW8w8q8sxJ0/s1600/20110707-PGE-Terrorism-Stolen-Maps.PNG"

17 CFR § 248.30 - Procedures to safeguard customer records and information; disposal of consumer report information.

prev | next
§ 248.30 Procedures to safeguard customer records and information; disposal of consumer report information.
(a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to:
(1) Insure the security and confidentiality of customer records and information;
(2) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
(3) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.
(b) Disposal of consumer report information and records -
(1) Definitions (i) Consumer report has the same meaning as in section 603(d) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)).
(ii) Consumer report information means any record about an individual, whether in paper, electronic or other form, that is a consumer report or is derived from a consumer report. Consumer report information also means a compilation of such records. Consumer report information does not include information that does not identify individuals, such as aggregate information or blind data.
(iii) Disposal means:
(A) The discarding or abandonment of consumer report information; or
(B) The sale, donation, or transfer of any medium, including computer equipment, on which consumer report information is stored.
(iv) Notice-registered broker-dealers means a broker or dealer registered by notice with the Commission under section 15(b)(11) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)).
(v) Transfer agent has the same meaning as in section 3(a)(25) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(25)).
(2) Proper disposal requirements -
(i) Standard. Every broker and dealer other than notice-registered broker-dealers, every investment company, and every investment adviser and transfer agent registered with the Commission, that maintains or otherwise possesses consumer report information for a business purpose must properly dispose of the information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
(ii) Relation to other laws. Nothing in this section shall be construed:
(A) To require any broker, dealer, or investment company, or any investment adviser or transfer agent registered with the Commission to maintain or destroy any record pertaining to an individual that is not imposed under other law; or
(B) To alter or affect any requirement imposed under any other provision of law to maintain or destroy any of those records.
[65 FR 40362, June 29, 2000, as amended at 69 FR 71329, Dec. 8, 2004]
Share:

Energy Terrorism - Millions at risk via Stolen PG&E Maps

Energy Terrorism - Millions at risk via Stolen PG&E Maps

Enough documents stolen from Pete Bennett's laptop is likely in the hands of Terrorist
During a July 2011 excursion to Hillside Covenant Church Pete Bennett, his son Chase Bennett was stopped by CHP Officer Peck Lancaster/Lilac Drive just under the the 680 overpass located in Walnut Creek CA.

Unknown to Bennett was a warrant for his arrest had been issued in regards to his unpaid Child Support.  Unknown to Bennett was the connections between Hillside and former Safeway CEO Steve Burd who was a longtime member of Hillside Covenant Church. 

THE STOLEN PG&E Documents 

The below maps entrusted to Bennett as part of the his contract with PG&E were stored in his car when he arrested.  Church member Bob Britz and Keith Lynds came down from the church and Bennett thinking he could trust his new Church friends handed over his son, car and computers as he was heading to jail.

Unfortunately his son witnessed the arrest of his father.  That was last time he saw his son but later discovered that church members began a campaign of disruption, tactical harassment linked to District Attorney Mark Peterson, his brother Michael Peterson and his connections to Officer Stephen Tanabe recently arrested by the FBI.

This map will be the basis for arguing that the thousands of documents stored on Bennett's laptop match nearly every fire, sniper attacks, wildfire in PG&E Territory are the basis that a full blown terrorism campaign directed at PG&E is now connected to the debtor in possession financing connected to the private equity firms now choking up billions for the prize of the century.

One clear observation is PG&E has a target on their back.  When clear message for Bennett his life has been at risk ever since he was connected to the 9/11 computer virus called NIMDA 
Share:

Apologize to Pete Bennett? PG&E CEO apologizes for faulty website, fancy dinner, basically everything else

PG&E CEO apologizes for faulty website, fancy dinner, basically everything else


Pete Bennett former PG&E Programmer provided services related to the San Bruno Explosion, HydroTesting and software development.  

After the power went off for 800,000 Pacific Gas & Electric customers this week, the utility's CEO had a lot to apologize for.
During a press conference Thursday evening, CEO Bill Johnson took a conciliatory tone and expressed regret for the way the company's public safety power shutoff (PSPS) unfolded. PG&E proactively cut power to 800,000 customers (or an estimated 2.4 million people with the understanding that each customer represents about three residents on average) in an attempt to avoid the spread of wildfires during high winds.
"As a result of this, millions of people have been without a fundamental service they expect and deserve," said Johnson. "This is not how we want to serve you and not how we want to run our business."
Johnson went on to explain the decision was ultimately made with public safety in mind, though Gov. Gavin Newsom said Thursday that framing doesn't tell the whole story. He blamed years of "greed and neglect" at PG&E for putting Californians in this situation.
"It's decisions that were not made that have led to this moment in PG&E's history — it is not conditions," said Newsom during a press conference. "This is not, from my perspective, a climate change story so much as a story of greed and neglect."
Johnson's annual base salary is $2.5 million, as reported by the Sacramento Bee, and that's without counting shares in the company.
The CEO conceded PG&E "will very likely have to make this kind of decision again in the future," but admitted there is a lot the company could do better. He promised PG&E would work to communicate essential information sooner and more clearly.
Johnson apologized for a PG&E website that showed "inconsistent" and at time "incorrect" information. The website continually crashed due to a high volume of visitors.
He also promised workers were working to restore power as soon as possible. As of mid-day Thursday, 42,000 Bay Area customers were still without power — and more statewide. Johnson asked the public not to take out their frustrations on PG&E workers, who he said had been shot at, punched and cursed out in recent days.
"I do apologize for the hardship this has caused but I think we made the right call on safety," Johnson said.
Aside from his apologies at the public press conference, Johnson also found himself apologizing during an interview with The Chronicle Thursday. The paper revealed about a dozen of the company's employees on the natural gas side of the business were wining and dining with top customers at a Sonoma County vineyard just days before the massive statewide outages.
“I want to apologize to every one of our customers,” Johnson told The Chronicle. “Insensitive, inappropriate, tone deaf are the terms I would use to describe this.”
Share:

PG&E Data Breach

Coming Soon the Article that will scare the s*** out of you

Take out the right line segments will plunge the entire state into chaos
Share:

The Terrorism Files

Connecting Success Factors to Bennett

The Dubious Phone Call and Time Wasting Project
The folks at TPG will have to answer to my Whistleblower Complaints on the truly odd collection of RFPs emanating from companies connected to Richard Blum, William McGlashan, CBRE, Regency Centers, Trammel Crow, Lennar, Catellus.

My story is about witness murders, private equity, mergers and acquisitions linked back to the Matter of Bennett v. Southern Pacific lost in 1989.  It was a winnable case as long the witnesses testified.  
RESERVED3
RESERVED9
RESERVED12
Share:

Contra Costa County Suicide Conundrum



Contra Costa County Suicide Conundrum

Just how many suicides are there?

Via personal observation there were too many suicides, too many bodies in local creeks, too many victims along with a slew of dubious offical conclusions by Pete Bennett.
Pete Bennett was enduring being evicted after he was nearly beaten to death by Danville Building Inspector Gary Vinson Collins

Dead Witnesses 

During Bennett v. Southern Pacific Contra Costa Superior Court (1987) the above FBI agent arrived at Mainframe Designs Cabinets and Fixtures.

The Driscoll Murders and Kinder Morgan

For over ten years the connection between Pete Bennett, Kinder Morgan and the Contra Costa District Attorney was a well kept secret.   During August 2004 Pete Bennett was under attack, his truck explodes into a ball of fire NB 680, then he's attacked, ticketed and the day of the deadly Kinder Morgan explosion he's in court just north the explosion.  
Bennett appears in front of Contra Costa Superior Court Judge Joel Golub.
View details »

The 1993 World Trade Center Bombing

Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui. View details »
Share:

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Direct-to-memory attacks now account for 57 per cent of hacks, apparently

powershell
A company's internal network, once compromised, is now more likely to be ransacked by automated scripts than a piece of malware.
This according to researchers with IBM's X-Force, who found that in 2018 just 43 per cent of the attacks it analyzed utilized any sort of locally installed files. Rather, the hackers utilized PowerShell scripts to execute their dirty deeds in memory without significantly touching file systems, if at all.
This finding is important because it is another reminder that admins can no longer solely rely on specific file signatures or similar as evidence of a cyber-intrusion. As with local malware infections, the attacker first needs to get the ability to run malicious commands. What differs is the next step, as the miscreant does not direct the infected Windows machine to download, save, and execute a trojan payload.
Rather, the attack runs entirely as commands using PowerShell, where Microsoft's powerful scripting language can be used to do anything from harvest and steal passwords to mine cryptocurrency.
"PowerShell is useful in data collection and analysis, but it is also favored by malicious actors who use it to forego the file system and inject malicious code directly into memory, thus enhancing obfuscation, and often evading security controls designed to detect malware deployments," the IBM report reads.
Failure

Windows 10 security question: How do miscreants use these for post-hack persistence?

READ MORE
"Threat actors of all skill levels have expanded their capabilities using PowerShell over the last few years. IBM X-Force IRIS has seen cases wherein complete malicious toolkits were contained within PowerShell scripts."
In some cases, crooks wouldn't even need to run a super-leet exploit to steal corporate data. The X-Force report notes that misconfiguration incidents – instances where databases and storage buckets were left exposed to the public-facing internet – were also up 20 per cent from last year and accounted for 43 per cent of all of the exposed records X-Force tracked last year.
In addition to the exposed files and records themselves, misconfigurations could also indirectly lead to other attacks when things like passwords and email addresses are involved and used to login to other accounts on other services to carry out further mischief.
Finally, the report found, the tried and true social engineering attack remains as effective as it has ever been.
Last year, IBM found that 29 per cent of the attacks it analyzed were phishing attacks, and 45 per cent of those were targeted attacks on specific employees, something X-Force terms the business email compromise.
"When it comes to the most lucrative types of social engineering scams, BEC has been a growing tide for several years spanning all industries and geographies," notes X-Force.
It seems that, despite the various methods for sophisticated attacks, a bogus "CEO" email demanding a wire transfer is still a foolproof way to con a company out of cash. ®
Share:

Justice Department Files Antitrust Lawsuit to Block AT&T’s Acquisition of T-Mobile




JUSTICE NEWS








Department of Justice
Office of Public Affairs

FOR IMMEDIATE RELEASE
Wednesday, August 31, 2011

Justice Department Files Antitrust Lawsuit to Block AT&T’s Acquisition of T-Mobile

Transaction Would Reduce Competition in Mobile Wireless Telecommunications Services, Resulting in Higher Prices, Poorer Quality Services, Fewer Choices and Fewer Innovative Products for Millions of American Consumers

WASHINGTON – The Department of Justice today filed a civil antitrust lawsuit to block AT&T Inc.’s proposed acquisition of T-Mobile USA Inc. The department said that the proposed $39 billion transaction would substantially lessen competition for mobile wireless telecommunications services across the United States, resulting in higher prices, poorer quality services, fewer choices and fewer innovative products for the millions of American consumers who rely on mobile wireless services in their everyday lives.
 The department’s lawsuit, filed in U.S. District Court for the District of Columbia, seeks to prevent AT&T from acquiring T-Mobile from Deutsche Telekom AG.
“The combination of AT&T and T-Mobile would result in tens of millions of consumers all across the United States facing higher prices, fewer choices and lower quality products for mobile wireless services,” said Deputy Attorney General James M. Cole. “Consumers across the country, including those in rural areas and those with lower incomes, benefit from competition among the nation’s wireless carriers, particularly the four remaining national carriers. This lawsuit seeks to ensure that everyone can continue to receive the benefits of that competition.”
“T-Mobile has been an important source of competition among the national carriers, including through innovation and quality enhancements such as the roll-out of the first nationwide high-speed data network,” said Sharis A. Pozen, Acting Assistant Attorney General in charge of the Department of Justice’s Antitrust Division. “Unless this merger is blocked, competition and innovation will be reduced, and consumers will suffer.”
Mobile wireless telecommunications services play a critical role in the way Americans live and work, with more than 300 million feature phones, smart phones, data cards, tablets and other mobile wireless devices in service today. Four nationwide providers of these services – AT&T, T-Mobile, Sprint and Verizon – account for more than 90 percent of mobile wireless connections. The proposed acquisition would combine two of those four, eliminating from the market T-Mobile, a firm that historically has been a value provider, offering particularly aggressive pricing.
According to the complaint, AT&T and T-Mobile compete head to head nationwide, including in 97 of the nation’s largest 100 cellular marketing areas. They also compete nationwide to attract business and government customers. AT&T’s acquisition of T-Mobile would eliminate a company that has been a disruptive force through low pricing and innovation by competing aggressively in the mobile wireless telecommunications services marketplace.
The complaint cites a T-Mobile document in which T-Mobile explains that it has been responsible for a number of significant “firsts” in the U.S. mobile wireless industry, including the first handset using the Android operating system, Blackberry wireless email, the Sidekick, national Wi-Fi “hotspot” access, and a variety of unlimited service plans. T-Mobile was also the first company to roll out a nationwide high-speed data network based on advanced HSPA+ (High-Speed Packet Access) technology. The complaint states that by January 2011, an AT&T employee was observing that “[T-Mobile] was first to have HSPA+ devices in their portfolio…we added them in reaction to potential loss of speed claims.”
The complaint details other ways that AT&T felt competitive pressure from T-Mobile. The complaint quotes T-Mobile documents describing the company’s important role in the market:
  • T-Mobile sees itself as “the No. 1 value challenger of the established big guys in the market and as well positioned in a consolidated 4-player national market”; and
  • T-Mobile’s strategy is to “attack incumbents and find innovative ways to overcome scale disadvantages. [T-Mobile] will be faster, more agile, and scrappy, with diligence on decisions and costs both big and small. Our approach to market will not be conventional, and we will push to the boundaries where possible. . . . [T-Mobile] will champion the customer and break down industry barriers with innovations. . . .”
The complaint also states that regional providers face significant competitive limitations, largely stemming from their lack of national networks, and are therefore limited in their ability to compete with the four national carriers. And, the department said that any potential entry from a new mobile wireless telecommunications services provider would be unable to offset the transaction’s anticompetitive effects because it would be difficult, time-consuming and expensive, requiring spectrum licenses and the construction of a network.
The department said that it gave serious consideration to the efficiencies that the merging parties claim would result from the transaction. The department concluded AT&T had not demonstrated that the proposed transaction promised any efficiencies that would be sufficient to outweigh the transaction’s substantial adverse impact on competition and consumers. Moreover, the department said that AT&T could obtain substantially the same network enhancements that it claims will come from the transaction if it simply invested in its own network without eliminating a close competitor.
AT&T is a Delaware corporation headquartered in Dallas. AT&T is one of the world’s largest providers of communications services, and is the second largest mobile wireless telecommunications services provider in the United States as measured by subscribers. It serves approximately 98.6 million connections to wireless devices. In 2010, AT&T earned mobile wireless telecommunications services revenues of $53.5 billion, and its total revenues were in excess of $124 billion.
T-Mobile, is a Delaware corporation headquartered in Bellevue, Wash. T-Mobile is the fourth-largest mobile wireless telecommunications services provider in the United States as measured by subscribers, and serves approximately 33.6 million wireless connections to wireless devices. In 2010, T-Mobile earned mobile wireless telecommunications services revenues of $18.7 billion. T-Mobile is a wholly-owned subsidiary of Deutsche Telekom AG.
Deutsche Telekom AG is a German corporation headquartered in Bonn, Germany. It is the largest telecommunications operator in Europe with wireline and wireless interests in numerous countries and total annual revenues in 2010 of €62.4 billion.

Component(s): 
Press Release Number: 
11-1118

Share:

GE, ABN AMRO, AIG, Nationwide, Nordstrom, Bank of America, Barclays, ING, UBS

A good example of how the industry crisscrosses and overlaps to investors, banking, real estate, retail where today it's Enterprize this, that or outsource this and that get a new career jack but give us your sons and daughters for our next adventure.  

On the Web:
http://www.Backbase.com/
Backbase is the maker of Backbase CXP, the award-winning customer experience platform that helps enterprises create omni-channel, customer-centric digital experiences. Backbase CXP deploys a new, omni-channel presentation layer over underlying infrastructure and IT systems, allowing enterprises to deliver personal, relevant experiences to customers on every device, in any context. Backbase CXP gives enterprises the tools and functionality they need to transform their tired online and mobile channels into engaging customer experiences, holistically managed from a single platform.
Industry analysts Gartner, Forrester and Ovum recognize Backbase as a leader in terms of customer experience, mobile and omni-channel focus, innovation and time-to-value. Unlike most traditional IT portal vendors, Backbase has created a modern, business-driven solution that makes CXP management easy for digital professionals. This means lower costs, and more flexibility for optimizing all online channels without the need for IT support. Backbase CXP’s lean, widget-based architecture provides the flexibility and agility enterprises need to create modern experiences that truly empower business owners and customers.
The unique Backbase approach enables enterprises to drive self-service, fuel online revenues and turn their online channel into a full-service customer experience platform. Global organizations such as GE, ABN AMRO, AIG, Nationwide, Nordstrom, KPN, Bank of America, Barclays, ING, UBS and Visa have improved their online customer interactions and maximized online customer experience, retention and conversion, by leveraging Backbase’s technology.
Learn more about this comprehensive solution for relationship banking in Provide Unparallelled Bank Customer Experiences....Everyday
(PDF)
Share:

Pre-installed Backdoor On 700 Blu Phones sold at Amazon, Frys, Target and

Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China

Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China
Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours.

You heard that right. Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours.

Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.

First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide.

Infected Android Smartphone WorldWide


Moreover, it is worth noting that AdUps provides its software to much larger handset manufacturers, such as ZTE and Huawei, which sell their Android phones worldwide, across over 150 countries and regions.

Besides sniffing SMS message content, contact lists, call logs, location data and other personal user information and automatically sending them to AdUps every 72 hours, AdUps' software also has the capability to remotely install and update applications on a smartphone.

The secret backdoor is said to be there intentionally and not accidently or due to a security flaw, although, according to the US authorities, at the moment it is unclear whether the data is being collected for advertising purposes or government surveillance.

Kryptowire says the company discovered the secret backdoor on the BLU R1 HD device sold by Florida-based smartphone manufacturer BLU Products, which sells its devices in the U.S., and some other countries from South America, online through Amazon and Best Buy.

Massive Amount of Users' Data Sent to Chinese Servers


Based on the received commands, the security firm found the software executing multiple operations, detailed below:

  • Collect and Send SMS texts to AdUps' server every 72 hours.
  • Collect and Send call logs to AdUps' server every 72 hours.
  • Collect and Send user personally identifiable information (PII) to AdUps' server every 24 hours.
  • Collect and Send the smartphone's IMSI and IMEI identifiers.
  • Collect and Send geolocation information.
  • Collect and Send a list of apps installed on the user's device.
  • Download and Install apps without the user's consent or knowledge.
  • Update or Remove apps.
  • Update the phone's firmware and Re-program the device.
  • Execute remote commands with elevated privileges on the user's device.


No, Users Can't Disable or Remove the Backdoor


The backdoor has been discovered in two system applications – com.adups.fota.sysoper and com.adups.fota – neither of which can be disabled or removed by the user.

On contacting, BLU Products confirmed that approximately 120,000 of its smartphones have the AdUps' software installed, which is being removed from its devices.

"BLU Products has identified and has quickly removed a recent security issue caused by a third-party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices," the company said in a statement. 
"Our customer's privacy and security are of the upmost (sic) importance and priority. The affected application has since been self-updated, and the functionality verified to be no longer collecting or sending this information."

Besides BLU Products, Kryptowire immediately notified Google, AdUps, as well as Amazon, which is the exclusive retailer of the BLU R1 HD, of its findings.

Google also issued a statement saying that the company is working with all affected parties to patch the issue, though the tech giant said that it doesn't know how widely AdUps distributed its software.

However, According to AdUps, its software featured on the smartphone tested by the security firm was not intended to be included on smartphones in the United States market and was just designed to help Chinese phone manufacturers to monitor user behavior.

Update: A spokesperson for ZTE USA provided The Hacker News an official statement from the company, which reads:
"We confirm that no ZTE devices in the U.S. have ever had the AdUps software cited in recent news reports installed on them, and will not.  ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected."
Share:

Anchor links for post titles

Popular Posts

Blog Archive

Labels

Recent Posts

Popular Posts

Labels

Recent Posts

Pages

Labels

Blog Archive

Recent Posts