France's intelligence chief seeks to recruit technology geeks to the countries' spy agency

France’s directorate-general for external security (DGSE), the country’s equivalent of the US Central Intelligence Agency and UK MI6, is seeking to recruit geeks rather than James Bond, its technical director Patrick Pailloux has said.
In a rare public intervention, Pailloux told Agence France-Presse he believed there was a danger many tech-savvy young French citizens didn’t consider themselves suitable spies given stereotypes of the country’s intelligence services, such as those popularised by smash-hit TV drama Le Bureau des Legendes (known as Le Bureau outside France).
“We need people who are very connected to new technologies – thus young people. We have to bring them into the DGSE, it’s essential. [Young people] have James Bond and the special forces in their heads. They think, 'I am not Rambo, I am a geek’, and it doesn’t occur to them to enter the DGSE. But it’s not only supermen who are supercharged. If you are supercharged in science then you can also serve your country. Cybersecurity is the alpha and omega of global security in the world we live in. If we’re not able to make our systems safe then all other security is useless,” he said.
Matthieu Lequesne of the National Research Institute for Digital Science and Technology (INRIA), and one of the co-organisers of the competition, said “behind the maths, logic, computer science, the stakes are political”.
“If we want to take advantage of artificial intelligence, for big data to work it has to deal with tonnes of data that belong to individuals,” he said. “And we have to make sure that the platforms that handle this data don’t learn anything about us. So the way to respond is good cryptography,” he explained.
Digitally savvy is likely to be even more crucial in the changed, post-coronavirus world in which communication would be increasingly virtual, and less ‘in-person’. However, DGSE has more generally failed to attract high quality applicants in recent years - in May, it was announced a large recruitment drive intended to grow the agency’s size to 8,500 by 2022 had foundered as the quality of respondents was abysmal, with cndidates’ grasp of geopolitics and espionage alike said to be “markedly limited”, spelling and grammatical errors rampant, and “critical shortcomings” identified in a vast number of areas - some candidates even appeared for interviews severely under-prepared, their level of knowledge “unacceptable for someone wishing to join the ranks of the DGSE”.

The new phishing scam redirects users multiple times and also uses CAPTCHA before stealing credentials.

Since the advent of phishing in itself, different types of scams have existed ranging from one-fits-all emails to targeted spearphishing campaigns. One such type happens to fall into the category of subpoena themed emails in which the attacker claiming to be an authority, tries to convince the victim into falling for their trap.
These although not so common have occurred from time to time. An
example is of November last year when malicious actors targeted users posing as the UK’s Ministry of Justice and tried to infect them with a malware named “Predator the Thief .
Similarly, just a couple of days ago, Armorblox – an email protection company – has released a report on how this time threat actors are sending fake emails purportedly from the UK’s supreme court.
Here is a screenshot of the phishing email:
Image: Armorblox

To make sure, it evades regular security filters, the attackers only send the email to specific users instead of bulk-messaging which ensures that it isn’t “caught in the bulk email filters of Exchange Online Protection (EOP).”
For the unacquainted, EOP is Microsoft’s own email protection service aimed towards removing malicious content from email messages & even filtering spam. Therefore, by employing this low quantity technique, the phishers are able to stay under the radar.
Coming to the emails themselves, they contain a “ zero-day link ” that redirects the user through a series of steps in a bid to increase the apparent legitimacy of the message. This first involves going through a typical captcha.
According to an in-depth blog post published Armorblox,

"The inclusion of CAPTCHA also makes it harder for security technologies relying just on URL redirection abilities to follow the URL to its final destination."

A few anomalies are present in the captcha here but nonetheless, no user really has the time to scrutinize them which lowers its detection rate. For example, the text above the captcha states, “Kindly verify you human” which being grammatically wrong would clearly not be the work of a Supreme court-based page.
Moreover, the researchers add by stating that the “master domain of the pages is ‘docketsender[.]com’ that, while not malicious, doesn’t seem like a legitimate domain.”
Then moving on, at the very end, a
Microsoft Office 365 page is presented which asks the user of their credentials. Located at an attacker owned domain name, invoicesendernow[.]com, it would be discernible to any user paying attention but again, quite a lot of times, users seldom care to double-check.
Here are the screenshots of the phishing scam:

How Armorblox detected this campaign was through a series of monitoring techniques which include analyzing the tone of email messages, the frequency of the email addresses’ communication in the past with the receiver, and if only specific users instead of the entire company were being emailed which would ring some spearphishing alarms.
To conclude, as a user to remain safe from such attacks, no rocket science is needed. A few simple precautions would suffice:
Carefully check the sender’s email address once you receive an email as the name can be easily impersonated as it was done in this case.
If it seems necessary to open a link contained within the email, check the domain names of the redirected pages carefully.
If you’re unsure about the legitimacy of a certain email, don’t take risks. It is better to consult an IT professional in your organization or perhaps an outside one.

Be careful with job applications over the internet! Indian job seekers data is being downloaded by threat actors worldwide.

The trove of Indian job seekers data is being downloaded by threat actors worldwide.
India has a huge job market and the same goes for those seeking jobs. Now, hackers have taken advantage of the opportunity and leaked a treasure trove of data belong to millions of Indian job seekers.
The data was identified by Cyble, a cyber threat intelligence company, and noted personal details of around 29 million job-seeking Indians from different states dumped on the dark web and hacker forms for anyone to download.
Screenshot of the leaked data (Image: Cyble)

The original leak, according to Cyble, appears to be from a resume (CV) aggregator service that collects data from different job portals in India.
In its official press release , Cyble stated that a threat actor has posted approximately 2.3 GB of data in a zipped file on a hacking forum operating on the dark web, and this particular file belongs to the resume aggregator service.
According to the company, the data contains sensitive data of Indian job seekers including personal details like educational qualification, email IDs, phone numbers, work experience, and home address, etc. Here are some of the screenshots acquired from the leaked data:

Threat actors playing around Indian data is nothing new. In October 2019, more than 1.3 million credit and debit cards were dumped online. The data almost entirely (98%) belonged to Indian banking customers while the rest of the data belongs to banks in Columbia.
In February 2020, hackers were offering more than 461,976 payment card records stolen from some of the largest banks in India. Each card was being sold for just $9.

As for the current story, the incident is developing news and an in-depth investigation of the matter is ongoing. This article will be updated with new information. 

Misconfigured Elasticsearch server leds to exposure of Facebook user's personal data

The leak came after a misconfigured Elasticsearch server exposed Facebook users’ data involved in a previous breach.
For the last few years I have been complaining about guarantee of the security of personal data of Ugandans/Africans using Facebook and other social media platforms, Facebook has been embroiled in a range of controversies ranging from the social network’s hegemony over the internet to scandals like that of Cambridge Analytica in 2018. Not to forget just a few weeks ago a hacker was found selling personal data of 267 million Facebook users .
To tackle these, the company claims to take certain measures but despite that, slips here and there have continued to occur.
The latest in this episode was reported by Safety Detectives whose research team headed by Anurag Sen discovered that the data of 12 million Facebook users based in Vietnam has been leaked.
According to the researchers, the data was found on an Elasticsearch server and includes records found in a previous breach of Vietnamese users in January 2020.
However, not all of it is from Facebook and multiple sources are believed to be at play. Further, the details of how the perpetrators managed to scrape such a large amount are not known yet.
Amounting to over 3GB, most of the data includes personally identifiable information (PII) with the following records:
Full name

1. Hometown location
2. Current location

Education detail
Birthdates

1. GPS coordinates
2. Email addresses
3. Facebook usernames and IDs
4. Profile scores
5. Facebook usernames and IDFamily relations with other Facebook users

Here is a preview of the leaked data shared by Safety Detectives:

In their blog post , Safety Detectives raised concerns on the data breach saying that,

"Facebook decided to lock down some of its API functions, including data scraping, in order to make this practice more difficult to conduct and blocked users from using its reverse search tool. […] Clearly, there are still data-scraping vulnerabilities that can be exploited, especially where there is a mismatch of security protocols being implemented by third-party websites and Facebook."

All of these can have significant repercussions such as the attackers
blackmailing the victims with personal details, conducting sophisticated phishing attacks aided by social engineering, spamming users with both marketing and malicious messages.
But, that’s not it, even physically endangering someone’s security through the GPS coordinates revealed if they represent enough interest to the attackers.
To conclude, for the time being, the server has been taken down. Currently, we believe that Facebook yet again needs to ramp up its pen-testing capabilities and do a review of the data it allows third parties to access even for legitimate purposes.
As users, we can limit the type of information we share with any website considering that everything is hackable. Moreover, we are yet to hear Facebook’s reaction to these latest revelations and will keep on updating you.

DRCGovernment reports South Sudan military incursions into Upper Uélé and Ituri

The Government of the Democratic Republic of the Congo took stock of the situation at the borders at the 32th meeting of the Council of Ministers chaired by the head of state Félix Antoine Tshisekedi tshilombo on 22 May 2020 by video conference ..
And in this respect, the national executive has reported South Sudan military incursions into the Ituri and Haut-Uélé provinces.
According to the record of the said council signed by the government spokesperson David-jolino Makelele, the services concerned were told to react "strongly" to these movements.
The Government of the Republic has also noted the continued evictions of Congolese from Angola via the city of Tshikapa in the province of Kasai.
With regard to militias at the border with Zambia (KALUBAMBA and KIBANGA), the Government has said that Congolese troops remain alert to deal with the threat in case negotiations under the aegis of the CFDC do not stop ..
The National Executive has also reported that the Southern African Development Community has finally accepted the setting up of an ad hoc committee on this.

When general maheshe of north Kivu surrendered to DRC gorvenment

Surrender of the leader of the  Armed group of Mr. MAHESHE with 120 of his militia men and 20 weapons thanks to the work of the  Provincial administration and the MONUSCO. No more rebel activities will he   operate on the Ngweshe-Walungu axis. The people of south kivu aspire to attaining peace and security. Calling on other rebellious groups to follow President Félix tshilombo's call.

116 new cases of covid-19 confirmed in the DRC (2141 total)

The of-19 pandemic that shakes the world continues to gain ground in the Democratic Republic of the Congo.
116 new cases have been confirmed, including 112 in Kinshasa and 4 in Haut-Katanga for the only day of 23 May 2020 according to the newsletter of the technical secretary of the multisectoral response committee.
Since the official statement of this pandemic in rd Congo on March 10th, 2141 cases have been confirmed, including 2140 confirmed and 1 likely.
In addition, the Technical Secretariat reports that 5 new people have been healed from the-19, bringing the total healings to 317

At least 5 dead in an alleged ADF rebel trap in Irumu

At least 5 civilians killed, a burned vehicle and property looted in a tense ambush on the evening of Friday, 22 May 2020 by alleged ADF rebels at Byane-Mufutabangi, a village located about 4 kilometers of Ndalya on National Route number 4, in the territory of Irumu, Ituri province.
According to John Mabelle president of the civil society of Ndalya who delivers the news to 7,. CD this Saturday, the attackers attacked the village around 17 p. m local time, in heavy rain and barricaded the road.
On the spot, they burned a car leaving Komanda (Ituri) for the city of Beni (North Kivu) before killing civilians.
A woman, alleged to have been captured by FARDC elements that intervened to limit the damage.
" We cannot leave the region to leave space for the enemy, we are determined to accompany the FARDC elements as long as peace returns here. We call on the government to strengthen the military force in the city ", said a civil society actor.
Just before this attack, rebels had just made an foray into the village of Eringeti in Kasana, North Kivu province, during the day in which A civilian was shot.

USA army Tests New High-Velocity Cannon on USS Zumwalt, World’s Largest Destroyer

After years of being defenseless, the US Navy’s futuristic USS Zumwalt destroyer has test-fired its new high-velocity gun off the California coast.
The US Pacific Fleet announced on Wednesday the Zumwalt had “successfully executed a ‘structural test fire’ of the Mark 46 MOD 2 Gun Weapon System,” a 30-millimeter high-velocity cannon derived from the Mark 42 Bushmaster gun used in the Bradley Infantry Fighting Vehicle. The system was also previously installed on the San Antonio-class amphibious landing dock, as well as the Littoral Combat Ship .
The test is part of a systematic shakedown of the ship’s systems designed to discover how firing and operating different systems affects the ship in terms of vibration, damage caused by operation or other hazards to the warship and its crew.
“The privilege of being a ‘first-in-class’ ship includes having the opportunity to systematically conduct testing across the breadth of systems installed onboard the ship,” Capt. Andrew Carlson, the Zumwalt’s commanding officer, said in the news release. “The real plus is conducting those tests, such as today’s live fire with the Mark 46 GWS, which provide tangible evidence of combat capability maturation.”
At nearly 16,000 tons of displacement, the USS Zumwalt is the world’s largest destroyer, outpacing the slightly smaller Type 055 destroyer Nanchang , built by the Chinese People’s Liberation Army Navy.
Although the Zumwalt was commissioned in 2016, only now has it gained working weapons. The warship was initially designed around a pair of massive 155-millimeter rapid-fire cannons that would have given it the firepower of 16 land-based howitzer guns. However, as the cost ballooned to extraordinary heights, the Zumwalt was reimagined and rebuilt as a standard guided missile destroyer. Sputnik reported in late March that the ship’s combat system would soon be installed.
“Today’s event is the first in a chapter of live fire test events over the next year that will prove the lethal capability that these ships will bring to the fight,” Lt. Cmdr. Tim Kubisak, Zumwalt test officer, Program Executive Office for Integrated Warfare Systems, said in the statement.

A new drug that has shown its effectiveness at combating COVID-19, which is being produced as a joint venture between the Russian Direct Investment Fund (RDIF) and the ChemRar Group, will be called Avifavir.

According to the organization, Avifavir is currently undergoing clinical trials and early results are promising. The RDIF stated that it is the first Russian antiviral drug that has shown its effectiveness in clinical trials.
"Avifavir shows better results compared to other drugs that are currently being tested in Russia and abroad. RDIF and ChemRar are cooperating with both leading medical institutions and state regulatory bodies. We look forward to receiving approval for the production of Avifavir in the near future," RDIF CEO Kirill Dmitriev said in the statement.
On Thursday, the Russian Ministry of Health gave the green light to begin trials of Avifavir on 330 patients who have tested positive for COVID-19, the RDIF stated.
In the first stage of trials , no side-effects were observed and the efficacy rate was over 80 percent.
The treatment, which was previously called favipiravir, disrupts the reproduction mechanisms of the coronavirus that causes COVID-19.