Wednesday, March 27, 2019


NOKIA 7 PLUS PHONES SENT PERSONAL INFORMATION TO China.Nokia 7 plus phones have been hidden sending personal information to China. Finland has started an investigation after
NRK’s ​​disclosure.
As per NRK’s reports, The end user’s phone number, GPS location, mobile phone IMEI number has sent to the Chinese server. Every time when Nokia 7 plus devices were powered on or Unlocked the information sent to the server. Moreover, the data packages were in an unencrypted format that is more horrify.
NRK investigated and found the server domain vnet.cn. Vnet.cn domain is own by China Internet Network Information Center( China Telecom).
Likely, that this is an application intended for the Chinese market but which has been accidentally distributed to Nokia 7 Plus phones outside China’s borders. HMD Global refused to make comment to NRK on the matter.
Further more, uncovered code on Github by non-other than Qualcomm.
The only other clue comes courtesy of security researcher Dirk Wetter, who claims the offending APK package sending this data to China is named “com.qualcomm.qti.autoregistration.apk.” He had also investigated the network traffic to his Nokia 7 Plus, and saw the same remarkable packages.

Tuesday, March 26, 2019

All people in East Africa who use mobile phones are at a risk of falling prey to cyber criminals

C

Throughout my writings and research reports  i have presented to various blogs, websites,and as an experienced cyber security and threat intelligence analyst.I have for long time been warning all of you in East Africa of being subjective and prone to attacks from cyber criminals.I remember telling you of the behavior that show a phone or an technology equipment has been taken over by a malicious spy ware or any exterior intrusion. Some of the characters include fast draining of the battery,unfamiliar sounds in background when calling,slowness and unexpected shutdowns of internet browser and search engines.... etc.
Recently you had that president Uhuru Kenyatta's social media accounts were being intruded by unknown and anauthorised people!!!! How did it happen for a whole president with all availed technocrats. Its ridiculous however we as technologists know that it is possible. I have talked of many issues which President Uhuru Kenyatta's technocrats can put in mind,i know some of these presidents talk to fellow presidents even over the phones and social media and remember that some of your fellows are naturally "un ethical spies"... Try to read through articles on acidicsecurity.blogspot.com .
They are some features that can show that your phone haa been taken over by intrusions, these are:
You will see some unfamiliar apps installed on your phone without your knowledge. These apps include:
Load control:if this is installed on your phone,it means the one who haa remotedly installed it has a load control reciever and is able to recieve and record control data from activities taking place within and on your phone including date,time and gps coordinates.
Settings app:This is meant to provide an opening in the systems of your phone and set alternative settings on your phone that remotely replaces the activities of the original " settings " app on your phone.This rogue settings app has ability to monitor the victims phone,able to stealthily and quickly make glances over whats taki g place on the phone since it also enables PEEKING. it has permission to access to phonebook,camera,..etc as you Will see in the picture
Meter mark:This is a very dangerous app,basically and specifically is meant to take over the gps services on the phone. And because its able to have permission of access to phone storage,it downloads gps data of the phone when it is online and stores it so that it can use it when the phone is offline.it has the ability to import key hole markup language files to enable it display geographical data in all earth browsers like google earth.
Please,if you are a diplomat or a national figure who like making calls to  phone numbers in a highly suspicious country, always reset your phone before you use it for other national duties
You will alao see your phone assigned queer accounts you didn't request  e.gDongnao,others am not going yo reveal because am still making research on them
Some of these rogue apps can not be easily seen for many are remotely installed in the phones chip partitions.
For God And My Country
As you can see from the picture, 70% of these apps activities take place in the background and since such an app has permission to the storage, camera,phone,sms,......etc.. Then i think president Uhuru Kenyatta must not get shock as yo why,how and who infiltrate in his social media accounts.For example,if it has accessibly to cameras it can remotely take screen shots of taps one makes on the keyboard thus enabling him yo take or know our passwords.2.if it can take over the messaging syatem the A2F authentication is rendered a useless..........,since it also read contacts,it thus knows who we talk to most often!!!! I know you all are reading this and most of you as you always brand me  a Museveni spy,but lets put that aside ...and make sure you take a keen interest in the security of your data over uour phone
I have been investigating this online fraud by the one who claims is a brian white foundation ti help people...... Thisbis fraud,deal with him at your own peril
Him and otherbmanyfraudulent people who think can use social.Media to con people should stop


There are other characters who want to blackmail the gorvenment,important personalities should also stop...



We all have the right to expression but we shouldbuse it not to harm others

Monday, March 25, 2019

DRC president is in Rwanda again

Felix the burning issue is"" those numbers are owned by fraudsters"....i recieved their msgs in 2017,2018,....a friend of mine received theiFelix tsiskedi lands in Rwanda again for a meeting

Sunday, March 24, 2019

SU-57 is the deadliest multirole air fighter

The Swedish jet has no outstanding characteristics in comparison to the fifth-generation Su-57’s, but reportedly has top of the line electronic warfare (EW) equipment and software, making it difficult for enemy jets to track it.
Commander of Sweden's Air Force, Mats Helgesson, stated that the country's recently developed Saab JAS 39 Gripen E jets were "designed to kill Sukhois" — Russia's top air superiority fighters, Finnish national broadcaster Yle reported. In a bid to further stress the Gripen E's effectiveness, Helgesson concluded that the aircraft have a "black belt" in fighting Russian jets.

Justin Bronk, an aerial-combat expert at the Royal United Services Institute, cited by Business Insider, said that the JAS 39 Gripen series is known for its outstanding EW capabilities, which are upgraded every two years.
"Several years ago the Gripen pilots got tired of being made fun of by German Typhoon pilots and came to play with their wartime electronic warfare and gave them a hell of a hard time", he said.
At the same time, Bronk noted that a pilot never knows in advance whether EW will woATCH Never-Before-Seen Footage of Testing of Su-57 Jet's Stealth Capabilities
Although it's unclear how powerful the EW components of the JAS 39 Gripen E are in comparison to those of the Su-57, as the two have never competed in the air, the Russian fighter jet is capable of carrying a far greater payload (10,000 kg, in comparison to 5,300kg for its Swedish counterpart) and reaching higher speeds (2.45 Mach in comparison to 2 Mach by the Gripen E). Additionally, Russian Sukhoi jets are known for their manoeuvrability in dogfights and ability to perform stunning feats in the air.

Who has been intruding in president Kenyatta's social media accounts

Like i have been alerting you for long,our socail media accounts are not secure!!! I have always told you that 2FA (two factor authentication) cannot help you.i proved this on gmail,yahoo,facebook,instagram..The process of sending us security codes as proof of our security is just bogus. Alot of social media accounts here in africa are prone to ss7 exploits and other state sponsored intruders.i remember telling via my facebook account around mid this month how a certain country had managed to sneak into accounts of its citzens whom it thought were ill talking about its situation.i had proved that after a mishap in Facebook's usual way of working.
On gmail,there are certaim spam messages telling you of bank accounts loaded with money or scholarships where you are convinced to tap on the links with faces of beautiful ladies.This is a dangerous link do not dare try it.
Sometimes when you are logged into your account,you see changes in the font size of your page yet you did not invoke such changes,this means your account is logged to in or on adifferrent device or application on a different device with different settings.
Recently the social media accounts ofof the president od kenya was recently intruded by unknown people.This led to the closing down of his accounts

How to set up two step verification on your social media account

One of the most remarkable developments in the consumer technology industry in the past two decades is the emergence of social media networks. Social media has revolutionized the sort of social connections and interactions we have offline. Additionally, it has enhanced how we communicate and stay informed.
Nowadays, billions of people around the world use one or several of the existing social networking platforms daily to communicate with family, friends, and colleagues. Also, many of us use some of our social media accounts to stay abreast with events and current affairs happening around us and in the lives of those we are connected with on the networks. Although it has its demerits, social media has indubitably brought great benefits to us.
With all the attractions of social networks, it’s easy to get immersed in your online engagement and forget an essential aspect of your digital life — security. However, the risk of account breach (unauthorized access) by bad actors with nefarious intent is real. In fact, every year, thousands of accounts are compromised. Affected users may have their personal details and identities stolen and sold to other bad actors who likely use them for criminal aims.

Two-Step Verification

Such account breaches necessitate the need for the companies behind the platforms to improve their security practices and safety features. One such security feature that is increasingly adopted is the two-step verification. Sometimes known as two-factor authentication (2FA), this account security feature requires any person attempting to gain access to an account to provide additional proof of authenticity — showing that they are allowed to access the account. That second step usually requires the person to enter a code sent to the account owner’s phone or answer a security question pre-defined and answered by the account owner. Only when the right code or answer is entered will the account be successfully accessed. In essence, this two-step verification provides an additional layer of account security.
The practical implication of this feature is that when someone attempts to login from a device not recognized as yours, you will get an alert on your mobile phone or email address about attempted login. Usually, the IP address and location of the unrecognized device will be included.
This two-step verification is significant because in the past before smartphones became popular, internet users only needed their username or email address and password to log into their accounts online. Increase in both password theft and sophistication of hackers became a real and growing concern. Furthermore, using,specially designed bots, hackers could break into potentially vulnerable accounts using stolen account credentials. 
Fortunately, nowadays on many web and mobile applications, users have the option to set up the two-step verification process for their accounts. In other cases, the process is compulsory.
Below we look at how this important security feature is implemented across some big social media platforms.

Facebook

As the most broadly used social networking platform, Facebook’s implementation of the two-step verification feature is unconditionally expected. Thankfully, Facebook users are allowed the freedom to turn on the account security feature using two second-step authentication methods namely:
  • SMS codes sent as text messages to your smartphone.
  • Access codes from a third party authentication app (e.g., Google Authenticator)
To activate the feature, you have to take the following steps:
  1. When logged in, go to your Settings and select the Security and Login option.
  2. Go down to the Use two-factor authentication option then click Edit.
  3. Select the authentication method of your choice and then follow the instructions that appear on your screen.
  4. Once you have turned on the chosen authentication method, click Enable.
Once that it successfully set up, when trying to log in from an unrecognized device, you will have the options to
  1. Consent to login attempts from recognized devices.
  2. You can also use recovery codes for situations when you don’t have your phone.
  3. Tap your security key on another device. The security key can be added when setting up the two-step authentication process.

Instagram

Similar to its parent company Facebook, Instagram allows its users the option of setting up the two-step authentication process. The procedure requires either of the same two authentication methods as Facebook.
When the preferred method is SMS codes sent via mobile text message, the following steps have to be taken to activate the feature.
  1. Go to your profile page and tap the menu icon in the top right-hand corner.
  2. Select the Settings option from the list.
  3. From the list that appears, selectPrivacy and Security.
  4. Choose Two-Factor Authentication.
  5. Tap on the switch icon next to Text Message.
  6. If you don’t have a phone number confirmed and associated with your account, you’ll be prompted to provide it.
  7. After entering the number, tap the next icon to complete the setup.
Alternatively, if your preferred authentication method is an authentication app, you’ll need to follow the steps below.
  1. Go to your profile page and tap the menu icon on the top right corner.
  2. Select the Settings option from the list.
  3. From the list that appears, selectPrivacy and Security.
  4. Choose Two-Factor Authentication.
  5. Tap the Get Started button if you haven’t previously turned on the two-step authentication feature.
  6. Tap on the switch icon next to Authentication App and follow the on-screen instructions.
  7. To complete the process, enter the code you received from the authentication app.

Twitter

Twitter also allows its users to set up the two-step verification security feature. In order to set up what the company calls login verification, a user must have a confirmed email address and a telephone number confirmed and connected to the account. These requirements will help whenever account recovery becomes necessary. Twitter also offers two authentication methods – SMS code via text message and authentication code generated from a third party authentication app.
The following are the steps you have to take to set up your Twitter login verification via SMS.
  1. From the top menu, choose the Profileicon and select Settings and Privacy.
  2. Click on Account settings and then Set up login verification.
  3. After reading the guiding instructions, click Start
  4. Input your password and click Verify.
  5. Tap or click Send code.
  6. Enter the verification code you received on your device before you click Submit.
  7. You should click Get Backup Code. Doing so will generate a code for future use in situations where you are without your valid phone number for whatever reason. It is advised you safely store the code. For example, you can take a screenshot of it and save it to your cloud storage application.
After successfully setting up the process, each time you attempt to login to Twitter, you’ll be prompted to enter a six-digit code sent to your confirmed phone number. You can learn how to use the authentication code method here.

WhatsApp

If you’re one of the more than 1 billion active WhatsApp users, you have the option to enable the double verification feature. When successfully activated, you’ll be required to provide a six-digit PIN each time you try to verify your phone number. The PIN is generated through the process of enabling two-step verification.
To turn on two-step verification on WhatsApp, you’ll have to:
  1. Go to Settings.
  2. Select Account.
  3. Select Two-step verification.
  4. Tap Enable.
You can also add your email address upon activating this feature. The email address will be an alternative for you to receive a link should you forget your PIN. Using the link, you’ll be able to disable two-step authentication. The company strongly advises users to be careful enough to give the correct email address since they do not verify the provided address. Similarly, if you never requested to confirm your phone number but received a link from WhatsApp, you’re advised to ignore it as someone else may be trying to do without your knowledge or permission.

LinkedIn

In order to be able to set up the two-step verification on LinkedIn, the user is required to have a phone number confirmed and associated with their account.
To activate the extra account security feature, you should take the following steps:

  1. Click on the Profile icon with the label Me at the right area of the top menu bar.
  2. From the drop-down menu, choose Settings & Privacy.
  3. Under the Account section, select Login and Security.
  4. In the new page that opens, select the Account tab (the first tab before Privacy).
  5. Click Turn On on the right end of the Two-step verification to activate the feature. If you have not connected a phone number, you’ll have to click Change and then Add a phone number.
  6. Input the verification code sent your connected phone number into the box and click Verify.

Snapchat

Snapchat offers the two standard authentication methods earlier mentioned. The following are the steps you have to take to turn on the feature.
  1. When on the main Camera home screen, tap on the Profile icon located on the top left corner.
  2. Tap the Settings icon shown as a cogwheel.
  3. Select Two-Factor Authentication:
  4. Follow the subsequent instructions that are provided on your screen.
The company also advises users who activate this feature to generate a Recovery Code and save it in a safe location. It will be helpful in scenarios where the phone is missing, or phone number is changed, or when the phone is restored to original settings.
Lastly, if you’ve never really used the two-factor authentication feature on your social media accounts, now is the time to do so. Use what you’ve learned here to protect your diappfrom  access by people who may be bent on doing you harm online. As a matter of fact, you’d be well advised to apply this vital safety feature across your other online accounts that hold valuable information (e.g., online banking application, financial trading or investing platfapplicationsthcare, and pharmaceutical applicatio

Turkey blames Saturday bombs by the alshabab in somalia

Close to 20 people among them a deputy minister were killed in multiple bombing attacks in Mogadishu and its environs.

Al-Shabaab militants drove into the Ministry of Labour office block leaving in its wake at least ten dead and ten others injured. Deputy Labour Minister Saqar Ibrahim Abdalla was among those killed in the 11 am bombing.

According to some tabloids,police sources said that about ten bodies had been retrieved from the building which also houses the ministry of public works in Shangani area.

Ambulance service Aaamin Ambulance said it had ferried ten injured people to various city hospitals.


The entrance to the Ministry of Labour building damaged when an explosives laded vehicle rammed into it.
An explosives loaded vehicle rammed into the building followed by heavy gunfire as security forces engaged the militants in gunfire. Three explosions went off within a span of 15 minutes.

Police said all the militants had been killed.
 three other bombings hit various parts of the city today killing a total of 9 people and injuring five. Separate blasts hit  Ex-Control Afgooye area killing 7 people while in Warshadaha street in Daynile district two people were killed in a blast.

The fourth blast hit Hawlwadaq district but there were no casualties reported.

Turkey has today condemned the terror attacks on Saturday in the Somalia capital Mogadishu that killed almost to 20 people including a deputy minister and wounded eleven others.

The Turkish Foreign Ministry said in a statement: “We strongly condemn the terrorist attacks perpetrated against the Ministry of Labor and Social Affairs and the Ministry of Public Works in Mogadishu.”

“We wish Allah’s mercy upon those who lost their lives, a speedy recovery to the wounded and convey our condolences to the friendly and brotherly Government and people of Somalia,” the statement read.

Somali-based al-Qaeda affiliated terrorist group Al-Shabaab has claimed the responsibility of the attacks.

Tuesday, March 12, 2019

Android Q developer beta may be launched today

Android Q , the next version of the mobile operating system, could be launching its developer preview later today, thanks to speculation over a date filter in Google’s bug tracker.
A template explaining how to file bug reports for Android Q Beta was spotted by XDA Developers Editor-in-Chief Mishaal Rahman.
The sample (which reportedly could be found here but has since been removed) seemed to be directed at OEMs, and advises reporters to check if the issue has already been filed by clicking a link ( https://goo.gl/qL5TjA , still working as of publication) leading to a repository – which only lists bug tickets created on or after March 11, 2019.
Apple invites went out for its March 25 event, where it might announce a streaming service
Samsung: use the fingerprint scanner , not facial unlocking, for more security
"I took selfies with the Huawei Mate X foldable and it's a game-changer"
Expanding beta
This comes hot on the heels of another
revelation that Google will add more phone companies to the Android Q beta, as Iliyan Malchev from Google's Project Treble team said on the Android Developers Backstage podcast.
Adding more phonemakers to the early testing process could help get their devices on newer versions of Android more rapidly. Project Treble itself is dedicated to making it easier for manufacturers to push the latest version of Android to their devices, so this seems like one move in the holistic effort to get the mobile OS’ ecosystem up-to-date more rapidly and in greater numbers.
What will come in Android Q is still a mystery, but an early dev build acquired by XDA Developers suggests a system-wide dark more, more refined permissions and Face ID-style logins could be coming with the next OS version.

Thursday, March 7, 2019


Researchers at Kaspersky Lab have uncovered a new strain of malware spreading via The Pirate Bay torrent tracker site.
Named after the classic Russian doll , PirateMatryoshka aims to infect users ’ computers with adware and tools that spreads further malware onto the device . It carries a Trojan -downloader disguised as a hacked version of legitimate software used in everyday PC activity.
Torrent services are a popular target for cybercriminals looking to distribute malicious code, not least because users in search of illegal content often disconnect their online security solutions or ignore system notifications in order to install the downloaded content .
PirateMatryoshka is spread using established seeders with no known history of malicious activity. The latter makes for an effective distribution process , because due to the good reputation of the seeder , potential victims have no reason to doubt that the file to be downloaded is safe .
Once the installer is run it shows the victim a copy of The Pirate Bay page that is in fact a phishing page , asking them to enter their credentials to continue the installation . Later this malware uses these credentials to create new seeders distributing more copies of PirateMatryoshka . Kaspersky’ s research shows that so far , the phishing link has been accessed around 10 , 000 times .
Even if user credentials aren ’t entered the infection still proceeds . The malware unpacks further malicious modules including a malicious clicker that , among other things can check the ‘ agree ’ box that triggers the adware installer , flooding a victim ’s device with unsolicited software . About 70 percent of installed programs are adware such as pBot, and 10 percent are detected as malware that can bring other malware onto the PC , such as another Trojan downloader .
“Multi-layered malware is a very common occurrence , and we have found many cases of malicious installers who are installing more than one program on a person ’s device ,” says David Emm , principal security researcher at Kaspersky Lab UK . “ When it comes to PirateMatryoshka , however , this process is much more sophisticated. The malware that reaches a victim ’s computer can then introduce additional installers, which in turn spreads even more malware . This is a very advanced type of malware , considering it is an un -targeted, mass attack that carries a phishing component for wider onward distribution . ”