Sunday, June 16, 2019

Is DRC safe?

DRC may be trying to boil up itself again in its attempt to hug the serpent of Rwanda.The whole of the eastern part of this country is slowly being eaten up by this serpent's agents and the bandits he supports. I think you all know what is taking place within the Banyamulenge. There has been regular and free entry of foreign soldiers and according to sources alot of such soldiers were seen last evening, and another source said that they come, then spend two days in Goma and then disappear and that what worries them much is that they do not know where they disappear to! Another source, who is alleging that these soldiers are meant to be a standby force  in the societies that have relatives  from serpent's country such that if they are to be attacked by enemies  then alert the serpent's country to send full reinforcements !  DRC is totally in shit for most of its key point in all armies deployed in eastern DRC are Rwandese agents, it's no surprise that along all boarders of the greater KIVU, town of Goma, bunagana, bukavu, uvira, rutshuru, etc are and have all been taken over by Rwandese agents and spies. DRC which always the sick man of Africa may again be plunged into a full-scale war.There is and must be some master plan by the regional serpent of Rwanda to create another turmoil in quest to buy time, coverup and legitimize his gross Human Rights violations and atrocities of refugees, and his citzens.Every one should pray for banyamulenge for there is an ongoing master plan to plunge them into war, as a way of using their land to attack Burundi. It is of almost absurdity to see soldiers from a foreign country freely enter another country to just execute a plan to terrorize another country.The area of Manyema, ituri, katanga are slowly and steadily being infiltrated by the serpent's terrorists.The whole region must wake up other wise another crisis my erupt in the DRC and mainly masterminded by the worst serpent in the region

Wednesday, June 12, 2019

Triada Banking Trojan came Preinstalled as Backdoor in Budget Android Smartphones- Google Confirms.
It would probably be the first time ever in Google’s history that the company has revealed details of the tenacity and success of malware dubbed as Triada. Triada malware was discovered in 2017 and came pre-installed on Android devices . It was believed back then that the malware was added to the devices at any stage of the supply chain process.
Now, Google has revealed that cybercriminals indeed managed to compromise Android smartphones and installed a backdoor while the supply chain process of the phones was underway. Triada is known for downloading additional Trojan components on an infected device which then steals sensitive data from banking apps, intercepts chats from messengers and social media platforms and there are also cyber-espionage modules on the device.
It is worth noting that Google remained silent at this issue until now but this week the firm’s Android Security and Privacy team member Lukasz Siewierski posted an in-depth analysis of the Triada banking Trojan on Google’s security blog. In the blog post , Siewierski confirmed that the malware did exist in new Android devices .
In 2016, Kaspersky Lab researchers identified what was probably the most advanced of all mobile banking Trojans at the time. The Trojan was dubbed Triada; it was discovered in the RAM (random access memory) of the smartphones and used root privileges for substituting system files with infected ones. The malware kept evolving until 2017 when Dr. Web researchers identified that it didn’t need to root the smartphone for gaining elevated privileges and was equipped with more advanced attacking methods.
Some of the devices identified by Dr. Web in 2018 were:
Leagoo M5
Leagoo M5 Plus
Leagoo M5 Edge
Leagoo M8
Leagoo M8 Pro
Leagoo Z5C
Leagoo T1 Plus
Leagoo Z3C
Leagoo Z1C
Leagoo M9
ARK Benefit M8
Zopo Speed 7 Plus
UHANS A101
Doogee X5 Max
Doogee X5 Max Pro
Doogee Shoot 1
Doogee Shoot 2
Tecno W2
Homtom HT16
Umi London
Kiano Elegance 5.1
iLife Fivo Lite
Mito A39
Vertex Impress InTouch 4G
Vertex Impress Genius
myPhone Hammer Energy
Advan S5E NXT
Advan S4Z
Advan i5E
STF AERIAL PLUS
STF JOY PRO
Tesla SP6.2
Cubot Rainbow
EXTREME 7
Haier T51
Cherry Mobile Flare S5
Cherry Mobile Flare J2S
Cherry Mobile Flare P1
NOA H6
Pelitt T1 PLUS
Prestigio Grace M5 LTE
BQ 5510
The malware exploited the Android framework log function call to attack, which basically means that it installed backdoor in the infected devices so that whenever an app tried to log something the backdoor code got executed . The code would get executed in almost every app since it came factory-fitted in new smartphones. Later on, Google did add new security features to prevent threats like Triada.
However, malware developers changed their strategy and performed a supply chain attack in the summer of 2017 to get it preinstalled on low-key, budget Android smartphones mainly from Chinese manufacturers Nomu and Leagoo. Researchers couldn’t determine how the supply chain attack occurred but this attack ensured that the malware was able to access legitimate apps and download malicious codes to perform click fraud or infect SMS messages with new scams.
Siewierski explained the working of the backdoor in the blog post that read:
The malware primarily targeted Android version 4.4.2 and older since the new versions blocked that process through which the malware obtained root access and the code injected was blocked by Google even when the malware was installed as a backdoor. Siewierski explained how Google tried to thwart the threat at all occasions using the advanced automated system called
“Build Test Suite” and other strategies. In the blog post, Siewierski wrote:
“By working with the OEMs and supplying them with instructions for removing the threat from devices, we reduced the spread of preinstalled Triada variants and removed infections from the devices through the OTA updates. The Triada case is a good example of how Android malware authors are becoming more adept. This case also shows that it’s harder to infect Android devices, especially if the malware author requires privilege elevation.”
Have you seen what i have always said about google.com

Monday, June 10, 2019

Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions

A security researcher recently revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).
Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.
Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists when Microsoft Windows Remote Desktop feature requires clients to authenticate with Network Level Authentication (NLA), a feature that Microsoft recently recommended as a workaround against the critical BlueKeep RDP vulnerability .
According to Will Dormann, a vulnerability analyst at the CERT/CC, if a network anomaly triggers a temporary RDP disconnect while a client was already connected to the server but the login screen is locked, then "upon reconnection the RDP session will be restored to an unlocked state, regardless of how the remote system was left."
"Starting with Windows 10 1803 and Windows Server 2019, Windows RDP handling of NLA-based RDP sessions has changed in a way that can cause unexpected behavior with respect to session locking," Dormann explains in an
advisory published today.
"Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism. Any login banners enforced by an organization will also be bypassed."

The CERT describes the attack scenario as the following:
A targeted user connects to a Windows 10 or Server 2019 system via RDS.
The user locks the remote session and leaves the client device unattended.
At this point, an attacker with access to the client device can interrupt its network connectivity and gain access to the remote system without needing any credentials.
This means that exploiting this vulnerability is very trivial, as an attacker just needs to interrupt the network connectivity of a targeted system.
However, since the attacker requires physical access to such a targeted system (i.e., an active session with locked screen), the scenario itself limits the attack surface to a greater extent.
Tammariello notified Microsoft of the vulnerability on April 19, but the company responded by saying the "behavior does not meet the Microsoft Security Servicing Criteria for Windows," which means the tech giant has no plans to patch the issue anytime soon.
However, users can protect themselves against potential exploitation of this vulnerability by locking the local system instead of the remote system, and by disconnecting the remote desktop sessions instead of just locking them.

Sunday, June 9, 2019

USA continues harassing alshabab militias

A joint operation by the US forces and the Somali forces conducted an airstrike targeting Al-Shabaab militias on June 5th in the vicinity of Tooratoorow area of Lower Shabelle Somalia.
“U.S. Africa Command has assessed that the airstrike killed one Al-Shabaab militia and confirmed no civilians were injured or killed in this airstrike,” read the statement
The strike, AFRICOM said was to stop Al-Shabaab taking advantage of safe havens from which they can build capacity and attack the people of Somalia.
In the month of May alone, AFRICOM conducted six strikes in Golis Mountains targeting ISIS militants in what could be seen as a move to tame the spread of the militant group further south though it already has tentacles in south-central regions including the capital Mogadishu.

Wednesday, June 5, 2019

Be extra cautious of DMI terrorists owned tabloids, social media accounts, travel agencies allover South Africa, Zambia, Mozambique, Kenya...

When i started warning eastafricans living in southafrica of the danger of associating with suspicious rwandese speaking ladies,many did not take me serious!The various assassinations,attempted assassinations and the latest kidnap and stage managed killing of casimir nkurunziza must further open your eyes to protect yourself from SARUHARA RWANKOMOKOMO  and his agents.The agents of this devilish political vampire man are widespread allover the republic of southafrica,zambia,mozambique ..etc.you will find them scattered allover universities of southafrica principally teaching about genocide but maliciously to reap sympathy and branding all those who are against saruhararwankomokomo's satanic system as evil.many of these rwandese ladies have branded themselves as tswana and carry on service delivery activities like travel agents  and advisory services throught which they continue with propaganda of defaming countriies like that "in uganda women are killed for ritual sacrifice,that foreighners are kidnapped,......" one of southafrican long tiime asked me if it was true and i only responded"just wait for the day they will advise you that your country southafrica is not good for you to live in"..... !these DMI agents of saruhara rwankomokomo own travel agents advisory services in throught southern and central africa,and thus i advise those taking travels to be extra cautious,or else you will take a plane via kigali and you will be pulled outta plane or poisoned .i also call upon all companies operating flights to screen out and check list their workers for the satanic system of saruhara rwankomokomo has infiltrate most travel companies in zambia,mozambique,malawi,southafrica and worse of it all the "DRC" is on a timely bomb,the whole of DRC system has be fully infiltrated by DMI! There are special social media accounts that have been establishe to tarnish the name of president museveni and nkurunziza and all these social media accounts are under te supervision of the direct agents of the political vampire.They have turned up to creating social media accounts  even here in Uganda,of which many are used to blackmail  the government, directly attack and abuse government  officials of whom notably are His excellence yoweri  museveni, afande Abel kandiho,afande Kaka, and other patriotic  Ugandans and institutions . These accounts  are principally established to stir up anger and tribalism in Uganda. Those who  manage such accounts  stupidly think that Ugandans  do not love their country and are trying to use social media to promote  hatred for the ruling party. Many of them hide in other parties not necessarily  that they feel  good for them but principally  to drive the interests of the foreigners who  want to dirten our peace ,some of them are Ugandans who have relatives  in Rwanda or who outta tribal hatred want to see their opportunistic and selfish interests met. What I can tell them is that"they should continue  writing since they are enjoying  the rights and freedoms  which cannot be found in Rwanda" and there is no-one who will offer them a red line  not to cross. I even advise security  agencies to be extra cautious  in dealing with such idiots  for what  they wanted to prove to the world that his excellence  museveni and his government  are bad. These are the idiots who want to arouse the public with fowl cries that"CMI,ISO,....etc is harassing  me".Their main intention is to show that ISO, CMI are bad. But all in all I leave the whole work to the Uganda  communication  commission  to deal with such people and it is very easy to identify such accounts.I also warn all Ugandans working in Southafrica, Zambia, Mozambique, and all these embassies  to be cautious  if people they employ. For the case if South Africa, they pretend to be Tswana ladies and have jobs in hotels, own travel  agencies  and advisory services but their main intention  is to spy upon every  one who comes from  Eastafrica, I know one in polokwane,i suspect  two in gauteng, and many at the university of southafrica(UNISA) who want to reap sympathy   survivors but principally  promoting hatred  and defaming Uganda, Burundi and their president,they are e real spies. Stay warned all you Rwandese refugees staying in South Africa, please be aware of these ladies who pretend to be Tswana, Zulu, Xhosa yet they pretend  to speak little  kinyarwanda it kiswahili.They will pretend to be good friends, will get your contacts, and will even attempt to hijack  your social  media accounts  through  SS7 exploit and other means. I remember  when  I told this to one of my confidant in mosselbay ihe thought  I was joking until he met the same girl at St'George's mall, this Kenyan friend was shocked to see this lady  fluently speaking kinyarwanda on a phone of course as someone who had worked with some news paper in Rwanda he was shocked to see someone  who he knew was a Tswana speaking  real kinyarwanda.   Be cautious  if young men from from Rwanda working in car parking yards they are they principally To identify which car their  targets are to use. I know you cannot believe  this but one day you will  see it.
 For God and my country

Tuesday, May 28, 2019

How long does Google's verification code last before it becomes unusable

There is something  I may ask,,how long does a Google verification  code last for it to be non usable.... Google. Coz is not serious, how do you send the same verification  code even after 30minutes when you have sent a similar code!!!!!  This is very  dangerous!!!  To those who use Google.com services you are at risk..... 

MTN Uganda mobile money services to be enjoyed by Kenyans, rwandese and Tanzanians

MTN Uganda has done a very good thing... I love the way Uganda is calculating it's thing. It very easy now to send receive money from Uganda to the whole of Eastern Africa. Man mobile money can now be used to send and receive  money through out Kenya, Rwanda and Tanzania.....  You simply have to Dial *165*1*2# .This is very good to those who have been stuck and caught up in the recent saga of the closure of Rwanda Uganda border...you can now send your money to your families...  No more starving!!!

Wednesday, May 22, 2019

Five people killed in Somalia

At least five people have been killed among them two soldiers and police officer in a car bomb explosion near Godka Jiloho prison in Bondhere district, Mogadishu.
Sources have said that two soldiers-a couple, the wife identified as Faay Ali Rage were killed during the blast. According to eyewitnesses, the vehicle which was parked at a roadblock heading to the prison blew up leaving death and destruction in its wake.
Media ne
ws has also established the third victim, a police officer was attached to the security team of MP Maryan Arif.
The free ambulance service Aaamin Ambulance said 10 people were injured in the blast. The medical provider said of the injured, one was a child while two were female.

Windows 10 ZERO day vulnerability revealed

Windows 10 has another zero-day vulnerability, as discovered by a security researcher who specializes in finding bugs in Microsoft’s operating system – and has previously publicly outed them without warning before.
The unpatched vulnerability highlighted by SandboxEscaper has been confirmed to work on Windows 10 (32-bit) systems, as reported by
ZDNet. Furthermore, with some tweaking, it could theoretically be leveraged against any version of Windows (going as far back as Windows XP).

Utilizing a bug in the Task Scheduler in Windows, this is a local privilege escalation security flaw, meaning it can be used by a hacker to raise an account with low-level privileges on a PC to a full admin account (in other words, allowing them to do anything on the victim’s computer).
Note, however, that this security flaw can’t be used to gain access to a PC. It’s an exploit for malicious parties who have already hacked their way onto a computer, and a way for them to subsequently elevate their privileges to be able to do more.
Even so, this is obviously something Microsoft needs to address swiftly, and will perhaps be patched in the next round of security updates to arrive in June.
More where that came from
As we mentioned at the outset, SandboxEscaper is renowned for being a thorn in Microsoft’s side, and in October 2018 she released details of a bug that can also be abused to elevate privileges on a system, and
drew attention to a similar flaw back in August 2018.
More worryingly, she has also claimed that she’s found four further unpatched bugs in Windows, so we can expect more revelations in the pipeline fairly soon, no doubt.
SandboxEscaper previously highlighted these bugs on Twitter, but seemingly has had several of her Twitter accounts suspended in the past.

ARM chipsets will nolonger be working with Huawei

Huawei’s ambitions for the smartphone market have been dealt a serious blow according to leaked documents that suggest chipmaker ARM is suspending all activities with the beleaguered Chinese vendor.
Last week, the US Commerce Department prohibited American firms from doing business with Huawei, a move which means the company’s handsets will no longer receive updates for the Android operating system from Google or access to its popular applications.
However, the impact of that order is set to be far-reaching and could have even more disastrous consequences. The BBC has obtained internal memos ordering ARM employees to stop working on all Huawei contracts and cases to provide any support.

ARM’s chip designs are used to power virtually every major mobile chipset, including those from Qualcomm and Huawei’s Kirin processors. ARM is based in the UK and owned by Japanese firm SoftBank, but many of its designs feature US-made technology.
This has led ARM to believe that working with Huawei would see it breach US trade regulations. The BBC also notes that this impacts ARM China, a joint-venture that aims to make ARM technology and localised support available in the country. ARM has a 49 per cent stake.
Huawei is not commenting on the reports, but an inability to use ARM technology in Huawei’s Kirin processors would be extremely damaging. Huawei has been preparing for a ban on US technology for some time, stockpiling components and developing an alternative operating system to Android, but the innovations afforded by ARM would be impossible to replace.
The upcoming Kirin 985 chip is unaffected, but Huawei would be unable to use ARM technology in future iterations.
A Huawei spokesperson said: "We value our close relationships with our partners, but recognise the pressure some of them are under, as a result of politically motivated decisions. We are confident this regrettable situation can be resolved and our priority remains to continue to deliver world-class technology and products to our customers around the world.”
Huawei has managed to build on domestic success by expanding into Western Europe in recent years thanks to a series of critically acclaimed devices. It is now the world’s second largest manufacturer, recently overtaking Apple, despite being excluded from the US.