The Sim jacker vulnerability

The Simjacker vulnerability could extend to over 1 billion mobile phone users globally.

As time passes, we’re witnessing more exploits building upon the usage of sim cards including the ever-famous sim swapping method. To add to these, just recently, AdaptiveMobile Security had released details of a previously undiscovered exploit dubbing it as SimJacking. How it apparently works is illustrated very simply with the help of a diagram below, however, there’s more to its intricacies.

Example of how Simjacker vulnerability can track mobile phone location of vulnerable subscribers – 

US DOJ to subject Google, Facebook and other to antitrust investigation

company Alphabet has confirmed that it is under investigation by the United States Department of Justice. Specifically, the DOJ suspects Alphabet of antitrust practices, and is demanding all information and documents related to prior antitrust investigations involving the company around the globe. While the DOJ stated that it was just beginning to investigate major tech companies back in July 2019, we now know the department's efforts have kicked into high gear.

Alphabet and Google aren't the only major tech companies under the crosshair right now. Apple, Facebook, and Amazon are all known to be under investigation as well, and we wouldn't be surprised if other platforms like Twitter soon found themselves under scrutiny, too. President Trump has quite the love-hate relationship with Twitter, as he uses it frequently to announce major policy decisions and communicate with the general populous. He has also criticized the platform, however, (along with Google) with accusations of bias.

So, what does all of this mean for you, a consumer? For now, nothing. In the future, however, we're likely to see these bigger tech companies become more reigned-in. In the case of giants like Facebook and Google, who command a massive percentage of any given market as well as corporate entities, we wouldn't be surprised to see their empires divided.

Talk of breaking up companies like Facebook and Google has been rumbling for years now in political spheres. However, we'd be more surprised to see any damage done to their fundamental services; i.e. Google's Search/AdSense and Facebook's main social networking platforms. Fortunately for web users and advertisers at large, though, that scenario seems quite unlikely.

As I warned markzuckerberg few months ago,then you can see this privacy disaster on Facebook!!! Next has to be WhatsApp...

Some few days ag

o another privacy disaster hits Facebook users.But mark Zuckeberg and his team would not have read such news with surprise because I remember few months ago I wrote about the database uncertainties and irregularities especially in the login credentials.I have read mant tweets about this and seemingly many this it is a problem prone to the western hemisphere,am telling you that"africa" is also under this privacy threat!!It should be noted carefully that even whatsApp is with privacy issues,under some research on security of social media,I in June this year discovered that the VPNs used mainly in African can make many fall prey to privacy leakages of which leakages are Paramount to the users security in terms of gps location ,phone book,calls and sms ...etc..i i wi write about this later in my final analysis by the end of September.
To add insult to the already enraged privacy advocates, Facebook has yet again disappointed its user base. It has been revealed that 419 million phone numbers belonging to Facebook users have been exposed due to a breach in an online unsecured database.

The database contained 133 million records from the US, 18 million in the UK and 50 million in Vietnam. However, a Facebook spokeswoman has added that in actuality the data of 210 million users was revealed since the unsecured database contained duplication.







About more than a year ago, if you entered a phone number into Facebook’s search bar, it would reveal the account connected to that number. Although Facebook has abandoned this practice, it is believed that the phone numbers were scraped before it did so.
Unsecured database leaked phone numbers of 419 million Facebook users
Screenshot of the leaked database

However, according to GDI Foundation’s security researcher Victor Gevers tweeted that “Although Facebook had disabled the API that shares users mobile phone & address details back in 2011, this data leak with scraped Facebook details was deployed recently in August 2019 on the latest version (4.0.12) of MongoDB. There is also a mail server running on that server.”

 Although Facebook had disabled the API that shares users mobile phone & address details back in 2011, this data leak with scraped Facebook details was deployed recently in August 2019 on the latest version (4.0.12) of MongoDB. There is also a mail server running on that server 🤔 https://twitter.com/zackwhittaker/status/1169327242528219136 …

There were several databases on the exposed server containing 419 million records — including 133 million on U.S.-based Facebook users and 18 million on U.K. users.

Nevertheless, the breach is still alarming for a number of reasons. Firstly, phone numbers are a goldmine for hackers who would definitely enjoy sending loads of marketing messages and calls to these users.






Secondly, they could be used to aid in sim swapping for users who have been using their phone numbers as a part of two-factor authentication. How serious can this be? Well, last week, Jack Dorsey’s Twitter account was compromised just due to such a technique despite him being the CEO so this leaves a layman much more vulnerable.


Moreover, the phone numbers were linked to Facebook accounts identifiable by a unique public ID assigned by the platform and that could be used to discern someone’s username.

“TechCrunch verified a number of records in theunsecured database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account,” reported the site.the unsecured database has been taken down with Facebook investigating in the meanwhile. We do not know if the affected users would be compensated in any way or even be informed. This leaves us with a simple yet profound lesson of not relying on companies no matter how big they may seem, there will always be human errors after all.

Somal troops repulse two alshabab terror attacks

Somali troops repulsed two separate attacks by Al-Shabaab militants on El-Jaalle military training facility near Marka town, and again on El-Salini base near K-50, Lower Shabelle region. There are reports of injuries from the attack on El-Jaalle - per security sources.

I cannot sleep...I want all this rubbish out of western uganda

The Police in Kisoro District are investigating circumstances under which a Kisoro based Lawyer was shot dead last night.
Kigezi Regional Police Spokesman Elly Maate told this Online Publication that Lawyer Sendegeya Issac was shot dead in the wee hours of July 21st 2019, by yet to be identified thugs at the gate / door of his residence in Nturo village, Chihe Parish in Nyakinama Sub County in Kisoro district.
“We received a distress call about the shooting and when police officers responded they found the man already dead” Maate said.
Maate said that after the shooting, the relatives of Sendegeya in a bid to save him removed him from the spot where he had been shot and put him in his sitting room and this act interfered with scene of crime procedures making investigation difficult.
“The Police however discovered one cartridge at the scene and that will be used to help in establishing the origin of the gun that was used by the assailants” Maate explained.
Maate said that the body of Sendegeya who owned Law chambers in Kisoro Town has been taken to hospital for a post mortem report to be carried out as Investigation into the shooting continue.
A case of murder by shooting has been registered under reference number SD 02/21/06/2019 at Kisoro Police Station to help in further investigations.
Kisoro LC 5 Chairman Abel Bizimana said that the district has lost a human rights activist and advocate who was helping the local people access justice.
Maate said a manhunt for the assailants who are moving with a gun is going on in Kisoro District and the place being close to Democratic Republic of Congo and Rwanda borders, security has been tightened to ensure that the assailants do not sneak out of the country.

17 killed in a bomb blast in Mogadishu

BREAKING: At least 17 killed nearly 30 others injured in Mogadishu car bomb blast, per medical sources. The Al-Shabaab militant group claimed responsibility for the attack.

Local internet service providers (ISPs) have been instructed by the local government to force their respective users into installing a government-issued certificate on all devices, and in every browser.

The certificate, once installed, will allow local government agencies to decrypt users' HTTPS traffic, look at its content, encrypt it again with their certificate, and send it to its destination.

Image: Eugene / via Bugzilla

Kazakh users trying to access the internet since yesterday have been redirected to web pages that contained instructions on how to install the government's root certificate in their respective browsers, may it be a desktop or mobile device.

For example, this is the page shown by local ISP Kcell, and this is another one that Beeline is showing to its customers.

KAZAKHSTAN GOVERNMENT SAYS IT'S FOR THE BEST

Local ISPs started forcing their customers into installing the government's root certificate yesterday, following an official government announcement.

In a statement posted on its website, the Kazakh Ministry of Digital Development, Innovation and Aerospace said only internet users in Kazakhstan's capital of Nur-Sultan will have to install the certificate; however, users from all across the country reported being blocked from accessing the internet until they installed the government's certificate. Some users also received SMS messages on their smartphones about having to install the certificates, according to local media.

Ministry officials said the measure was "aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats."

GOVERNMENT PREVIOUSLY FAILED IN 2015

The Kazakh government first tried to have all its citizens install a root certificate in December 2015. At the time, it ruled that all Kazakh user had to install their root certificate by January 1, 2016.

The decision was never implemented because the local government was sued by several organizations, including ISPs, banks, and foreign governments, who feared this would weaken the security of all internet traffic (and adjacent business) originating from the country.

At the same time in December 2015, the Kazakh government also applied with Mozilla to have its root certificate included in Firefox by default, but Mozilla declined.

Currently, browser makers like Google, Microsoft, and Mozilla are discussing a plan of action on how to deal with sites that have been (re-)encrypted by the Kazakh government's root certificate. No decision has been reached, at the time of writing.