DRC army captured 7 CODECO militiamen,4 AK47

Armed Forces of the Democratic Republic of Congo captured seven elements of the CODECO militia in an offensive launched at Mbala village, Ezekere group, Walendu-Tatsi sector, on the northern outskirts of Bunia, capital of Ituri.
Lt. Jules Ngongo, spokesman for the army in this province who gave the results of this operation to the press on Friday, July 03 adds that four weapons of the AK-47 type and a mobile phone were also recovered.
"Your army, the FARDC, yesterday afternoon under the leadership of General Yav Avul, operational sector commander of Ituri, we launched a punching operation, an assault on a group of militiamen who was advancing towards our position and by these anticipatory operations we neutralized seven elements of CODECO, four weapons of war of the AK-47 type and a telephone abandoned in their flight ”he declared.
Lt. Jules Ngongo reassures the public that the situation is currently under the control of loyalist forces in this region where mop-up operations are continuing.
He called on the population not to be afraid in case they hear detonations and that everyone goes about their business freely while being vigilant to avoid any surprise from the enemy.
As reported by our sources,You can Recall that since the afternoon of Thursday, July 02, 2020, detonations of heavy and light weapons were heard in certain districts of the city of Bunia. What caused panic among the population.

FPIC rebel group attacks lead to displacement of 14173 Congolese

With many days of attrocities of FPIC militiamen, known as "Chini ya Kilima" in the villages of Kombokabo, Ngadjo, Kayasililo and Marabo, south of Bunia in Irumu territory, a total of 14,173 displaced people found refuge in chiefdoms Walendu Bindi, according to information from local sources.
National deputy Paul Babangu, elected from the region that delivers the information, cites among their host villages Malo, Anyozo, Androzo, Nyamabho, Mula, Pinga, Tsengu and Kasuku.
"The humanitarian situation is alarming, I invite the national minister in charge of humanitarian action to intervene urgently" affirms the elected representative of the people who already deplores cases of infant mortality due to the family and the lack of health care.
On June 29, an army position in Marabo was attacked by these rebels, causing significant displacement of the population.

to all Ugandans in Rwanda

South Sudanese army illegally enters DRC again

A week has almost not ended before bilateral meeting between the South Sudanese and Congolese politico-military authorities .But on Wednesday 01 and Thursday 02 July, two incursions by south Sudanese army were reported in Karagba and Gbula, on Congolese soil, in territory of Aru.
According to witnesses, they raped two women, then looted a few animals and valuables from the inhabitants, before returning back to south sudan on Wednesday 01 July.
Local sources say that the local population managed to "capture one of these Sudanese soldiers with his AK-47 weapon".
On Thursday, July 2, these South Sudanese soldiers turned to "recover one of them captured by the population" indicated by sources from the local communities "They were pushed back by the FARDC and a few police officers,".
Following this situation, the population living along the border of the DRC with South Sudan, have begun to flee inside the chiefdom of the Kakwa, some are destined for Ingokolo,as  we learned from sources in these communities and  Information confirmed by security sources in the region. The captured Sudanese soldier and his weapon were handed over to the Congolese authorities from Aru.
In another similar incidence of insecurities, yesterday people in bunia town were in panick as a lot of unfamiliar sound of heavy blasts was heard.

....we need smart officers along that border, let these idiots not dare or attempt to also feel they can joke with our peace.........
....

DRC refugees coming to Uganda must first be screened to make sure they are safe from COVID19

Thousands of people stranded in areas of the Democratic Republic of the Congo (DRC)  arrived in Uganda on Wednesday, July 1st.
These refugees from the DRC can now be safe in their new host land. They were stranded at the border since the end of May due to corona virus that ended in locking the border.
" We are not tired, we don't have much land, our country is small, but we receive them, out of sympathy. I hope that the international community will also be compassionate and help these people. It's not our problems, it's the world's problems, international problems ", said Hilary Onek, Minister in charge of Rescue, Disaster Preparation and Refugees in Uganda.
The United Nations Refugee Agency (UNHCR) said it was working with the Government of Uganda and its partners to ensure that humanitarian aid, including food and shelter, is made available to these refugees.
The agency also reported that it was working with border security forces and the Ministry of Health to ensure screening, testing and measures against the-19.
" We ensure, of course, accommodation, screening for them. As you know, this is a very special emergency. This is the first time people have gone via the border in the middle of a Covid situation. You need intelligence to set everything up, security check, Ebola and Ebola control ", says Philippy Creppy, Operations Assistant Operations Operations, UNHCR.
After first screening, asylum-seekers will be transported by UNHCR to an institutional quarantine centre located 13 kilometres from the border.
After 14 days, in accordance with health protocols and protocols, they will be moved to existing refugee facilities.

Reverse RDP vulnerabilities can let cyber criminals chieve full control over the Guacamole server, intercept, and control all other connected sessions.

A new research has revealed multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.
The reported flaws could potentially let cyber criminals chieve full control over the Guacamole server, intercept, and control all other connected sessions.
According to a report published by Check Point Research and shared to various cyber security firms .Among the firms are the hackernews who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine."
You can read more Here

Hunting for default logins!!

The NNdefaccts dataset made by nnposter is an alternate fingerprint dataset for the Nmap http-default-accounts.nse script.
The NNdefacts dataset can test more than 380 different web interfaces for default logins. For comparison, the latest Nmap 7.80 default dataset only supports 55.
Here are some examples of the supported web interfaces:
Network devices (3Com, Asus, Cisco, D-Link, F5, Nortel..)
Video cameras (AXIS, GeoVision, Hikvision, Sanyo..)
Application servers (Apache Tomcat, JBoss EAP..)
Monitoring software (Cacti, Nagios, OpenNMS..)
Server management (Dell iDRAC, HP iLO..)
Web servers (WebLogic, WebSphere..)
Printers (Kyocera, Sharp, Xerox..)
IP Phones (Cisco, Polycom..)
Citrix, NAS4Free, ManageEngine, VMware..
See the following link for a full list:
https://github.com/InfosecMatter/http-default-logins/blob/master/list.txt
The usage is quite simple — we simply run the Nmap script with the alternate dataset as a parameter. Like this:
nmap --script http-default-accounts --script-args http-default-accounts.fingerprintfile=~/http-default-accounts-fingerprints-nndefaccts.lua -p 80 192.168.1.1
This is already pretty great as it is.
Nmap script limitations
Now the only caveat with this solution is that the http-default-accounts.nse script works only for web servers running on common web ports such as tcp/80, tcp/443 or similar.
This is because the script contains the following port rule which matches only common web ports:
So what if we find a web server running on a different port — say tcp/9999? Unfortunately the Nmap script will not run because of the port rule..
..unless we modify the port rule in the Nmap script to match our web server port! And that’s exactly where this new tool comes handy.
Introducing default-http-login-hunter
The default-http-login-hunter tool, written in Bash, is essentially a wrapper around the aforementioned technologies to unlock their full potential and to make things easy for us.
The tool simply takes a URL as an argument:
default-http-login-hunter.sh <URL>
First it will make a local temporary copy of the http-default-accounts.nse script and it will modify the port rule so that it will match the web server port that we provided in the URL.
Then it will run the Nmap command for us and display the output nicely.
You find a default credentials for Apache Tomcat running on port tcp/9999. Now we could deploy a webshell on it and obtain RCE. But that one is meant for me the "acidic"

List of URLs
The tool also accepts a list of URLs in a file. So, for instance, we could feed it with URLs found during Nessus scans extracted using our Nessus CSV parser.
The tool will go through all the URLs one by one and check for default logins. Like this:
default-http-login-hunter.sh urls.txt
Here the tool found a default login to the Cisco IronPort running on port https/9443.
Resume-friendly
Another useful feature is that it saves all the results in the current working directory. So if it gets accidentally interrupted, it will just continue where it stopped. Like in this example:
Here we found some Polycom IP phones logins.
Staying up-to-date
To make sure that we have the latest NNdefacts dataset, just run the update command:
default-http-login-hunter.sh update
And that’s pretty much it. If you want to see more detailed output, use -v parameter in the command line.