(WASHINGTON) Justice Dept Report: Announced a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level e-mail service #AceNewsDesk report

#AceNewsReport – Apr.15: Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access e-mail accounts and place web shells (which are pieces of code or scripts that enable remote administration) for continued access. Other hacking groups followed suit starting in early March after the vulnerability and patch were publicized. Although many infected system owners successfully removed the web shells from thousands of computers, others appeared unable to do so, and hundreds of such web shells persisted unmitigated. Today’s operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.

Justice Department Announces Court-Authorized Effort to Disrupt Exploitation of Microsoft Exchange Server Vulnerabilities: The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path). This is unrelated to Microsoft’s 13 April announcement.

Note: A full copy of the unsealed court documents can be viewed here.

‘Action Copied and Removed Web Shells that Provided Backdoor Access to Servers, but Additional Steps may be Required to Patch Exchange Server Software and to Expel Hackers from the Victims’ Networks’

“Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Combined with the private sector’s and other government agencies’ efforts to date, including the release of detection tools and patches, we are together showing the strength that public-private partnership brings to our country’s cybersecurity. There’s no doubt that more work remains to be done, but let there also be no doubt that the Department is committed to playing its integral and necessary role in such efforts.”

“Combatting cyber threats requires partnerships with private sector and government colleagues,” said Acting U.S. Attorney Jennifer B. Lowery of the Southern District of Texas. “This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals. We will continue to do so in coordination with our partners and with the court to combat the threat until it is alleviated, and we can further protect our citizens from these malicious cyber breaches.”

“This operation is an example of the FBI’s commitment to combatting cyber threats through our enduring federal and private sector partnerships,” said Acting Assistant Director Tonya Ugoretz of the FBI’s Cyber Division. “Our successful action should serve as a reminder to malicious cyber actors that we will impose risk and consequences for cyber intrusions that threaten the national security and public safety of the American people and our international partners. The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions.”

On March 2, 2021, Microsoft announced that a hacking group used multiple zero-day vulnerabilities to target computers running Microsoft Exchange Server software. Various other hacking groups also have used these vulnerabilities to install web shells on thousands of victim computers, including those located the United States. Because the web shells the FBI removed today each had a unique file path and name, they may have been more challenging for individual server owners to detect and eliminate than other web shells.

Throughout March 2021, Microsoft and other industry partners released detection tools, patches, and other information to assist victim entities in identifying and mitigating this cyber incident. Additionally, the FBI and the Cybersecurity and Infrastructure Security Agency released a Joint Advisory on Compromise of Microsoft Exchange Server on March 10, 2021. Despite these efforts, by the end of March, hundreds of web shells remained on certain U.S.-based computers running Microsoft Exchange Server software.

Although today’s operation was successful in copying and removing those web shells, it did not patch any Microsoft Exchange Server zero-day vulnerabilities or search for or remove any additional malware or hacking tools that hacking groups may have placed on victim networks by exploiting the web shells. The Department strongly encourages network defenders to review Microsoft’s remediation guidance and the March 10, 2021 Joint Advisory for further guidance on detection and patching.

The FBI is attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which it removed the hacking group’s web shells. For those victims with publicly available contact information, the FBI will send an e-mail message from an official FBI e-mail account (@FBI.gov) notifying the victim of the search. For those victims whose contact information is not publicly available, the FBI will send an e-mail message from the same FBI e-mail account to providers (such as a victim’s ISP) who are believed to have that contact information and ask them to provide notice to the victim.

If you believe you have a compromised computer running Microsoft Exchange Server, please contact your local FBI Field Office for assistance. The FBI continues to conduct a thorough and methodical investigation into this cyber incident.

#AceNewsDesk report …………Published: Apr.15: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#email, #malicious, #microsoft, #software, #washington

SEA: ‘ CHINA BLOCKS ‘ DUCKDUCKGO ‘ SEARCH ENGINE ‘

#AceWorldNews – CHINA – Nov.23 – China has begun blocking the privacy-protecting search engine DuckDuckGo, which avoids storing user data or tracking online activity, according to the company and security researchers AFP reported. 

' DuckDuckGo '

‘ DuckDuckGo ‘

DuckDuckGo, which gained popularity following revelations of U.S. government surveillance online, has only a tiny share of the search engine market but recently became an option as the default for iPhones in the new iOS 8 mobile platform.

The company prides itself as “the search engine that doesn’t track you,” says its website.

DuckDuckGo has been blocked since Sept. 3, according to GreatFire.org, which tracks web services in China.

DuckDuckGo founder Gabriel Weinberg confirmed the news in an email to AFP, saying, “we aren’t sure why” the search engine was blocked.

He added that DuckDuckGo “is now available in iOS 8 and (Apple’s) OS X Mavericks and Mountain Lion and all of our focus is on that.”

Barry Schwartz, a consultant who blogs on Search Engine Land, said that “it is unclear as to why China has blocked the search engine but it might be due to them not complying with their filtering regulations.”

Source: China Daily – AFP

South East Asia News  

#SEA2014 

#blocked, #email, #search-engine

NSA releases single Snowden e-mail as Kerry tells him ‘MAN UP’ before interview with US media

The National Security Agency said Thursday that Edward Snowden sent supervisors only one e-mail when he worked there, and it did not protest the nature of NSA surveillance programs. In the e-mail to the Office of General Counsel, Snowden posed a legal question about a training program. “There are numerous avenues that Mr. Snowden could have used to raise other concerns or whistleblower allegations,” the NSA said in a statement. “We have searched for additional indications of outreach from him in those areas and to date have not discovered any engagements related to his claims.”

In an interview with NBC News, Snowden said he told the NSA about his concerns about its widespread methods of intelligence gathering.

“I actually did go through channels, and that is documented,” Snowden said. “The NSA has records, they have copies of emails right now to their Office of General Counsel, to their oversight and compliance folks, from me raising concerns about the NSA’s interpretations of its legal authorities. … The response more or less, in bureaucratic language, was, ‘You should stop asking questions.'”

Snowden — who remains in Russia, which has granted him temporary asylum — faces espionage charges in the United States.

Email:

This comes on the day John Kerry 68th United States Secretary of State said “‘Man Up And Come Home'”

US Secretary of State John Kerry has challenged Edward Snowden to “man up and come back to the United States”, after the whistleblower admitted he wanted to return home. Mr Kerry’s comments follow the former National Security Agency contractor’s interview with NBC, his first for US media since he fled the country after leaking a huge volume of classified documents. Now living in Russia on a temporary grant of asylum, Mr Snowden told the network he took action in the belief that he was serving his country in exposing the surveillance programs of the NSA. “I don’t think there’s ever been any question that I’d like to go home,” Snowden said in a segment of the interview. “Now, whether amnesty or clemency ever becomes a possibility is not for me to say. That’s a debate for the public and the government to decide. But, if I could go anywhere in the world, that place would be home.” And Mr Kerry, speaking before NBC aired that portion of the interview, said: “If Mr Snowden wants to come back to the United States, we’ll have him on a flight today. A patriot would not run away.


Susan Rice has denied Mr Snowden’s recent claims

“He should man up and come back to the United States. If he has a complaint about what’s the matter with American surveillance, (he should) come back here and stand in our system of justice and make his case. “If he cares so much about America and he believes in America, he should trust the American system of justice.” Mr Snowden had also said in an earlier part of his interview that he worked undercover and overseas for the CIA and the NSA. He claimed he had a far more important role in US intelligence than the government has acknowledged. “I was trained as a spy in sort of the traditional sense of the word, in that I lived and worked undercover overseas,” he said. National security adviser Susan Rice insisted in a CNN interview that Mr Snowden never worked undercover. Mr Snowden said he never intended to end up in Russia but was forced to go there because Washington decided to “revoke my passport.” In response, Mr Kerry said: “Well, for a supposedly smart guy, that’s a pretty dumb answer, after all. “I think he’s confused. I think it’s very sad. But this is a man who has done great damage to his country.”

All this after:
Edward Snowden: ‘I Worked As A Spy Overseas’


Snowden has received support during demonstrations in the US

Fugitive whistleblower Edward Snowden has said he “trained as a spy” and worked “undercover overseas” for intelligence agencies. In his first interview in American media, he rejected claims he was merely a junior contractor, saying he worked “at all levels from the bottom on the ground, all the way to the top”. The 30-year-old, who has been charged in the US with espionage, was granted asylum by Russia in August, 2013, after instigating a series of leaks on mass surveillance in America and around the world. In the NBC News interview, due to air in full on Wednesday, Snowden defended himself against claims he had minimal intelligence experience before he released classified documents revealing the National Security Agency’s programme of phone and internet surveillance. “I was trained as a spy in sort of the traditional sense of the word in that I lived and worked undercover overseas – pretending to work in a job that I’m not – and even being assigned a name that was not mine,” he said. He said he had worked covertly as “a technical expert” for the Central Intelligence Agency and the NSA, and as a trainer for the Defense Intelligence Agency.

“I don’t work with people,” he said. “I don’t recruit agents. What I do is I put systems to work for the United States. And I’ve done that at all levels from, from the bottom on the ground all the way to the top. “So when they say I’m a low-level systems administrator, that I don’t know what I’m talking about, I’d say it’s somewhat misleading.” After the leaks, Snowden travelled to Hong Kong, then headed to Moscow, where he was holed up in the Sheremetyevo Airport for days before he was eventually granted asylum. Secretary of State John Kerry, reacting to the interview, called Snowden a “man who has done great damage to his country”. “A patriot would not run away and look for refuge in Russia,” Mr Kerry told NBC’s Today. “He can come home but he’s a fugitive from justice.” Snowden is wanted in the US on charges including espionage.

#edward-snowden, #anonymous, #banking, #ceos, #conspiracies, #corporate-greed, #elections, #email, #espionage, #government, #john-kerry, #lies, #man-up, #national-security-agency, #nsa, #nsa-email, #politics, #ron-paul, #snowden, #snowden-e-mail, #spy, #strange-stories, #sue-rice, #wealth, #wikileaks

` Kaspersky has `Launched ‘ a `New Project ‘ that ` Demonstrates ‘ the `On-Going ‘ and `Real-Time ‘ Cyber-Attacks ‘

#AceSecurityNews – KASPERSKY – March 27 – The Internet has a service clearly demonstrates the ongoing real-time computer incidents worldwide.

According to the press service of Kaspersky Lab launched the project, an interactive map shows E-mail antivirus detected vulnerability and cyber-attacks.


“Our new map allows to see a scale of cyber-attacks actions in real time,” he said.

“Users can turn the globe and zoom to get an idea about the local situation in any part of the world. The different types identified threats on the globe pointed by different colours in real-time,” the company explained.

The user can display a description of each threat and if he want to turn off the display uninteresting types of threats.

The link for checking a computer for malicious software is also available on the company’s Web site – http://free.kaspersky.com/

According to the head of corporate communications Kaspersky Lab Denis Zenkina experts handle more than 300,000 malware every day.

#ANS2014

#antivirus, #cyber-attacks, #email, #kaspersky-lab, #malware

Order to Lavabit to Hand Over Email Records – Unsealed by Federal Judge in Virginia

The records in the case, which is now being argued at the 4th U.S. Circuit Court of Appeals, were unsealed today by a federal judge in Alexandria, Virginia. They confirm much of what had been suspected about the conflict between the pro-privacy e-mail company and the federal government, which led to Lavabit voluntarily closing in August rather than compromise the security it promised users.

The filings show that Lavabit was served on June 28 with a so-called “pen register” order requiring it to record, and provide the government with, the e-mail “from” and “to” lines on every e-mail, as well as the IP address used to access the mailbox. Because they provide only metadata, pen register orders can be obtained without “probable cause” that the target has committed a crime.

http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/

#acenewsservices, #edward-snowden, #email, #federal-judge, #lavabit, #virginia