Server hack prompts call for cPanel customers to take “immediate action”

The providers of the cPanel website management application are warning some users to immediately change their systems' root or administrative passwords after discovering one of its servers has been hacked.

In an e-mail sent to customers who have filed a cPanel support request in the past six months, members of the company's security team said they recently discovered the compromise of a server used to process support requests.

"While we do not know if your machine is affected, you should change your root level password if you are not already using SSH keys," they wrote, according to a copy of the e-mail posted to a community forum. "If you are using an unprivileged account with 'sudo' or 'su' for root logins, we recommend you change the account password. Even if you are using SSH keys we still recommend rotating keys on a regular basis."

Read 3 remaining paragraphs | Comments

Microsoft joins Apple, Facebook, and Twitter; comes out as hack victim

Facebook, Twitter, Apple, and now Microsoft. Redmond has announced that it too has found compromised computers on its network.

A brief statement on its Security Response Center blog states that a small number of computers—with machines in the Mac Business Unit mentioned explicitly—were compromised using techniques "similar" to those documented by other victims, implying, but not outright stating, that the attack vector was a Java exploit placed on a popular iOS development site.

Microsoft says that no customer data was exposed, and it is continuing to investigate.

Read on Ars Technica | Comments

APT1: Additional Comment Crew Indicators of Compromise

Mandiant recently released a document containing indicators of compromise (IOCs) related to multiple espionage campaigns by a group known as the Comment Crew. Symantec has been actively tracking this group for six years while maintaining our own database of indicators. From our investigations we have collected thousands of indicators related to Comment Crew.

To help increase public awareness, we have decided to release hundreds of additional Comment Crew indicators to those already released. These are indicators that have been seen within the past year.

Symantec products already protect against the artifacts related to these indicators and many of these artifacts have already been shared with the security community.

You can find these indicators in the following paper: Comment Crew Indicators of Compromise.

Update [February 25, 2013] – Paper now also includes list of associated MD5 hashes.

HTC “failed to employ reasonable security” on Android, says FTC

On Friday, the Federal Trade Commission (FTC) announced that it had reached a settlement (PDF) with HTC over notable security holes on its millions of tablets and Android handsets. HTC has now agreed to provide a patch within 30 days and be subject to a security review for the next 20 years.

“Because of the potential exposure of sensitive information and sensitive device functionality through the security vulnerabilities in HTC mobile devices, consumers are at risk of financial and physical injury and other harm,” the agency wrote in its complaint (PDF).

The agency also alleged that HTC’s user manuals “contained deceptive representations." The FTC said that the Tell HTC application, which lets users report errors to HTC, does not actually allow users to opt out of sharing their location, despite a displayed option to do so.

Read 2 remaining paragraphs | Comments