Researchers have discovered a database server hosting the stolen credentials of 44 million accounts belonging to at least 18 gaming websites.

The accounts were being validated by a trojan  distributed to compromised computers.The malware was developed to log into the database and download a group of usernames and passwords to check them for validity. The trojan-based validation allows attackers to check the accounts more quickly than trying to manually log into the accounts. If the trojan successfully logs into an account, it will update the database with the time it logged in and the current game level of the account.

Gaming account credentials can be valuable if the accounts are valid. This is because the assets that a player accumulates in the games, such as weapons and armor, are worth real-world dollars. The market value of online gaming accounts can range from less than $10 to several thousand dollars, depending on how advanced an account is.

The database contains 16 million stolen account credentials for Wayi Entertainment, two million for Play NC, 210, 000 for World of Warcraft, and 60,000 for Aion.

Ref: http://www.scmagazineus.com/44-million-stolen-gaming-credentials-discovered/article/171128/

A laptop with information on almost 200,000 current and former Hewlett-Packard employees was stolen putting them at risk of identity fraud.

The stolen computer belongs to Fidelity Investments, which provides services to HP was being used by several in an off-site location.

The portable PC contains information on 196,000 current and former HP employees including names, addresses, Social Security numbers, dates of birth and other employment-related information.

The HP incident is the latest in a string of data security breaches. In the last 13 months, more than 53 million personal records have been exposed in dozens of incidents.Few months ago McAfee reported that an external auditor lost a CD with information on thousands of current and former employees.

Ref: http://news.cnet.com/Laptop-with-HP-employee-data-stolen/2100-7348_3-6052964.html

An external auditor lost a CD with information on thousands of current and former McAfee employees, putting them at risk of identity fraud.

The disc contained personal details on all current U.S. and Canadian McAfee workers hired prior to April 2005 and on about 6,000 former employees in the same region. The information wasn't encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee.

McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax.

Ref: http://news.cnet.com/Auditor-loses-McAfee-employee-data/2100-1029_3-6042544.html?tag=mncol

Security researchers warn of new email spam campaigns that are masquerading as official Twitter messages that link to malicious websites. Some of these attacks direct users to phishing pages, while others to websites pushing computer trojans or scareware.

One of the spam messages claims the email address associated with the user's Twitter account was changed, an action, which requires confirmation by visiting a special URL. The link included in the offending email directs users to a phishing site that tries to steal their Twitter login credentials.

The second attack masquerades as a security alert regarding an alleged Twitter password theft attempt. The email recommends that the user installs a so-called “secure module” that can be downloaded as a .zip archive from a link included in the message. The archive actually contains a computer trojan  whose purpose is to install a scareware program.

The trojan drops several components into the Windows Temp folder, starts when any executable file on the system is opened, disables the Windows task manager and pops up fake security alerts. The fake antivirus program downloaded and installed by this malware is called “Protection Center.”

Even online pharmacy spammers have started using this Twitter-style email template to advertise unregulated pills.

Ref: http://news.softpedia.com/news/Flurry-of-New-Email-Based-Attacks-Impersonate-Twitter-144216.shtml

Hackers in Miami targeted an electric billboard placing the slogan “No Latinos No Tacos” on a flashing construction sign on a major roadway in south Florida.

The sign was supposed to be displaying a message warning drivers that the coming exit was closed to traffic.

Officials attempted to change the text on the sign back to its intended message, but were unable to do so and were forced to simply turn off the sign. They said the signs are password protected, but that generally does little to stop hackers intent on changing them.

Ref: http://www.nbcmiami.com/news/local-beat/Road-Rage-Hackers-Say-No-Latinos-on-Highway-Sign-94810499.html