http://rusecure.rutgers.edu General IPS News daily 1 2007-02-09T16:21:26Z http://rusecure.rutgers.edu/articles/general/2008/trend-micros-first-line-of-defense-july All about Social Engineering: Manipulation, How to Combat, and the Social Engineering Calendar No publisher mcoyle 2008-07-15T20:30:49Z Link http://rusecure.rutgers.edu/articles/general/2008/web-browser-attacks-monthly-security-tips-newsletter-july-2008 Traditionally, browser-based attacks originated from “bad” websites but due to poor security coding of web applications or vulnerabilities in the software supporting web sites, attackers have recently been successful in compromising large numbers of trusted web sites to deliver malicious payloads to unsuspecting visitors. Hackers add scripts that do not change the website's appearance but redirect you to another site to cause malicious programs to be downloaded. Learn more... No publisher mcoyle 2008-07-09T19:37:23Z Page http://rusecure.rutgers.edu/articles/tech/2008/data-encryption-product-available The Office of Information Technology has purchased McAfee Endpoint Encryption (formerly Safeboot Encryption) for the protection of critical data. No publisher binde 2008-07-08T22:57:39Z Page http://rusecure.rutgers.edu/articles/general/2008/verizons-data-breach-report-a-closer-look-at-breach-sources Part 3 with links to Parts 1 and 2: Breach Size and Source. This is an elaboration on the implications of specific points from the report (with a link to the report). No publisher mcoyle 2008-07-08T19:19:25Z Link http://rusecure.rutgers.edu/articles/general/2008/how-to-manage-mobilitys-top-challenges There have been big gains from increased employee mobility, but they also create challenges. Read about the most proven ways IT organizations have used to overcome the challenges of employee mobility. No publisher mcoyle 2008-07-08T14:47:28Z Link http://rusecure.rutgers.edu/articles/general/2008/risk-assessment-frameworks-easy-to-employ The concept of a risk assessment framework, let alone a risk assessment itself, might seem beyond the requirements of a (university department) midmarket company. But the concept of evaluating risk is at the heart of IT security for (departments) companies of any size. And any (university department) midmarket organization interested in protecting its information assets -- which today is every (department) company -- needs to have some sort of risk assessment, even if it's just a bare-bones framework molded and distilled down for a small staff. No publisher mcoyle 2008-07-07T18:07:03Z Link http://rusecure.rutgers.edu/articles/general/2008/10-reasons-why-your-laptop-is-at-risk-1 You’ve heard the stories about a stolen or lost laptop putting the personal data of hundreds or even thousands of people at risk. You know that mobile systems are a breeding ground for worms and viruses. You know you should take precautions so that bad luck or carelessness doesn’t put the identity of others in the wrong hands—and your company’s good name in the mud. But where to start? Here are 10 reasons why your company’s laptops are at risk, and 10 ways to close the gaps from eWeek.com. No publisher mcoyle 2008-06-30T15:14:42Z Link http://rusecure.rutgers.edu/articles/general/2008/trend-micro-trend-setter-newsletter-june-2008 What students should know about social networking as they set off to college; Online safety tips...for Dad!; British banking puts credit card fraud victims on the hook for losses...is the US next? No publisher mcoyle 2008-06-17T18:08:50Z Link http://rusecure.rutgers.edu/articles/general/2008/monthly-security-tips-what-is-a-data-breach Organizations (the university) and individuals have the responsibility of protecting the information in their care and proper safekeeping of this data is vital. Failure to do so can result not only in a breach, but also result in damage to reputation, significant fines or loss of revenue, and other negative consequences. No publisher mcoyle 2008-06-17T18:00:14Z Page http://rusecure.rutgers.edu/articles/general/2008/phishers-target-your-tax-dollars A new phishing scam is targeting debit-card accounts used to deliver government benefits payments in 15 states. E-mails, phone text messages and so-called vishing voice-mail messages ask recipients to confirm or update EPPICard account data, directing them to a phony Web site. Once the scammers have gathered the account information, they can drain money from the benefits account. EPPICard is a magnetic-stripe debit card branded by MasterCard or Visa to access benefits accounts. The cards are used by Florida, Georgia, Illinois, Indiana, Mississippi, Nevada, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Texas, Utah and Virginia. Each state uses the card to deliver the types of benefits payments it chooses. When a payment has been credited to the account, the holder uses the debit card for purchases and the payment is deducted from the account. Holders also can get cash back from a purchase and withdraw cash at banks and automated teller machines. No publisher mcoyle 2008-06-05T17:33:53Z Link http://rusecure.rutgers.edu/articles/general/2008/ouch-june-2008 SPAM celebrates its 30th birthday (yay??) Don't buy anything from a spammer; Don't click on any links in spam; and Don't be an unintentional spammer. Apple warns of phony iPods, Phishers target Apple iTunes Users...and more on malware, scams and hoaxes. No publisher mcoyle 2008-06-04T13:31:28Z Link http://rusecure.rutgers.edu/articles/general/2008/10-reasons-why-your-laptop-is-at-risk You’ve heard the stories about a stolen or lost laptop putting the personal data of hundreds or even thousands of people at risk. You know that mobile systems are a breeding ground for worms and viruses. You know you should take precautions so that bad luck or carelessness doesn’t put the identity of others in the wrong hands—and your company’s good name in the mud. But where to start? Here are 10 reasons why laptops are at risk, and 10 ways to close the gaps. No publisher mcoyle 2008-05-30T15:21:55Z Link http://rusecure.rutgers.edu/articles/general/2008/gartner-forecasts-the-next-big-threats According to Gartner the next big threats relate to social engineering, "Look for more attacks on social networks like the one where hackers infected Alicia Keys’s MySpace account and served up malware to its visitors -- Trojans posing as video codecs that redirected user searches to malicious sites, for instance. Those types of attacks are going to multiply,” Pescatore says. "Socially acceptable social networking at work will also open the door for what Gartner calls desktop utility app attacks, or widget/gadget attacks. These are the applets that MySpace and Facebook let users create and share with their friends, everything from a widget to a virtual cocktail, for instance, all of which would be infected or used maliciously -- exploiting the trust of the social network in order to spread." "The goal is to get users to unwittingly carry that malware back to their enterprises and provide an opening to the attacker there, for example, according to Pescatore." No publisher mcoyle 2008-05-30T13:15:03Z Link http://rusecure.rutgers.edu/articles/general/2008/how-to-buy-the-right-laptop-pc-for-your-needs What's a clueless PC buyer to do? Computer makers try to make it easier for non-geeks to choose what's best. Consider using a shopping checklist and a help guide for getting the right fit. No publisher mcoyle 2008-05-29T13:09:07Z Link http://rusecure.rutgers.edu/articles/general/2008/thieves-troll-for-execs-with-new-tax-court-phish-scam Security researchers and the U.S. government Friday warned of on-going targeted phishing attacks posing as overdue tax notices from federal courts. No publisher mcoyle 2008-05-27T15:40:03Z Link