News in Brief

Malware warning, good and bad news on contracting, and more

gloved hands

US-CERT warns of malware for firms with remote desktop access

In a July 31 advisory, the U.S. government's computer security watchdog warned that businesses are vulnerable to malware being used to extract consumer payment data.

Suspects are hacking into companies that use remote desktop access and then deploying the point-of-sale (POS) malware known as Backoff, said the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

As of July 31, antivirus vendors were mostly unable to detect variants of Backoff, but that will soon change, according to US-CERT. Those vendors will "quickly begin detecting the existing variants, [so it is] important to maintain up-to-date AV signatures and engines as new threats such as this are continually being added to your AV solution," the advisory states.

US-CERT recommends a slew of remedial actions that companies can take to guard against the malware, including limiting the number of users who can log in using a remote desktop program.

"The lessons to learn from the latest retailer breaches are: Don't expose critical systems such as POS devices to the Internet, especially if you are running [Microsoft] Remote Desktop or similar," said Jaime Blasco, director of AlienVault Labs, in a statement.

Small-business contracting on target

Federal agencies hit the government's small-business contracting goal for the first time in eight years in fiscal 2013, according to the Small Business Administration.

SBA's latest study of small-business contracting shows that federal agencies awarded 23.39 percent of federal contracts to small businesses last year, totaling $83.1 billion. The federal government aims to award 23 percent of its contracts to small businesses but has fallen short for almost a decade.

SBA said performance in four out of five of the small-business prime-contracting categories showed significant improvement, with increases in performance against statutory goals.

The Small Business Procurement Scorecard provides an assessment of each agency's achievement against its goal, with 20 agencies receiving an A or A-plus. Overall, the federal government received an A.

GAO: Grants and loans get lost in the shuffle

Although federal agencies are dutifully reporting their required contract expenditures on the website set up by the Office of Management and Budget to gather data on annual spending, they're not adequately reporting billions of dollars distributed through grants and loans, according to a Government Accountability Office study.

Those grants and loans totaled more than $600 billion in fiscal 2012. Auditors said 33 of 37 agencies with a budget authority of at least $400 million reported at least one contract. The remaining four claimed exemptions from reporting, such as the use of non-appropriated funds, GAO said. OMB's guidance on the issue is not clear on whether such exemptions are appropriate, according to the report.

"Few awards on the website contained information that was fully consistent with agency records," the report states. GAO estimated that only 2 percent to 7 percent of the awards contained information that was fully consistent with agencies' records for all 21 data elements auditors examined.

GAO recommended that OMB clarify guidance on reporting award information and maintaining supporting records, and on developing and implementing oversight processes to ensure that award data is consistent with agency records.

Pentagon comes up short on innovation, says report

The Defense Business Board, a private-sector advisory group, said the Defense Department could do a lot better at innovating.

In a recent report titled "Innovation: Attracting and Retaining the Best of the Private Sector," the board said the acquisition process was riddled with barriers to entry, reported Washington Technology, an FCW sister publication.

Among the report's recommendations is that the Pentagon focus on output-based performance rather than input-based design requirements to help prevent the quality of projects from dropping along with agency budgets.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1986, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Mon, Aug 4, 2014

"The lessons to learn from the latest retailer breaches are: Don't expose critical systems such as POS devices to the Internet, especially if you are running [Microsoft] Remote Desktop or similar," said Jaime Blasco, director of AlienVault Labs, in a statement.

Kind of hard to avoid Remote Desktop when most places do not have a true computer nerd running herd on the computers and use the default, microsoft approved, AUTO-UPDATE feature which installs the remote desktop software. I keep trying to avoid downloading/turning it on, but microsoft (if my memory is correct) has changed the title of the update from remote desktop to something like 'important windows update', making it seem like it is fixing another 'feature' (bug) that is no longer hidden, which means I have to go look at all the hidden blurbs that use to be out in the open.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group