News in Brief

Malware warning, good and bad news on contracting, and more

gloved hands

US-CERT warns of malware for firms with remote desktop access

In a July 31 advisory, the U.S. government's computer security watchdog warned that businesses are vulnerable to malware being used to extract consumer payment data.

Suspects are hacking into companies that use remote desktop access and then deploying the point-of-sale (POS) malware known as Backoff, said the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

As of July 31, antivirus vendors were mostly unable to detect variants of Backoff, but that will soon change, according to US-CERT. Those vendors will "quickly begin detecting the existing variants, [so it is] important to maintain up-to-date AV signatures and engines as new threats such as this are continually being added to your AV solution," the advisory states.

US-CERT recommends a slew of remedial actions that companies can take to guard against the malware, including limiting the number of users who can log in using a remote desktop program.

"The lessons to learn from the latest retailer breaches are: Don't expose critical systems such as POS devices to the Internet, especially if you are running [Microsoft] Remote Desktop or similar," said Jaime Blasco, director of AlienVault Labs, in a statement.

Small-business contracting on target

Federal agencies hit the government's small-business contracting goal for the first time in eight years in fiscal 2013, according to the Small Business Administration.

SBA's latest study of small-business contracting shows that federal agencies awarded 23.39 percent of federal contracts to small businesses last year, totaling $83.1 billion. The federal government aims to award 23 percent of its contracts to small businesses but has fallen short for almost a decade.

SBA said performance in four out of five of the small-business prime-contracting categories showed significant improvement, with increases in performance against statutory goals.

The Small Business Procurement Scorecard provides an assessment of each agency's achievement against its goal, with 20 agencies receiving an A or A-plus. Overall, the federal government received an A.

GAO: Grants and loans get lost in the shuffle

Although federal agencies are dutifully reporting their required contract expenditures on the website set up by the Office of Management and Budget to gather data on annual spending, they're not adequately reporting billions of dollars distributed through grants and loans, according to a Government Accountability Office study.

Those grants and loans totaled more than $600 billion in fiscal 2012. Auditors said 33 of 37 agencies with a budget authority of at least $400 million reported at least one contract. The remaining four claimed exemptions from reporting, such as the use of non-appropriated funds, GAO said. OMB's guidance on the issue is not clear on whether such exemptions are appropriate, according to the report.

"Few awards on the website contained information that was fully consistent with agency records," the report states. GAO estimated that only 2 percent to 7 percent of the awards contained information that was fully consistent with agencies' records for all 21 data elements auditors examined.

GAO recommended that OMB clarify guidance on reporting award information and maintaining supporting records, and on developing and implementing oversight processes to ensure that award data is consistent with agency records.

Pentagon comes up short on innovation, says report

The Defense Business Board, a private-sector advisory group, said the Defense Department could do a lot better at innovating.

In a recent report titled "Innovation: Attracting and Retaining the Best of the Private Sector," the board said the acquisition process was riddled with barriers to entry, reported Washington Technology, an FCW sister publication.

Among the report's recommendations is that the Pentagon focus on output-based performance rather than input-based design requirements to help prevent the quality of projects from dropping along with agency budgets.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Mon, Aug 4, 2014

"The lessons to learn from the latest retailer breaches are: Don't expose critical systems such as POS devices to the Internet, especially if you are running [Microsoft] Remote Desktop or similar," said Jaime Blasco, director of AlienVault Labs, in a statement.

Kind of hard to avoid Remote Desktop when most places do not have a true computer nerd running herd on the computers and use the default, microsoft approved, AUTO-UPDATE feature which installs the remote desktop software. I keep trying to avoid downloading/turning it on, but microsoft (if my memory is correct) has changed the title of the update from remote desktop to something like 'important windows update', making it seem like it is fixing another 'feature' (bug) that is no longer hidden, which means I have to go look at all the hidden blurbs that use to be out in the open.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group