News in Brief

Malware warning, good and bad news on contracting, and more

gloved hands

US-CERT warns of malware for firms with remote desktop access

In a July 31 advisory, the U.S. government's computer security watchdog warned that businesses are vulnerable to malware being used to extract consumer payment data.

Suspects are hacking into companies that use remote desktop access and then deploying the point-of-sale (POS) malware known as Backoff, said the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

As of July 31, antivirus vendors were mostly unable to detect variants of Backoff, but that will soon change, according to US-CERT. Those vendors will "quickly begin detecting the existing variants, [so it is] important to maintain up-to-date AV signatures and engines as new threats such as this are continually being added to your AV solution," the advisory states.

US-CERT recommends a slew of remedial actions that companies can take to guard against the malware, including limiting the number of users who can log in using a remote desktop program.

"The lessons to learn from the latest retailer breaches are: Don't expose critical systems such as POS devices to the Internet, especially if you are running [Microsoft] Remote Desktop or similar," said Jaime Blasco, director of AlienVault Labs, in a statement.

Small-business contracting on target

Federal agencies hit the government's small-business contracting goal for the first time in eight years in fiscal 2013, according to the Small Business Administration.

SBA's latest study of small-business contracting shows that federal agencies awarded 23.39 percent of federal contracts to small businesses last year, totaling $83.1 billion. The federal government aims to award 23 percent of its contracts to small businesses but has fallen short for almost a decade.

SBA said performance in four out of five of the small-business prime-contracting categories showed significant improvement, with increases in performance against statutory goals.

The Small Business Procurement Scorecard provides an assessment of each agency's achievement against its goal, with 20 agencies receiving an A or A-plus. Overall, the federal government received an A.

GAO: Grants and loans get lost in the shuffle

Although federal agencies are dutifully reporting their required contract expenditures on the website set up by the Office of Management and Budget to gather data on annual spending, they're not adequately reporting billions of dollars distributed through grants and loans, according to a Government Accountability Office study.

Those grants and loans totaled more than $600 billion in fiscal 2012. Auditors said 33 of 37 agencies with a budget authority of at least $400 million reported at least one contract. The remaining four claimed exemptions from reporting, such as the use of non-appropriated funds, GAO said. OMB's guidance on the issue is not clear on whether such exemptions are appropriate, according to the report.

"Few awards on the website contained information that was fully consistent with agency records," the report states. GAO estimated that only 2 percent to 7 percent of the awards contained information that was fully consistent with agencies' records for all 21 data elements auditors examined.

GAO recommended that OMB clarify guidance on reporting award information and maintaining supporting records, and on developing and implementing oversight processes to ensure that award data is consistent with agency records.

Pentagon comes up short on innovation, says report

The Defense Business Board, a private-sector advisory group, said the Defense Department could do a lot better at innovating.

In a recent report titled "Innovation: Attracting and Retaining the Best of the Private Sector," the board said the acquisition process was riddled with barriers to entry, reported Washington Technology, an FCW sister publication.

Among the report's recommendations is that the Pentagon focus on output-based performance rather than input-based design requirements to help prevent the quality of projects from dropping along with agency budgets.

About the Author

Connect with the FCW staff on Twitter @FCWnow.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.