News in Brief

Malware warning, good and bad news on contracting, and more

gloved hands

US-CERT warns of malware for firms with remote desktop access

In a July 31 advisory, the U.S. government's computer security watchdog warned that businesses are vulnerable to malware being used to extract consumer payment data.

Suspects are hacking into companies that use remote desktop access and then deploying the point-of-sale (POS) malware known as Backoff, said the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

As of July 31, antivirus vendors were mostly unable to detect variants of Backoff, but that will soon change, according to US-CERT. Those vendors will "quickly begin detecting the existing variants, [so it is] important to maintain up-to-date AV signatures and engines as new threats such as this are continually being added to your AV solution," the advisory states.

US-CERT recommends a slew of remedial actions that companies can take to guard against the malware, including limiting the number of users who can log in using a remote desktop program.

"The lessons to learn from the latest retailer breaches are: Don't expose critical systems such as POS devices to the Internet, especially if you are running [Microsoft] Remote Desktop or similar," said Jaime Blasco, director of AlienVault Labs, in a statement.

Small-business contracting on target

Federal agencies hit the government's small-business contracting goal for the first time in eight years in fiscal 2013, according to the Small Business Administration.

SBA's latest study of small-business contracting shows that federal agencies awarded 23.39 percent of federal contracts to small businesses last year, totaling $83.1 billion. The federal government aims to award 23 percent of its contracts to small businesses but has fallen short for almost a decade.

SBA said performance in four out of five of the small-business prime-contracting categories showed significant improvement, with increases in performance against statutory goals.

The Small Business Procurement Scorecard provides an assessment of each agency's achievement against its goal, with 20 agencies receiving an A or A-plus. Overall, the federal government received an A.

GAO: Grants and loans get lost in the shuffle

Although federal agencies are dutifully reporting their required contract expenditures on the website set up by the Office of Management and Budget to gather data on annual spending, they're not adequately reporting billions of dollars distributed through grants and loans, according to a Government Accountability Office study.

Those grants and loans totaled more than $600 billion in fiscal 2012. Auditors said 33 of 37 agencies with a budget authority of at least $400 million reported at least one contract. The remaining four claimed exemptions from reporting, such as the use of non-appropriated funds, GAO said. OMB's guidance on the issue is not clear on whether such exemptions are appropriate, according to the report.

"Few awards on the website contained information that was fully consistent with agency records," the report states. GAO estimated that only 2 percent to 7 percent of the awards contained information that was fully consistent with agencies' records for all 21 data elements auditors examined.

GAO recommended that OMB clarify guidance on reporting award information and maintaining supporting records, and on developing and implementing oversight processes to ensure that award data is consistent with agency records.

Pentagon comes up short on innovation, says report

The Defense Business Board, a private-sector advisory group, said the Defense Department could do a lot better at innovating.

In a recent report titled "Innovation: Attracting and Retaining the Best of the Private Sector," the board said the acquisition process was riddled with barriers to entry, reported Washington Technology, an FCW sister publication.

Among the report's recommendations is that the Pentagon focus on output-based performance rather than input-based design requirements to help prevent the quality of projects from dropping along with agency budgets.

About the Author

Connect with the FCW staff on Twitter @FCWnow.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.