News in Brief

E-invoice mandate, Flash malware spike and more

OMB mandates electronic invoicing

The Office of Management and Budget has ordered agencies to convert to an all-electronic invoicing system by using a federal shared service provider or an OMB-approved e-invoice system.

An OMB memo sent last week to chief financial officers, chief acquisition officers, senior procurement executives and other officials gives agencies until the end of fiscal 2018 to comply.

Federal News Radio reported that the White House will not approve any agency budget requests to build their own stand-alone systems.

Cisco security report fingers Flash

Cisco's Midyear Security Report revealed a huge spike in Adobe Flash-based malware attacks and said organizations aren't detecting threats fast enough.

"Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness," said Jason Brvenik, principal engineer in Cisco's Security Business Group. "A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days."

Key findings in the report include:

  • Angler is one of the most sophisticated and widely used exploit kits because of its innovative use of Flash, Java, Internet Explorer and Silverlight vulnerabilities. It also excels at evading detection by using domain shadowing, accounting for the lion's share of domain shadowing activity.
  • Exploits of Adobe Flash vulnerabilities, which are integrated into Angler and the Nuclear exploit pack, are on the rise due to the lack of automated patching and consumers' failure to update immediately. In the first half of 2015, the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposures system increased 66 percent over the number reported in all of 2014. At this rate, Flash is on pace to set an all-time record for the number of CVEs reported in 2015.
  • Ransomware remains highly lucrative for hackers as they continue to release new variants that are completely automated and carried out through the Dark Web. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as bitcoin.
  • The creators of the quickly mutating Dridex campaigns have a sophisticated ability to evade security measures. As part of their tactics, attackers rapidly change email messages' content, user agents, attachments or referrers and launch new campaigns, thereby forcing antivirus systems to detect them anew.

Army Research Lab to team up with outside groups

The Army Research Laboratory said it plans to sign a research agreement this week with several organizations.

Those organizations include Northeastern Maryland Technology Council, Northeastern Maryland University Research Park, Susquehanna Workforce Network and University Center. The agreement will give ARL access to researchers who have worked on science and technology for defense purposes.

Air Force, DLA move to Office 365

The Air Force and the Defense Logistics Agency are headed to the cloud with the award of the Collaboration Pathfinder contract to a team led by Dell, GCN reports.

Along with Microsoft and General Dynamics, Dell will provide a tailored version of Microsoft Office 365 and cloud-based services that include email, instant messaging, desktop voice/video communications, productivity and user storage capabilities.

Meanwhile, Defense Systems reports that as part of the service's plan to move nearly all its IT operations to the cloud, the Air Force Lifecycle Management Center at Hanscom Air Force Base in Bedford, Mass., has issued a request for information for input from vendors on a commoditized cloud infrastructure that could provide standardized, pay-as-you-go cloud services regardless of whether they are acquired on premises or off.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.