CYBERSECURITY
PATCH NOW: NTP vulns remotely exploitable. Sploits in wild already. The network time protocol (NTP) is badly vulnerable (again). Time to get patching (again). Read more
[COMPUTERWORLD.COM]
PRIVACY: Half of online Americans don’t know what a privacy policy is. Federal agencies are required by law to use privacy policies on their digital properties that explain how they use the data they collect about users and visitors. This ensures that these users and visitors know what the government is doing with their data. The problem, according to Pew Research, is that half of these users don’t know what a privacy policy is. Read more
[DIGITALGOV.GOV]
NETWORK SECURITY: Two-factor authentication oversight led to JPMorgan breach. The attackers stole an employee’s access credentials and used them to access a server that lacked a stronger authentication mechanism, report says. Read more
[COMPUTERWORLD.COM]
WEBCAM HACKS: RATs (Remote Access Tools) are software that allow a third party to spy on a computer user from afar, whether rifling through messages and browsing activity, photographing the computer screen, or in many cases hijacking the webcam and taking photographs of whomever is on the other side. Are you safe? Read more
[NEXTGOV.COM]
MEDICAL DEVICES: NIST Cybersecurity Center Invites Feedback on Securing Medical Devices. Hospitals are increasingly using networked technology to improve the accuracy and efficiency of medical care by connecting medical devices to a central system. A networked infusion pump—a device used to convey fluids, drugs and nutrients into a patient’s bloodstream—can allow centralized control of the device’s programming as well as automated cross checks against pharmacy records and patient data to ensure the right dose of fluids or medication are delivered at the right time to the right patient. But these connected devices can introduce new risks in safety and security compared with stand-alone devices. To address the cybersecurity challenges of wireless infusion pumps, the National Cybersecurity Center of Excellence (NCCoE) is inviting comments on a draft project to secure those devices. The challenges include vulnerabilities to malware or hacking and access control. Read more
[NIST.GOV]
==========
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.
==========