PATCHES: Microsoft Acknowledges Permission Problems with MS16-072 Patches. The patches all aimed at fixing Group Policy, but in the end they break Group Policy. Problems are being reported with the MS16-072/KB 3163622 patch. Admins are saying it breaks some Group Policy settings: drives appear on domain systems that should be hidden, mapping drives don’t work, and other typical GPO settings aren’t getting applied. Read more
DOD: Bug Bounty Hunters Discover Over 100 Security Flaws During DOD Contest. Participants in the first-ever “Hack the Pentagon” bug bounty contest found more than 100 vulnerabilities in the Defense Department’s computer systems. The program, the first-ever of its kind offered by the federal government, invited hackers to test the cybersecurity of some public U.S. Department of Defense websites. A total of 1,400 certified hackers participated in the contest. Read the rest
FEDERAL: Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP). Well-intended DHS program suffers from a lack of relevant features, internal mismanagement, and few actual users. Find out more
INDUSTRY INSIGHT: Extending Cybersecurity to Fraud Analytics. Information security leaders often defend against cyber threats by focusing on traditional IT tools and techniques — firewalls, intrusion detection and prevention systems, malware detection and analysis and the like. As organizations have locked down systems with more sophisticated defense-in-depth technical controls, adversaries have evolved to take advantage of information systems by impersonating regular users. While there are some similarities between cybersecurity and fraud, traditional cybersecurity monitoring and analytics must evolve in order to identify the fraudulent use of IT systems that may otherwise go unnoticed. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems May 2016 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-may-2016.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.