NEWS: All Operating Systems Are Susceptible to This WiFi Attack. With so many consumers relying on mobile devices these days, it is no surprise criminals continue to look for new ways to take advantage. A new exploit recently uncovered by researchers shows how assailants can read WiFi-based traffic between devices. Around 41% of all current Android devices are susceptible to such an exploit. This issue goes well beyond mobile devices, although Linux-based devices are most prone to attack. Read more
APPLE: Operating Systems Vulnerable to Password Theft. Apple released a new macOS operating system Monday, but already security experts are saying it is vulnerable to a zero-day exploit that puts users’ passwords at risk. Read the rest
DHS: Mandates New Security Standards for Federal Networks. The Department of Homeland Security is requiring agencies to use new email and web security guidelines that address man-in-the-middle attacks. A binding operational directive from DHS gives federal agencies 90 days to implement a pair of tools, Domain-based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to prevent email spoofing and provide data on where a forgery may have originated. STARTTLS helps protect against passive man-in-the-middle attacks by allowing for email encryption while data is in transit. The directive also requires agencies to switch all publicly accessible federal websites to HTTPS and HSTS-secure connections within 120 days. Doing so could potentially eliminate a large swath of security flaws that affect most federal government websites. Find out more
MICROSOFT: Has Already Fixed the Wi-Fi Attack Vulnerability. Microsoft says it has already fixed the problem for customers running supported versions of Windows. “We have released a security update to address this issue,” says a Microsoft spokesperson in a statement to The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.” Microsoft says the Windows updates released on October 10th protect customers, and the company “withheld disclosure until other vendors could develop and release updates.” Find out more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems September 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-september-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.