THREAT INTELLIGENCE: You Break It, They Buy It: Economics, Motivations Behind Bug Bounty Hunting. Some bug hunters make 16 times the median salary of software engineers in their home countries. As the momentum grows in both the private and public sector for crowdsourced bug bounty programs, freelance security researchers are increasingly finding their profession for finding software vulnerabilities turning into a lucrative career opportunity in its own right. Read more
NEXT-GEN: Using Search Engines as Penetration Testing Tools. Search engines are a treasure trove of valuable sensitive information, which hackers can use for their cyber-attacks. Good news: so can penetration testers. From a penetration tester’s point of view, all search engines can be largely divided into pen test-specific and commonly-used. Learn how ethical hackers use three search engines as penetration testing tools: Google (the commonly-used) and two pen test-specific ones: Shodan and Censys. Read more
DATA BREACH: ‘Hacking Incident’ Impacts Nearly 280,000 Medicaid Patients. A health data breach reported to federal regulators as a “hacking/IT incident” impacting nearly 280,000 Medicaid patients in Oklahoma has experts wondering exactly what happened. Read more.
FEDERAL GOVERNMENT: The Pentagon Opened Up to Hackers—And Fixed Thousands of Bugs. The United States government doesn’t get along with hackers. That’s just how it is. Hacking protected systems, even to reveal their weaknesses, is illegal under the Computer Fraud and Abuse Act, and the Department of Justice has repeatedly made it clear that it will enforce the law. In the last 18 months, though, a new Department of Defense project called “Hack the Pentagon” has offered real glimmers of hope that these prejudices could change. Find out more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems December 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-december-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.