60 days of hacker assaults, GSA will stop recruiting cloud security testers until the fall and more

By Ryan Kamauff

Here are the top cyber news and stories of the day.

• 60 Days of Hacker Assaults – The first 60 days of 2013 have been marked by some serious security breaches. Twitter, Apple and Facebook all were targeted, along with the State Department, Federal Reserve and US Department of Energy. One firm, Mandiant, “released a study focused on the activities of a Chinese hacker collective referred to as the “Comment Crew” or “Shanghai Group,” which sheds light on security risks to agencies with access to essential U.S. infrastructures such as electrical, gas and water distribution. The study also highlights the expansive nature of cybercrime and reinforces the need to protect public systems from unlawful invasions. ” Via Huffington Post, more here.
• Information security in the public sector: top security worries revealed – a recent survey of 277 people across public sector found some interesting results. Data loss was considered the greatest risk, but only because of embarrassment, rather than national security concerns, drove fears. “The research has shown that despite a greater understanding of security requirements, there is still a shortfall when it comes to dealing with third parties and social media. With the increasing reliance upon social media, as well as outsourcing and money saving within organisations, security can often take a back seat. This simply should not be the case.” Via The Guardian, more here.

• Mobile Malcoders Pay to (Google) Play – Google requires its developers to be tied to a real server and a real domain, this limits the ability of malware manufacturers to get verified Google Play accounts. One malware developer is looking to buy accounts and login’s for $100 on the grey market (a premium of $75 over their cost). Via Krebs on Security, more here.

• How Sequestration Impacts Federal IT Spending – “Office of Management and Budget deputy director Jeffrey Zients, in a report to Congress, said the $85 billion in government-wide cuts would translate into budget reductions from 2% in Medicare to 7.9% in non-exempt defense programs. Because the cuts must be squeezed into seven months, the percentages are actually higher.” Federal CIO Steven VanRoekel ‘warned that IT spending cuts could cause progress in federal IT implementation and reform to “stagnate” and negatively impact cybersecurity.’ Clearly IT cuts are coming and will damage the ability of the federal government to accomplish their missions. Via Information Week, more here.

• FedRAMP sets 3PAO privatization deadline – “

  The U.S. General Services Administration will stop accepting new and re-submitted applications for organizations applying to become Third Party Assessment Organizations for the Federal Risk and Authorization Management Program on March 25. Organizations that cannot meet the cutoff date or are denied can apply for accreditation to the private sector body after the transition period, GSA said.” Via FedScoop, more here.

• GSA will stop recruiting cloud security testers until the fall – “The government’s new program for certifying the safety of browser-based software will not be able to recruit additional testers until the fall, federal officials told Nextgov.” This certification enables government agencies to use approved vendors, saving up to $200,000 in certification and accreditation each contract. Via Nextgov, more here.

Original post