The United States Office of Personnel Management last week urged agencies to prepare to allow federal employees to telework -- that is, work remotely.This came on the heels of the Department of Homeland Security closing its facilities in Washington state, after learning an employee had visited the Life Care facility in the city of Kirkland, which is ground zero for the state's COVID-19 outbreak.

We're only two months into a new year and already hundreds of millions of personal records have been compromised, including 123 million records from sporting retailer Decathlon and another 10.6 million records from MGM Resorts hotels. These announcements followed fuel and convenience chain Wawa's revelation that it was the victim of a nine-month-long breach of its payment card systems.

Two things are happening simultaneously: The RSA Security Conference is in full swing and so is COVID-19. It's a strange juxtaposition. There is geographic proximity in that the conference is going on undeterred just a few blocks from where the mayor declared a state of emergency, during the event, due to the ongoing spread of the virus. There's also topical alignment.

After several years of building and testing previews, Microsoft has announced the general availability of its Azure Sphere secure IoT service. Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect Internet of Things devices.

There's a major myth about "going paperless." A paperless office doesn't mean that paper is outright banned. There likely will be a need for physical paper in business for a long time, so don't throw out your printer just yet. Rather, being paperless means being able to embrace a shift from traditional paperwork processes to those that take advantage of documents that can be in a digital state.

Eclypsium has released research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers. Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

Ransomware hit at least 966 U.S. government agencies, educational establishments and healthcare providers in 2019, at a cost possibly exceeding $7.5 billion. The victims included 113 state and municipal governments and agencies; 764 healthcare providers; and 89 universities, colleges and school districts. Operations at up to 1,233 individual schools potentially were affected.

For the second time since Windows 7 reached the end of support on Jan. 14, a bug is causing trouble for users still clinging to the operating system. The first bug, related to setting a wallpaper image, turned desktops black. This new bug prevents Windows 7 users from shutting down or rebooting their computers. Microsoft's Windows 7 support now is limited to eligible paid plans.

One of the old sayings is that there are "lies, damned lies and statistics," with the implication being you really can't trust most reported numbers. Still, we've often thought, at least with major vendors, that you could trust rankings. One current set of rankings involves cloud providers. The general impression was that Amazon was first, Microsoft second, and Google third.

A vulnerability in Philips Hue smart lightbulbs and their controller bridges could allow intruders to infiltrate networks with a remote exploit, Check Point Software Technologies has disclosed. The researchers notified the owner of the Philips Hue brand about the vulnerability in November, and it issued a patched firmware version through an automatic update.

There is a problem with the Internet of Things: It's incredibly insecure. This is not a problem that is inherent to the idea of smart devices. Wearables, smart houses, and fitness tracking apps can be made secure -- or at least more secure than they currently are. The problem, instead, is one that largely has been created by the companies that make IoT devices.

Cybersecurity and privacy threats aren't confined to the tech world. They've cast their pall on the world in general. Computer viruses, malware and data leaks have become commonplace, personal privacy has become a bad joke, and cyberwar looms like a virtual mushroom cloud. What sometimes gets lost in the gloom are the many ways security professionals have been working to shore up cyberdefenses.

The United States Congress made some significant progress this session when it comes to data privacy, but cybersecurity remains a blind spot for lawmakers. Congress currently is considering a national privacy law that mirrors legislation enacted in the European Union. It would allow people to access, correct and request the deletion of the personal information collected from them.

Sundar Pichai, CEO of Google and parent company Alphabet, called for government regulation of artificial intelligence technology in a speech at Bruegel, a think tank in Brussels, and in an op-ed. There is no question in Pichai's mind that AI should be regulated, he said. The question is what will be the best approach. Sensible regulation should balance potential harm with potential good.

Cybersecurity is a very serious issue for 2020 -- and the risks stretch far beyond the alarming spike in ransomware. In addition to the daily concerns of malware, stolen data and the cost of recovering from a business network intrusion, there is the very real danger of nefarious actors using cyberattacks to influence or directly impact the outcome of the 2020 U.S. general election.

After 10 years of fully supporting Windows 7, Microsoft ended its official support for the out-of-date Windows operating system on Tuesday. The popular classic Windows 7 OS still runs on some 200 million PCs around the globe, according to industry estimates. Users include small business owners, some larger companies, and hordes of consumers holding onto aging personal computers.

As most security pros know, application containers -- Docker, rkt, etc. -- and the orchestration elements employed to support them, such as Kubernetes, are used increasingly in many organizations. Often the security organization isn't exactly the first stop on the path to deployment of these tools. If it was in your shop, consider yourself one of the lucky ones.

Arduino announced a new low-code Internet of Things application development platform at CES 2020 in Las Vegas. It also introduced the low-power Arduino Portenta H7 module, a new family of Portenta chips for a variety of hardware applications. Arduino has achieved prominence as a go-to developer of an innovation platform for connecting IoT products.

Ransomware tops the list of cybersecurity threats for 2020. While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes a success that encourages cyberthieves to try again. Ransomware attacks increased 18 percent in 2019, up from an average 12 percent increase over the past five years.

If you're turned off by the mere thought of talking heads vying to speak the loudest or the longest in a TV "discussion" of some pressing issue of the day, read on for a refreshing dose of sanity. ECT News Network recruited five smart people with plenty to say about the state of technology, and we gave them plenty of time to say it. The result is a far-ranging intercourse.

Amazon, Apple, Google and the Zigbee Alliance are teaming up on a new Internet Protocol-based standard for smart home device connectivity. Connected Home over IP will be an open source project. A working group will define a specific set of IP-based networking technologies for device certification. The goal is to enable communication across smart home devices, mobile apps and cloud services.

Cybersecurity incident response teams have choices when it comes to communication tools: Microsoft Teams, Slack, Zoom and numerous others. Some require a subscription or commercial license -- others are free. Some are niche tools specifically designed for incident response. Some are generic business communication tools that IR teams have adapted for use during a cybersecurity incident.

The technology one-upmanship between the United States and China is fast becoming the new space race. There's been a lot of talk in the press about the competition to reach 5G, but little traction outside of the tech community about something more momentous: the dangers of computing in a post-quantum world. The recent news from Google about its quantum capabilities is exciting.

If you're like most security pros, chances are you're starting to get frustrated with microservices a little -- or maybe a lot. Microservice architectures -- that is, architectures that leverage REST to build a number of small, distributed, modular components -- are powerful from a software architect's point of view. Want to make a change to a component quickly? Add new functionality?

Microsoft will end support for Windows 7 on Jan. 14, 2020. Windows 7 will continue to run on Jan. 14 as it did on Jan. 13. So why is it so important to upgrade to Windows 10? The answer: cybercrime. End of support means that Windows 7 no longer will receive the OS patches or security updates that keep your IT systems safe. Uusing an unpatched out-of-date system is like leaving the door wide open.

A few years ago, putting the words "mobile telecoms security" in the title of an article would be a license to write whatever you wanted below, because no one was likely to read any of the words after the title. Sprinkling the magic ingredient 5G has changed this, and "5G security" is a hot topic now. What has changed? There is a geopolitical aspect to 5G security, but it is not the full story.

Developers have patched a vulnerability in Sudo, a core command utility for Linux, that could allow a user to execute commands as a root user even if that root access was specifically disallowed. The patch prevents potential serious consequences within Linux systems. However, the Sudo vulnerability posed a threat only to a narrow segment of the Linux user base, according to Todd Miller, a maintainer of the open source Sudo project.

Online tech support scams have been on the rise for the past decade, as hackers found new ways to trick consumers into providing remote access to their computers in order to steal information. This tried-and-true scam currently relies on sophisticated social engineering, fueled by detailed user information that creates enough credibility to dupe even the most savvy and skeptical users.

Since the dawn of the Internet age, criminals have looked for ways to profit on unsuspecting people while they browse the Web. Viruses, malware and other schemes were invented to infect and infiltrate systems, both at the enterprise and consumer levels. One of the most successful forms of cybercrime is social engineering, also known as the con man of the Internet.

Stopping cyberattacks requires diligent behavior. One of the themes of this year's National Cyber Security Awareness Month, or NCSAM, is that all computer users should take steps to Secure IT. That means shaking up the passphrase protocol by using not just strong passwords but strong and unique passphrases. Everyone should double login protection through multifactor authentication.