We're only two months into a new year and already hundreds of millions of personal records have been compromised, including 123 million records from sporting retailer Decathlon and another 10.6 million records from MGM Resorts hotels. These announcements followed fuel and convenience chain Wawa's revelation that it was the victim of a nine-month-long breach of its payment card systems.

Two things are happening simultaneously: The RSA Security Conference is in full swing and so is COVID-19. It's a strange juxtaposition. There is geographic proximity in that the conference is going on undeterred just a few blocks from where the mayor declared a state of emergency, during the event, due to the ongoing spread of the virus. There's also topical alignment.

Firefox users in the United States are getting an extra measure of privacy protection starting this week, the Mozilla Foundation announced. Firefox Desktop Product Development Vice President Selena Deckelmann heralded the rollout of encrypted DNS over HTTPS, or DoH, by default in Mozilla's browser. The DNS, or Domain Name System, is one of the oldest parts of the Internet.

After several years of building and testing previews, Microsoft has announced the general availability of its Azure Sphere secure IoT service. Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect Internet of Things devices.

With the introduction of the CCPA this year and GDPR in 2018, the age of data privacy has begun, bringing the opportunity for businesses to harness it to gain competitive advantage. There are both challenges and opportunities for those that aim to deliver superior CX while adhering to data privacy regulations. Data privacy protection concerns are driving new regulations around the world.

There's a major myth about "going paperless." A paperless office doesn't mean that paper is outright banned. There likely will be a need for physical paper in business for a long time, so don't throw out your printer just yet. Rather, being paperless means being able to embrace a shift from traditional paperwork processes to those that take advantage of documents that can be in a digital state.

Eclypsium has released research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers. Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

A new extortion scheme targets users of Google's AdSense program. The scam threatens to flood a website with bogus traffic until Google suspends the site's AdSense account, unless the owner pays $5,000 in bitcoin to stop the attack, security blogger Brian Krebs reported. The grifters appear to be exploiting a click-fraud crackdown Google launched last summer.

The American Civil Liberties Union has leveled criticisms against facial recognition tool developer Clearview for making misleading claims about the accuracy of its product. Clearview apparently has been telling law enforcement agencies that its technology underwent accuracy testing modeled on the ACLU's 2018 test of Amazon's Rekognition facial recognition tool.

Ransomware hit at least 966 U.S. government agencies, educational establishments and healthcare providers in 2019, at a cost possibly exceeding $7.5 billion. The victims included 113 state and municipal governments and agencies; 764 healthcare providers; and 89 universities, colleges and school districts. Operations at up to 1,233 individual schools potentially were affected.

For the second time since Windows 7 reached the end of support on Jan. 14, a bug is causing trouble for users still clinging to the operating system. The first bug, related to setting a wallpaper image, turned desktops black. This new bug prevents Windows 7 users from shutting down or rebooting their computers. Microsoft's Windows 7 support now is limited to eligible paid plans.

One of the old sayings is that there are "lies, damned lies and statistics," with the implication being you really can't trust most reported numbers. Still, we've often thought, at least with major vendors, that you could trust rankings. One current set of rankings involves cloud providers. The general impression was that Amazon was first, Microsoft second, and Google third.

A vulnerability in Philips Hue smart lightbulbs and their controller bridges could allow intruders to infiltrate networks with a remote exploit, Check Point Software Technologies has disclosed. The researchers notified the owner of the Philips Hue brand about the vulnerability in November, and it issued a patched firmware version through an automatic update.

Google misdirected a number of private videos that users of its Google Photos app intended to back up to Google Takeout, sending them instead to strangers' archives. The company emailed affected users to inform them that a technical issue caused the error. Google recommended that affected users back up their content again and delete their previous backup.

There is a problem with the Internet of Things: It's incredibly insecure. This is not a problem that is inherent to the idea of smart devices. Wearables, smart houses, and fitness tracking apps can be made secure -- or at least more secure than they currently are. The problem, instead, is one that largely has been created by the companies that make IoT devices.

We asked ECT News Network's roundtable of industry insiders to reflect on their own personal tech preferences, to speculate on what popular gadgets may vanish from use in the next decade, to consider the role of wearable health tools -- and then to expand the discussion to the health of the planet, tech advances in traveling on it, and the prospect of leaving it altogether.

The DoJ has filed complaints in two landmark cases calling for temporary restraining orders against five companies and three individuals alleged to have carried hundreds of millions of fraudulent robocalls to American consumers. "This is the first time the DoJ is taking legal action against anyone for facilitating fraudulent robocalls," said Liz Miller, principal analyst at Constellation Research.

The United States Department of Homeland Security last week released a report outlining its plans to combat online counterfeit product sellers. The value of counterfeit goods traded internationally rose from $200 billion in 2005 to $509 billion in 2016, according to DHS. Infringing goods valued at $1.4 billion were seized at U.S. borders in 2018, compared with $94 million worth in 2003.

All eyes are on the West Coast as California reins in the unfettered collection, use and sale of the personal data consumers share as part of the bargain for "free" online services. For years this bargain has been explained in privacy policies that few people read, because there is not a lot of negotiating in the personal data market. The CCPA gives consumers revolutionary rights.

A digital forensic analysis conducted by FTI Consulting concludes with "medium to high confidence" that Amazon CEO Jeff Bezos' smartphone was hacked through a malicious file sent from the WhatsApp account of Saudi Arabian crown prince Mohammed bin Salman. The malware was in an MP4 file attached to a WhatsApp message. UN special rapporteurs released technical elements of the report.

Cybersecurity and privacy threats aren't confined to the tech world. They've cast their pall on the world in general. Computer viruses, malware and data leaks have become commonplace, personal privacy has become a bad joke, and cyberwar looms like a virtual mushroom cloud. What sometimes gets lost in the gloom are the many ways security professionals have been working to shore up cyberdefenses.

Apple shelved plans to give iPhone users control over encrypted backups stored on the company's iCloud service over concerns raised by the FBI and internal sources, according to a report. The company made the decision to retain control over iCloud encryption around two years ago, but it came to light just recently. The plan would have removed Apple's ability to decrypt users' backups.

The United States Congress made some significant progress this session when it comes to data privacy, but cybersecurity remains a blind spot for lawmakers. Congress currently is considering a national privacy law that mirrors legislation enacted in the European Union. It would allow people to access, correct and request the deletion of the personal information collected from them.

Sundar Pichai, CEO of Google and parent company Alphabet, called for government regulation of artificial intelligence technology in a speech at Bruegel, a think tank in Brussels, and in an op-ed. There is no question in Pichai's mind that AI should be regulated, he said. The question is what will be the best approach. Sensible regulation should balance potential harm with potential good.

Cybersecurity is a very serious issue for 2020 -- and the risks stretch far beyond the alarming spike in ransomware. In addition to the daily concerns of malware, stolen data and the cost of recovering from a business network intrusion, there is the very real danger of nefarious actors using cyberattacks to influence or directly impact the outcome of the 2020 U.S. general election.

If you're a small business owner or a key member of an enterprise executive team, you want your firm to succeed. If you're a customer, you want to be treated well. Those goals are not diametrically opposed, but very often it seems that companies and customers are at cross-purposes. ECT News Network recently gathered together five technology experts who did some hard thinking on the subject.

The CCPA -- widely considered to be the toughest law in the U.S. regulating the collection, storage and use of personal information -- went into effect on Jan. 1. Rather than preparing for it, however, many businesses have taken a wait-and-see approach. This could be a serious mistake. The new law is similar in many respects to the EU's GDPR, which went into effect last spring.

Apple and the U.S. Justice Department are at it again. This time it's over cracking a brace of iPhones owned by the Saudi Air Force cadet who killed three sailors in a shooting spree last month at the naval air station in Pensacola, Florida. At a news conference on the findings of an investigation into the incident, U.S. Attorney General William Barr called out Apple for refusing to help the FBI.

After 10 years of fully supporting Windows 7, Microsoft ended its official support for the out-of-date Windows operating system on Tuesday. The popular classic Windows 7 OS still runs on some 200 million PCs around the globe, according to industry estimates. Users include small business owners, some larger companies, and hordes of consumers holding onto aging personal computers.

As most security pros know, application containers -- Docker, rkt, etc. -- and the orchestration elements employed to support them, such as Kubernetes, are used increasingly in many organizations. Often the security organization isn't exactly the first stop on the path to deployment of these tools. If it was in your shop, consider yourself one of the lucky ones.