Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign.

The Star Wars Twitter botnet, the return of Lavabit, a critical Cisco Webex flaw, and the St. Louis Library ransomware story are discussed.

Facebook is letting users tie a physical security key to their account as an added layer of security.

A bipartisan bill was introduced this week in the House calling for the NHTSA to conduct a study that would determine appropriate cybersecurity standards for motor vehicles.

A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber.

Citing security concerns, Google announced that it will soon block JavaScript (.js) file attachments in Gmail.

Researcher Mariusz Mlynski found and disclosed four high-severity vulnerabilities in Chrome’s Blink rendering engine, earning himself $32,000 through the Chrome Rewards program.

A Ponemon Institute report on ransomware revealed 48 percent of businesses surveyed paid a ransom in exchange for getting their data back.

ICS-CERT warns of default credentials in Schneider Electric Wonderware Historian that can be abused to compromise Historian databases.

Firefox 51 includes warnings to users landing on HTTP websites, and patches for nearly a half-dozen critical security vulnerabilities.