Locky ransomware and Kovter click-fraud malware are being spread in the same email campaign for the first time, with malicious .lnk files being used to infect computers.

Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a new HTTPS milestone.

Google pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite.

This week HTTPS hit a huge milestone. According to a two-week survey of telemetry data from the Mozilla Firefox browser, 50 percent of page loads used HTTPS.

Ubuntu users are encouraged to update their operating systems to the latest OpenSSL package versions to address a collection of vulnerabilities.

Debian developers are recommending that the Cryptkeeper Linux encryption app be pulled from the distribution after a universal password was found.

Academics studying 283 Android VPN apps quantified a number of problems associated with native platform support for VPN clients through the BIND_VPN_SERVICE.

Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign.

The Star Wars Twitter botnet, the return of Lavabit, a critical Cisco Webex flaw, and the St. Louis Library ransomware story are discussed.

A Ponemon Institute report on ransomware revealed 48 percent of businesses surveyed paid a ransom in exchange for getting their data back.