Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user.

The Star Wars Twitter botnet, the return of Lavabit, a critical Cisco Webex flaw, and the St. Louis Library ransomware story are discussed.

Facebook is letting users tie a physical security key to their account as an added layer of security.

A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber.

Citing security concerns, Google announced that it will soon block JavaScript (.js) file attachments in Gmail.

Researcher Mariusz Mlynski found and disclosed four high-severity vulnerabilities in Chrome’s Blink rendering engine, earning himself $32,000 through the Chrome Rewards program.

Firefox 51 includes warnings to users landing on HTTP websites, and patches for nearly a half-dozen critical security vulnerabilities.

Cisco has fixed a vulnerability in its WebEx extension for Chrome that allowed for remote code execution on computers running the plugin.

Apple released updates across its product lines, including iOS 10.2.1, patching a number of critical code execution vulnerabilities in the kernel, libarchive and WebKit.

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.