Articles of interest from the week of May 13, 2019

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Microsoft yesterday took the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. (By Brian Krebs, Krebs on Security) 

Website Attack Attempts Rose by 69% in 2018

Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows. (By Curtis Franklin Jr., Dark Reading)

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks

First reported by the Financial Times, the popular messaging app discovered in early May that attackers were installing surveillance software on iPhones and Android phones – by calling victims using WhatsApp's call function. WhatsApp is owned by Facebook and is used by 1.5 billion people globally. The messaging platform touts itself as a secure end-to-end encryption app for communications. (By Lindsey O'Donnell, Threatpost)

Nine in 10 Cloud Breaches Occur Due to Employee Mistakes, According to a Kaspersky Lab Report

Human error is the greatest risk to companies moving their systems and data to the cloud, according to a recent report from Kaspersky Lab. The Kaspersky Lab Global Corporate IT Security Risks Survey examined data based on 7,186 interviews with companies of different sizes in 24 countries. (By Jonathan Greig, TechRepublic)

U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

The incident marked as one of the worst data breaches in history, with the company paying a record $115 million fine to settle U.S. lawsuits. According to the indictment, the hackers used sophisticated techniques, including spearfishing, to hack into the computer networks of the targeted businesses and then installed malware on their computers to further compromise the networks and gain access to sensitive users' data and confidential business information. (By Mohit Kumar, The Hacker News)