1. Forum
  2. FidoNet
  3. CONSPRCY

  • US Senator says Microsoft

    From Mike Powell@1:2320/105 to All on Fri Sep 12 13:33:39 2025
    US Senator says Microsoft should be probed for 'gross cybersecurity
    negligence' after hospital ransomware attacks

    Date:
    Fri, 12 Sep 2025 15:00:00 +0000

    Description:
    Senator Wyden calls for Microsoft to be held responsible.

    FULL STORY

    US Senator Ron Wyden has written a letter to the FTC Chairman to urge them to open an investigation into Microsoft over the companys negligent
    cybersecurity in relation to ransomware attacks against US critical infrastructure;

    "I urge the FTC to investigate Microsoft and hold the company responsible for the serious harm it has caused by delivering dangerous, insecure software to the U.S. government and to critical infrastructure entities, such as those in the U.S. health care sector," Wyden wrote in a letter to FTC Chairman Andrew Ferguson.

    Earlier this year, millions were left at risk after Ascension Healthcare revealed a data breach, most likely at the hands of C10p ransomware. Karberoasting attacks

    Senator Wydens office has reportedly obtained new information - "the hack
    began when a contractor clicked on a malicious link after conducting a web search on Microsofts Bing search engine."

    Following this, a contractors laptop was infected with malware, which the letter claims was due to "dangerously insecure default settings on Microsoft software allowed the hackers to ultimately gain highly privileged access to
    the most sensitive parts of Ascensions network."

    Without timely action, Microsofts culture of negligent cybersecurity,
    combined with its de facto monopolization of the enterprise operating system market, poses a serious national security threat and makes additional hacks inevitable.

    The attacks reportedly used something called Kerberoasting - a technique
    which exploits insecure encryption technologies from all the way back in the 1980s known as RC4. These are still supported by Microsoft software, and
    Wyden argues Microsoft should warn customers about such dangers.

    Microsoft has, as yet, not released a patch or update for the vulnerability, nor has the firm reached out to warn customers.

    RC4 is an old standard, and we discourage its use both in how we engineer our software and in our documentation to customers which is why it makes up less than .1% of our traffic," a Microsoft spokesperson told TechRadar Pro .

    "However, disabling its use completely would break many customer systems. For this reason, were on a path to gradually reduce the extent to which customers can use it, while providing strong warnings against it and advice for using
    it in the safest ways possible. We have it on our roadmap to ultimately
    disable its use. Weve engaged with The Senators office on this issue and will continue to listen and answer questions from them or others in government.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-senator-says-microsoft-should-be-pro bed-for-gross-cybersecurity-negligence-after-hospital-ransomware-attacks

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)