TZUTC: -0500
MSGID: 1494.consprcy@1:2320/105 2d29a359
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
US Senator says Microsoft should be probed for 'gross cybersecurity
negligence' after hospital ransomware attacks

Date:
Fri, 12 Sep 2025 15:00:00 +0000

Description:
Senator Wyden calls for Microsoft to be held responsible.

FULL STORY

US Senator Ron Wyden has written a letter to the FTC Chairman to urge them to
open an investigation into Microsoft over the companys negligent 
cybersecurity in relation to ransomware attacks against US critical
infrastructure; 

"I urge the FTC to investigate Microsoft and hold the company responsible for
the serious harm it has caused by delivering dangerous, insecure software to
the U.S. government and to critical infrastructure entities, such as those in
the U.S. health care sector," Wyden wrote in a letter to FTC Chairman Andrew
Ferguson. 

Earlier this year, millions were left at risk after Ascension Healthcare
revealed a  data breach, most likely at the hands of C10p ransomware.
Karberoasting attacks 

Senator Wydens office has reportedly obtained new information - "the hack
began when a contractor clicked on a malicious link after conducting a web
search on Microsofts Bing search engine." 

Following this, a contractors laptop was infected with malware, which the
letter claims was due to "dangerously insecure default settings on Microsoft
software allowed the hackers to ultimately gain highly privileged access to
the most sensitive parts of Ascensions network." 

Without timely action, Microsofts culture of negligent cybersecurity, 
combined with its de facto monopolization of the enterprise operating system
market, poses a serious national security threat and makes additional hacks
inevitable. 

The attacks reportedly used something called Kerberoasting - a technique 
which exploits insecure encryption technologies from all the way back in the
1980s known as RC4. These are still supported by Microsoft software, and 
Wyden argues Microsoft should warn customers about such dangers. 

Microsoft has, as yet, not released a patch or update for the vulnerability,
nor has the firm reached out to warn customers. 

RC4 is an old standard, and we discourage its use both in how we engineer our
software and in our documentation to customers  which is why it makes up less
than .1% of our traffic," a Microsoft spokesperson told TechRadar Pro . 

"However, disabling its use completely would break many customer systems. For
this reason, were on a path to gradually reduce the extent to which customers
can use it, while providing strong warnings against it and advice for using 
it in the safest ways possible. We have it on our roadmap to ultimately
disable its use. Weve engaged with The Senators office on this issue and will
continue to listen and answer questions from them or others in government. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-senator-says-microsoft-should-be-pro
bed-for-gross-cybersecurity-negligence-after-hospital-ransomware-attacks

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426