TZUTC: -0500   
   MSGID: 1494.consprcy@1:2320/105 2d29a359   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   US Senator says Microsoft should be probed for 'gross cybersecurity   
   negligence' after hospital ransomware attacks   
      
   Date:   
   Fri, 12 Sep 2025 15:00:00 +0000   
      
   Description:   
   Senator Wyden calls for Microsoft to be held responsible.   
      
   FULL STORY   
      
   US Senator Ron Wyden has written a letter to the FTC Chairman to urge them to   
   open an investigation into Microsoft over the companys negligent    
   cybersecurity in relation to ransomware attacks against US critical   
   infrastructure;    
      
   "I urge the FTC to investigate Microsoft and hold the company responsible for   
   the serious harm it has caused by delivering dangerous, insecure software to   
   the U.S. government and to critical infrastructure entities, such as those in   
   the U.S. health care sector," Wyden wrote in a letter to FTC Chairman Andrew   
   Ferguson.    
      
   Earlier this year, millions were left at risk after Ascension Healthcare   
   revealed a  data breach, most likely at the hands of C10p ransomware.   
   Karberoasting attacks    
      
   Senator Wydens office has reportedly obtained new information - "the hack   
   began when a contractor clicked on a malicious link after conducting a web   
   search on Microsofts Bing search engine."    
      
   Following this, a contractors laptop was infected with malware, which the   
   letter claims was due to "dangerously insecure default settings on Microsoft   
   software allowed the hackers to ultimately gain highly privileged access to   
   the most sensitive parts of Ascensions network."    
      
   Without timely action, Microsofts culture of negligent cybersecurity,    
   combined with its de facto monopolization of the enterprise operating system   
   market, poses a serious national security threat and makes additional hacks   
   inevitable.    
      
   The attacks reportedly used something called Kerberoasting - a technique    
   which exploits insecure encryption technologies from all the way back in the   
   1980s known as RC4. These are still supported by Microsoft software, and    
   Wyden argues Microsoft should warn customers about such dangers.    
      
   Microsoft has, as yet, not released a patch or update for the vulnerability,   
   nor has the firm reached out to warn customers.    
      
   RC4 is an old standard, and we discourage its use both in how we engineer our   
   software and in our documentation to customers  which is why it makes up less   
   than .1% of our traffic," a Microsoft spokesperson told TechRadar Pro .    
      
   "However, disabling its use completely would break many customer systems. For   
   this reason, were on a path to gradually reduce the extent to which customers   
   can use it, while providing strong warnings against it and advice for using    
   it in the safest ways possible. We have it on our roadmap to ultimately   
   disable its use. Weve engaged with The Senators office on this issue and will   
   continue to listen and answer questions from them or others in government.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/us-senator-says-microsoft-should-be-pro   
   bed-for-gross-cybersecurity-negligence-after-hospital-ransomware-attacks   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426