"Wyden said it was time to "hold Microsoft responsible for its gross cybersecurity negligence," specifically referencing the 2024 ransomware infection of non-profit health care provider Ascension as well as the recent SharePoint flaw. "I urge the FTC to investigate Microsoft and hold the company responsible for the serious harm it has caused by delivering dangerous, insecure software to the US government and to critical infrastructure entities, such as those in the US healthcare sector," Wyden wrote in his to FTC Chair Andrew Ferguson."
"Wyden noted that the hackers that targeted Ascension used a technique called Kerberoasting to access privileged accounts on Microsoft Active Directory. A report in 2023 saw a 583% jump in attacks using the technique. "This hacking technique leverages Microsoft's continued support by default for an insecure encryption technology from the 1980s called RC4 that federal agencies and cybersecurity experts, including experts working for Microsoft, have for more than a decade warned is dangerous," Wyden wrote."
Senator Ron Wyden requested an FTC investigation into Microsoft for alleged gross cybersecurity negligence affecting critical infrastructure. He cited the 2024 ransomware infection of non-profit health provider Ascension and a recent SharePoint vulnerability as instances of serious harm. Wyden asserted that Microsoft delivered dangerous, insecure software to the US government and critical infrastructure entities, including healthcare. He reported that attackers used Kerberoasting to access privileged Active Directory accounts and noted a 583% rise in such attacks in 2023. Wyden criticized Microsoft's continued default support for the outdated RC4 encryption technology.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]