Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Wyden Says Microsoft Flaws Led to Hack of US Hospital System

Link: https://news.slashdot.org/story/25/09/10/1951...

US Senator Ron Wyden says glaring cybersecurity flaws by Microsoft enabled a
ransomware attack on a US hospital system and has called on the Federal Trade
Commission to investigate. Bloomberg: In a letter sent Wednesday to FTC
Chairman Andrew Ferguson, the Oregon Democrat accused Microsoft of "gross
cybersecurity negligence," which he said had resulted in ransomware attacks
against US critical infrastructure. The senator cited the case of the 2024
breach at Ascension, one of the nation's largest nonprofit health systems.
The intrusion shut down computers at many of Ascension's hospitals, leading
to suspended surgeries and the theft of sensitive data on more than 5 million
patients. Wyden said an investigation by his office found that the Ascension
hack began after a contractor carried out a search using Microsoft's Bing
search engine and was served a malicious link, which led to the contractor
inadvertently downloading malware. That allowed hackers access to Ascension's
computer networks. According to Wyden, the attackers then gained access to
privileged accounts by exploiting an insecure encryption technology called
RC4, which is supported by default on Windows computers. The hacking method
is called Kerberoasting, which the company described as a type of cyberattack
in which intruders aim to gather passwords by targeting an authentication
protocol called Kerberos.

Read more of this story at Slashdot.

---
VRSS v2.1.180528