Senator Wyden Calls for FTC Investigation into Microsoft Over Ransomware-Related Cybersecurity Failures

U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.

Senator Wyden Calls for FTC Investigation into Microsoft Over Cybersecurity Negligence Linked to Ransomware Attacks

September 11, 2025

U.S. Senator Ron Wyden has formally requested the Federal Trade Commission (FTC) to investigate Microsoft, alleging severe cybersecurity negligence that has facilitated ransomware assaults on critical U.S. infrastructure, notably in the healthcare sector. In a detailed four-page correspondence to FTC Chairman Andrew Ferguson, Wyden characterized Microsoft’s actions as emblematic of “gross cybersecurity negligence,” suggesting that the company’s significant share of the enterprise operating system market exacerbates the risks associated with its cybersecurity practices.

Wyden’s appeal comes on the heels of alarming revelations from Ascension, a major healthcare system that experienced a debilitating ransomware attack last year. This incident resulted in the compromise of personal and medical records for approximately 5.6 million individuals, underscoring the gravity of the threats faced by critical infrastructure entities. The senator drew a striking analogy, portraying Microsoft as an “arsonist selling firefighting services to their victims,” emphasizing the potential calamitous consequences of ongoing vulnerabilities within the software giant’s systems.

The vulnerabilities highlighted originate from alleged systemic lapses in Microsoft’s cybersecurity framework. Wyden pointed to the company’s culture of negligence as a primary factor contributing to the increasing prevalence of ransomware attacks. The attacks on crucial sectors, particularly healthcare, raise significant national security concerns, particularly when considering that timely intervention may mitigate further breaches.

In terms of the tactics employed during these ransomware breaches, various techniques from the MITRE ATT&CK framework can be identified. Initial access is often gained through phishing campaigns or exploiting known vulnerabilities within widely used software. Once adversaries infiltrate the system, techniques such as privilege escalation may allow them to move laterally within the network, enhancing their control and ability to deploy ransomware effectively. The persistence of these threat actors is often maintained through backdoors and other means, ultimately complicating eradication efforts.

This call to action from Wyden is part of a broader trend of heightened scrutiny on major technology providers regarding their role in public cybersecurity. With the stakes rising, business owners and stakeholders across various sectors are advised to assess their own cybersecurity measures, especially those reliant on widely adopted enterprise systems. The implications of the current discourse surrounding Microsoft serve as a stark reminder of the pressing need for robust cybersecurity protocols to guard against evolving threats.

As the FTC considers the investigation, the outcome could set important precedents regarding corporate responsibility in cybersecurity practices. The tech industry and those who depend on its infrastructure would do well to monitor developments closely, ensuring that their own defenses remain fortified against the risks posed by both direct attacks and the ramifications of negligent practices in the sector.

Source link

Related Posts

Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories

Sep 12, 2025
AI Security / Vulnerability

A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.

Urgent Warning: CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Alerts Public

September 12, 2025
Vulnerability / Cybersecurity Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.

According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.