Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
AI agent executes end-to-end ransomware attack via development platfor...
ICAC Commissioner attends first IAACA European regional anti-corruptio...
Research: Asian enterprises advancing AI without resilience strategies...
Penta Security Sets the Benchmark for Web Application Security, Earnin...
India bank domain registry exposed sensitive data in security lapse: e...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

News

US senator requests FTC probe over software giant’s poor cybersecurity track record

By CybersecAsia editors | Tuesday, September 16, 2025, 1:58 PM Asia/Singapore

US senator requests FTC probe over software giant’s poor cybersecurity track record

Citing key cybersecurity attacks on critical infrastructure, one software giant has been named for necessary investigation for monopoly and negligence.

On 11 September 2025, a US senator urged the Federal Trade Commission (FTC) to investigate Microsoft for what he described as “gross cybersecurity negligence” that had allowed ransomware attacks to severely impact critical US infrastructure, including healthcare networks.

In a four-page letter to FTC Chair, Senator Ron Wyden criticized Microsoft for a cybersecurity culture which, combined with its monopoly over enterprise operating systems, creates a serious national security risk and makes further cyberattacks unavoidable.

Comparing the firm to “an arsonist selling firefighting services to their victims” to underscore his alarm at the situation, the action is linked to a ransomware incident affecting Ascension, a major healthcare system hit last year by an attack that had compromised sensitive personal and medical data of approximately 5.6m people. This assault, attributed to the Black Basta ransomware group, also disrupted electronic health record access and was ranked among the top three largest healthcare-related breaches in 2024 by the US Department of Health and Human Services.

The central risk factor: RC4
The attackers had used a method named Kerberoasting, which targets Microsoft’s Kerberos authentication protocol to extract encrypted service account credentials from Active Directory. Central to this risk is Microsoft’s continued default support for the outdated RC4 encryption algorithm within Kerberos, despite RC4 being known for significant cryptographic weaknesses since the 1980s.

Wyden’s letter has highlighted that RC4 is especially vulnerable because it uses no salt or iterated hash in password encryption, allowing attackers to rapidly guess passwords. The senator criticized Microsoft for failing to enforce strong password policies — such as a minimum 14-character length — for privileged accounts and maintaining RC4 enabled by default, which together expose customers unnecessarily to ransomware and other cybersecurity threats.

Reactions by the firm to help corporate users mitigate risk have been deemed by the US senator as insufficient and too slow. The firm has responded by stating that RC4 is an old standard they discourage and that less than 0.1% of their traffic involves its use. Completely disabling RC4 immediately would break many customer systems, so the firm is pursuing a gradual reduction in RC4 usage with strong warnings to customers, and will ultimately disable it. Starting Q1 2026, any new Active Directory domains using Windows Server 2025 will have RC4 disabled by default, and that additional mitigations for existing deployments are planned to maintain service continuity.

Elephant in the room
This is not the first criticism Microsoft has faced over cybersecurity. In 2024 a report by the US Cyber Safety Review Board had faulted the firm’s preventable mistakes that had allowed Chinese threat group Storm-0558 to access hundreds of Exchange Online mailboxes globally.

Wyden’s office is arguing that despite the firm’s poor cybersecurity record, it continues to secure lucrative government contracts due to the lack of regulatory consequences and its dominant market position.

Cybersecurity experts acknowledge that the security decisions of a dominant platform can have widespread impacts on national infrastructure security, and have highlighted the critical need for improved default security designs.

Ultimately, the senator’s call is for the FTC to recognize how national security is entwined with the default settings of key IT platforms, and he urges enterprises and government entities to demand and adopt more secure-by-design software environments.

Share:

PreviousAdvanced fileless malware targets Philippine military using stealth techniques
Next/DISREGARD RELEASE: Desilo/

Related Posts

Research unveils a 10-year ‘cybersecurity debt’ the world cannot repay

Research unveils a 10-year ‘cybersecurity debt’ the world cannot repay

Wednesday, April 13, 2022

Two tech predictions that will make 2024 a cyber risky year

Two tech predictions that will make 2024 a cyber risky year

Monday, January 22, 2024

Rubrik offers US$5m ransomware recovery warranty

Rubrik offers US$5m ransomware recovery warranty

Wednesday, October 27, 2021

Rethink your SMS approach

Rethink your SMS approach

Friday, September 24, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Penta Security Sets the Benchmark for Web Application Security, Earning Frost & Sullivan’s 2026 South Korea Company of the Year Recognition

    Thursday, July 2, 2026
    By combining intelligent threat detection, …Read More »
  • SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer Value Leadership Recognition for Excellence in Cybersecurity Services

    Monday, June 29, 2026
    The company is recognized for …Read More »
  • Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations

    Saturday, June 27, 2026
    PETALING JAYA, Malaysia, June 26, …Read More »
  • DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments

    Thursday, June 25, 2026
    New White Paper Outlines Best …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.