Yazılar

Senator Wyden Urges FTC Probe Into Microsoft Over Cybersecurity Failures

/in /tarafından

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for what he described as “gross cybersecurity negligence” that he says poses an ongoing threat to U.S. national security.

In a September 10 letter to FTC Chairman Andrew Ferguson, Wyden accused Microsoft of creating vulnerabilities that have led to ransomware attacks on critical infrastructure, including health care organizations. He argued that Microsoft’s default Windows configurations and continued support for outdated encryption standards have left customers exposed.

Wyden compared the company to “an arsonist selling firefighting services,” saying its dominance in enterprise IT leaves agencies and firms with “no choice” but to use its products despite the risks.

The Ascension Case

Wyden highlighted the May 2024 ransomware attack on Ascension, a major U.S. hospital operator, as a prime example. Hackers reportedly exploited a contractor’s laptop after a malicious link appeared through Microsoft’s Bing search engine, eventually breaching Ascension’s Active Directory server and exposing the data of 5.6 million people.

Wyden said Microsoft’s default encryption settings — particularly support for the outdated RC4 standard — facilitated the attack.

Microsoft’s Response

Microsoft acknowledged that RC4 is insecure but stressed it makes up “less than 0.1% of traffic.” The company said it discourages use of RC4 but cannot yet fully disable it because “disabling its use completely would break many customer systems.”

The company pledged to disable RC4 by default in certain Windows products starting Q1 2026 and to roll out additional mitigations.

Broader Context

Wyden has repeatedly urged scrutiny of Microsoft’s role in cyber incidents, including the July 2023 breach by Chinese-linked hackers who stole thousands of U.S. officials’ emails.

The FTC confirmed receipt of Wyden’s letter but offered no further comment.

The senator’s push comes amid broader concerns that the monopoly-like grip of Microsoft on enterprise IT both amplifies security risks and limits customers’ ability to choose safer alternatives.

Jaguar Land Rover Scrambles to Contain Cyber Breach That Halted Production

/in /tarafından

Jaguar Land Rover (JLR) said Friday it is working “at pace” to restore operations after a major cyber incident forced it to shut down systems, halting both retail and production activities. The breach, disclosed earlier this week, has left thousands of factory workers at home until at least Tuesday as the company attempts a controlled restart of global applications.

Owned by India’s Tata Motors, JLR stressed there is no evidence customer data has been stolen so far. The company described the attack as “severely disruptive” to its operations across its three British car plants, where it employs around 33,000 people, making it the UK’s largest automotive employer.

The disruption adds to JLR’s mounting challenges. The company already reported an 11% sales drop in July, partly due to a U.S. export pause after Trump’s car import tariffs, and has cut its 2026 profit margin target from 10% to 5%-7%. Like other European automakers, it also faces weak demand in China and slower sales in Europe.

The attack mirrors a global trend of escalating ransomware campaigns hitting household names. Earlier this year, Marks & Spencer estimated its own cyber breach cost about £300 million ($405 million) in lost profit. Analysts warn that JLR’s recovery could also come with significant financial fallout if disruptions stretch beyond next week.

United Natural Foods Cyber Incident Disrupts Operations, Affects Whole Foods Supply

/in /tarafından

United Natural Foods Inc (UNFI), a major U.S. grocery distributor supplying clients including Whole Foods, experienced a cyber incident that forced it to take certain internal systems offline, temporarily disrupting its ability to fulfill and distribute customer orders.

The company disclosed in a June 9 SEC filing that it proactively shut down some systems after detecting unauthorized activity on its networks on June 5. While specifics of the incident were not disclosed, the disruption has caused operational delays expected to continue for a time.

Shares of United Natural fell sharply on Monday, closing down nearly 7% at $25.94 amid concerns over the incident’s impact.

A Whole Foods spokesperson confirmed efforts to restock shelves promptly but referred further questions to United Natural Foods.

This incident follows a series of recent cyberattacks affecting major retailers in the U.S. and UK, including Marks & Spencer, Co-op, Harrods, and Victoria’s Secret. While United Natural has not confirmed the nature of the unauthorized activity, similar disruptions have frequently involved ransomware attacks, where criminals encrypt company data and demand ransom payments.

United Natural Foods is the largest publicly traded distributor focused on “healthier food options” across the U.S. and Canada and recently secured an eight-year extension as primary distributor for Amazon-owned Whole Foods. The company reported $8.2 billion in net sales for the 13 weeks ending February 1, 2025.

The FBI has not commented on the incident.