.png?width=1816&height=566&name=brandmark-design%20(83).png "Tech Channels - IT News, Resources & Insights")
Microsoft came under fire from a U.S. for its security practices while an inspector general found DHS misspent money meant to retain cybersecurity talent at CISA and flaws threatened KioSoft stored payment cards and Rockwell Automation products.
Wyden Accuses Microsoft of ‘Cybersecurity Negligence,’ Wants FTC to Probe
Accusing Microsoft of being negligent when it comes to safeguarding the nation’s infrastructure, Sen. Ron Wyden, D-Ore., is pressing the Federal Trade Commission to open a probe into the company for poor cybersecurity policies that have led to ransomware attacks. Wyden says Microsoft’s default settings in products including Windows have opened the doors for attackers, pointing to an attack on Ascension in which bad actors stole personal and medical data for 5.4 million patients.
Inbox Obfuscation Technique Poses Threat to Microsoft Exchange
While threat actors seemingly haven’t moved on it yet, a Unicode-base obfuscation technique recently discovered by Permiso would let them access the inbox rules of Microsoft Exchange then gain access to email and swipe data. Called Inboxfuscation, the technique inserts a Unicode characters in Microsoft Exchange rules, making attacks hard to detect. Permiso is providing an open source Inboxfuscation framework to help IT security detect the threats.
KioSoft Failed to Patch Serious Vulnerability for More Than a Year
It doesn’t take long for cyber miscreants to exploit a flaw, which makes it all the more confounding that KioSoft, the maker of unattended self-service payment machines, let a serious vulnerability ride for more than a year before issuing a patch. SEC Consult said the manufacturer took its sweet time addressing the bug, CVE-2025-8699, that when exploited allows hackers to top-up balances on some KioSoft stored value cards.
60% of IT and security leaders say security issues, not feature bugs, more likely to delay product launches
Conventional wisdom says bugs are to blame for delayed product launches. But new data tells a different story: 60 percent of IT and security leaders say security issues are now more likely to cause delays than feature bugs. And it’s not just timelines at risk. Careers are on the line too. Nearly 80 percent of respondents to the 2025 State of Application Security Survey, conducted by TechStudio™, an Energize Marketing® company, and Cypress Data Defense, say they are concerned about losing their jobs in the aftermath of a breach.
CISA Warns of Critical Flaws in Rockwell Automation Products
In a series of advisories, the Cybersecurity and Infrastructure Security Agency (CISA) flagged several flaws, some of them critical, in Rockwell Automation products—with a decided focus on critical infrastructure. In CISA’s sights were ThinManager, FactoryTalk Optix, Stratix iOS and both ControlLogix and CompactLogix controllers. Security experts are urging organizations to upgrade to ThinManager 14.1. CISA also warned of flaws in ABB Aspect, Nexus, and Matrix products.
DHS Botched Cyber Incentive Program, Misspent Funds
The Department of Homeland Security inspector general says that the agency misspent federal funds earmarked for the Cyber Incentive program at the recently beleagured Cybersecurity and Infrastructure Security Agency (CISA). The program, intended to provide incentives to retain “mission-critical cybersecurity talent,” instead sent tens of thousands of dollars in funding to 240 ineligible employees without such skills.
