The Everything Feed - All Packet Pushers Pods PP059: News Roundup – Oracle Plays Breach Word Games, Fast Flux Worries CISA, AI Package Hallucinations, and More
4 snips
Apr 22, 2025 Dive into the latest cybersecurity issues, including a persistent flaw in Fortinet devices that allows unauthorized access despite patches. Discover the chilling implications of government investigations on cybersecurity firms. Explore the concept of 'package hallucinations' in AI, revealing risks for developers. Uncover troubling security lapses in software supply chains illustrated by a case at the University of Maryland Medical Center. Finally, learn about the Fast Flux technique used by malware to evade detection.
AI Snips
Chapters
Transcript
Episode notes
Fortinet's Persistence Vulnerability
- Fortinet patched only the initial vulnerability; attackers maintain read-only persistence via a SIM link inside a language files folder.
- This allows potential exposure of unencrypted config data including IPs and credentials stored on the system.
Patch or Replace Avanti VPNs
- If using Avanti VPN appliances, ensure you have applied patches; many older models are out of support and vulnerable.
- If unpatchable or exposed, unplug the device and migrate to newer secure solutions like zero trust (ZTNA).
Oracle's Semantic Breach Game
- Oracle contests breach claims by distinguishing Oracle Cloud Classic from Oracle Cloud Infrastructure, but 6 million user records were stolen from the legacy platform.
- Encrypted credentials and keys stolen pose ongoing risk, especially if credentials are reused across services.