Cybersecurity Today Fortinet Exploits, Windows INET Folder, and AI Code Risks: Cyber Security Today for April 14
Apr 14, 2025
Attackers are exploiting Fortinet VPN vulnerabilities, even after patches, urging immediate upgrades for security. New Windows updates have introduced a controversial INET Pub folder that users are advised not to delete due to linked security flaws. The podcast also highlights the risks of AI-generated code, with malicious packages arising from AI hallucinations. Review of AI code dependencies is crucial to avoid 'slop squatting' and potential scams, underscoring the need for human oversight in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Fortinet VPN Exploits Persist
- Fortinet VPN administrators were frustrated when attackers maintained access after patches via symbolic links.
- Attackers preserved read-only access to root files through SSL VPN web panels even after eviction.
Urgent Fortinet Upgrade Advice
- Upgrade Fortinet VPN devices to the latest versions promptly.
- Treat all configuration files as potentially compromised and follow recovery guidance.
New INETPUB Folder Explained
- Microsoft's April update creates an empty INETPUB folder unexpectedly on Windows C drives.
- The folder should not be deleted as it ties into a privilege escalation security vulnerability fix.