11 Year Old LInux Bug Allows Root Access

Episode Overview

Podcast: Cybersecurity Today
Episode Title: 11 Year Old Linux Bug Allows Root Access
Host: David Shipley
Release Date: January 23, 2026

In this episode, host David Shipley provides updates on the latest cybersecurity threats and incidents affecting businesses. Key topics include new attacks on Fortinet firewalls, the discovery and implications of a critical 11-year-old Linux vulnerability, the rare courtroom outcome of a ransomware case, and widespread credential leaks in the retail sector. Shipley highlights the technical details, ongoing threats, and broader security implications for organizations.

Major Discussion Points & Insights

1. Ongoing Breaches of Fortinet Firewalls

Incident: Fortigate firewall devices are under active attack, with adversaries creating rogue accounts, gaining VPN access, and quickly exporting configuration files.
Attack Characteristics:
- Campaign began January 15, 2026
- Attacks linked to Fortinet’s single sign-on (SSO) feature
- Automated attacks progressing at high speed ([00:30])
Vulnerability Questions:
- Unclear if existing patches address all exploited vulnerabilities
- Patch bypass suspected as even up-to-date systems are affected
Official Response:
- CISA forces agencies to patch rapidly
- Fortinet has not commented on latest events
Quote (David Shipley):

“The speed of the activity strongly suggests automation rather than manual intrusion.” ([00:39])
Broader Concern:
- Mirrors prior authentication bypass flaws in Fortinet’s software
- Customers urged to monitor for suspicious activity, even on patched systems

2. 11-Year-Old Linux TelnetD Vulnerability (CVE-2026-24061)

Vulnerability Details:
- Found in GNU INET UTILS ‘telnetd’ daemon
- Present since a code change in March 2015, unnoticed for nearly 11 years ([01:23])
- Score: CVSS 9.8/10 (critical)
- Allows attackers to bypass authentication and login as root
- All versions from 2015 through 2026 are affected
Technical Cause:
- Telnetd passes unsanitized user variables directly to the system login process
- Specially crafted input skips all authentication checks
Current Threat Activity:
- “Active scanning and exploitation attempts already underway, originating from multiple countries.” ([02:10])
- All detected sources flagged as malicious
Mitigation:
- Disable TelnetD entirely
- Restrict access to Telnet ports
- Apply distribution/firewall vendor patches as they become available
Quote (David Shipley):

“The vulnerability was introduced by a code change in March 2015 and remained undetected until it was responsibly disclosed earlier this month.” ([01:43])

3. Ransomware Boss Pleads Guilty in Unusual Court Outcome

Story Overview:
- Russian national Iannis Alexandrovich Andropenko pled guilty to leading a ransomware operation from the US
- Activities spanned at least 50 victims over four years
- Charges: conspiracy to commit computer fraud/abuse, money laundering
- Noteworthy for having conducted many cyberattacks while openly residing in Florida and California ([03:13])
Legal Developments:
- Granted rare pretrial release after arrest in 2024
- Violated release with substance abuse–related arrests
- Faces up to 25 years in prison, fines, restitution, and asset forfeiture
- Seized assets: millions in crypto, cash, and luxury vehicles
Quote (David Shipley):

“What sets this case [apart] is that Andropenko conducted many of his attacks while living openly in Florida and California.” ([03:34])
Current Status:
- Sentencing not yet scheduled

4. Widespread Credential Leaks in Retail and Supply Chain Sector

Key Findings:
- New report reveals:
  - 70%+ of major retailers
  - Nearly 60% of wholesalers
  - Over half of supply chain organizations
  - ...have login credentials exposed online ([04:29])
Security Implications:
- Exposed credentials enable account takeovers, lateral moves, and supply chain compromises
- Retail and wholesale operations are “large, interconnected technology ecosystems,” so an account breach can affect partners and logistics systems
- Persistent problems with credential hygiene, password reuse, and third-party access management
Quote (David Shipley):

“The findings underscore persistent weaknesses in credential hygiene, password reuse and third party access management issues that continue to fuel breaches across the sector.” ([05:08])

Notable Quotes & Memorable Moments

On automated attacks:

“The speed of the activity strongly suggests automation rather than manual intrusion.”
— David Shipley ([00:39])
On the Linux bug’s longevity:

“The vulnerability was introduced by a code change in March 2015 and remained undetected until it was responsibly disclosed earlier this month.”
— David Shipley ([01:43])
On ransomware operator’s unusual lifestyle:

“What sets this case [apart] is that Andropenko conducted many of his attacks while living openly in Florida and California.”
— David Shipley ([03:34])
On the scale of credential exposures:

“The findings underscore persistent weaknesses in credential hygiene, password reuse and third party access management issues that continue to fuel breaches across the sector.”
— David Shipley ([05:08])

Timestamps for Important Segments

| Topic | Timestamp | |--------------------------------------|:-------------:| | Fortinet firewall attacks | 00:19–01:18 | | Discovery of 11-year-old Linux bug | 01:18–02:33 | | Ransomware boss courtroom case | 02:33–03:58 | | Retail credential exposure report | 03:58–05:35 |

Summary Takeaways

Stay vigilant even when systems are patched—attackers are quickly shifting tactics and targeting single sign-on vulnerabilities.
Legacy protocols like TelnetD remain dangerous if left enabled, especially with such longstanding, severe bugs.
Credential management culture is still lagging—password exposures remain the easiest route for attackers into complex supply chains.
Law enforcement is making rare headway in ransomware cases, but attackers still exploit legal loopholes and operational blind spots.

David Shipley’s delivery balances clear technical explanation with urgent warnings, making this episode valuable listening for IT and security professionals who need to stay ahead of rapidly evolving threats.

Episode Overview

Podcast: Cybersecurity Today
Episode Title: 11 Year Old Linux Bug Allows Root Access
Host: David Shipley
Release Date: January 23, 2026

Major Discussion Points & Insights

1. Ongoing Breaches of Fortinet Firewalls

Incident: Fortigate firewall devices are under active attack, with adversaries creating rogue accounts, gaining VPN access, and quickly exporting configuration files.
Attack Characteristics:
- Campaign began January 15, 2026
- Attacks linked to Fortinet’s single sign-on (SSO) feature
- Automated attacks progressing at high speed ([00:30])
Vulnerability Questions:
- Unclear if existing patches address all exploited vulnerabilities
- Patch bypass suspected as even up-to-date systems are affected
Official Response:
- CISA forces agencies to patch rapidly
- Fortinet has not commented on latest events
Quote (David Shipley):

“The speed of the activity strongly suggests automation rather than manual intrusion.” ([00:39])
Broader Concern:
- Mirrors prior authentication bypass flaws in Fortinet’s software
- Customers urged to monitor for suspicious activity, even on patched systems

2. 11-Year-Old Linux TelnetD Vulnerability (CVE-2026-24061)

Vulnerability Details:
- Found in GNU INET UTILS ‘telnetd’ daemon
- Present since a code change in March 2015, unnoticed for nearly 11 years ([01:23])
- Score: CVSS 9.8/10 (critical)
- Allows attackers to bypass authentication and login as root
- All versions from 2015 through 2026 are affected
Technical Cause:
- Telnetd passes unsanitized user variables directly to the system login process
- Specially crafted input skips all authentication checks
Current Threat Activity:
- “Active scanning and exploitation attempts already underway, originating from multiple countries.” ([02:10])
- All detected sources flagged as malicious
Mitigation:
- Disable TelnetD entirely
- Restrict access to Telnet ports
- Apply distribution/firewall vendor patches as they become available
Quote (David Shipley):

“The vulnerability was introduced by a code change in March 2015 and remained undetected until it was responsibly disclosed earlier this month.” ([01:43])

3. Ransomware Boss Pleads Guilty in Unusual Court Outcome

Story Overview:
- Russian national Iannis Alexandrovich Andropenko pled guilty to leading a ransomware operation from the US
- Activities spanned at least 50 victims over four years
- Charges: conspiracy to commit computer fraud/abuse, money laundering
- Noteworthy for having conducted many cyberattacks while openly residing in Florida and California ([03:13])
Legal Developments:
- Granted rare pretrial release after arrest in 2024
- Violated release with substance abuse–related arrests
- Faces up to 25 years in prison, fines, restitution, and asset forfeiture
- Seized assets: millions in crypto, cash, and luxury vehicles
Quote (David Shipley):

“What sets this case [apart] is that Andropenko conducted many of his attacks while living openly in Florida and California.” ([03:34])
Current Status:
- Sentencing not yet scheduled

4. Widespread Credential Leaks in Retail and Supply Chain Sector

Key Findings:
- New report reveals:
  - 70%+ of major retailers
  - Nearly 60% of wholesalers
  - Over half of supply chain organizations
  - ...have login credentials exposed online ([04:29])
Security Implications:
- Exposed credentials enable account takeovers, lateral moves, and supply chain compromises
- Retail and wholesale operations are “large, interconnected technology ecosystems,” so an account breach can affect partners and logistics systems
- Persistent problems with credential hygiene, password reuse, and third-party access management
Quote (David Shipley):

“The findings underscore persistent weaknesses in credential hygiene, password reuse and third party access management issues that continue to fuel breaches across the sector.” ([05:08])

Notable Quotes & Memorable Moments

On automated attacks:

“The speed of the activity strongly suggests automation rather than manual intrusion.”
— David Shipley ([00:39])
On the Linux bug’s longevity:

“The vulnerability was introduced by a code change in March 2015 and remained undetected until it was responsibly disclosed earlier this month.”
— David Shipley ([01:43])
On ransomware operator’s unusual lifestyle:

“What sets this case [apart] is that Andropenko conducted many of his attacks while living openly in Florida and California.”
— David Shipley ([03:34])
On the scale of credential exposures:

“The findings underscore persistent weaknesses in credential hygiene, password reuse and third party access management issues that continue to fuel breaches across the sector.”
— David Shipley ([05:08])

Timestamps for Important Segments

Summary Takeaways

Stay vigilant even when systems are patched—attackers are quickly shifting tactics and targeting single sign-on vulnerabilities.
Legacy protocols like TelnetD remain dangerous if left enabled, especially with such longstanding, severe bugs.
Credential management culture is still lagging—password exposures remain the easiest route for attackers into complex supply chains.
Law enforcement is making rare headway in ransomware cases, but attackers still exploit legal loopholes and operational blind spots.

wavePod

Powered by Wave AI

Summary

Episode Overview

Major Discussion Points & Insights

1. Ongoing Breaches of Fortinet Firewalls

2. 11-Year-Old Linux TelnetD Vulnerability (CVE-2026-24061)

3. Ransomware Boss Pleads Guilty in Unusual Court Outcome

4. Widespread Credential Leaks in Retail and Supply Chain Sector

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Summary Takeaways

Summary

Episode Overview

Major Discussion Points & Insights

1. Ongoing Breaches of Fortinet Firewalls

2. 11-Year-Old Linux TelnetD Vulnerability (CVE-2026-24061)

3. Ransomware Boss Pleads Guilty in Unusual Court Outcome

4. Widespread Credential Leaks in Retail and Supply Chain Sector

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Summary Takeaways