Cybersecurity Today: Fortinet Exploits, Windows INET Folder, and AI Code Risks – April 14, 2025

Host: Jim Love (Guest Host: David Shipley)
Release Date: April 14, 2025
Podcast Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and strategies to secure your firm in an increasingly risky digital landscape.

1. Fortinet VPN Device Exploits

Timestamp: 00:00

David Shipley opens the episode by addressing a significant issue affecting Fortinet VPN administrators worldwide. Recently, attackers have been exploiting Fortinet devices by maintaining read-only access even after patches for multiple critical vulnerabilities were applied.

Key Points:

• Post-Exploitation Technique: Attackers are using symbolic links in the Languages Files folder to retain access via the SSL VPN Web panel, despite patches being implemented.
• Affected Vulnerabilities: The exploits target vulnerabilities such as CVE-2020-242475, CVE-2023-27997, and CVE-2024-21762.
• Fortinet’s Response: Fortinet issued urgent notifications titled "Notification of Device Compromise FortiGate 40os Urgent action required," classified under TLP Amber Plus, advising customers to upgrade to the latest versions and treat all configuration files as potentially compromised.

Notable Quote: Benjamin Harris, CEO of Fortinet, emphasized the gravity of the situation:
"The first, in the wild, exploitation is becoming significantly faster than organizations can patch. And more importantly, attackers are demonstratively and deeper aware of this fact."
[Timestamp: 02:30]

Implications for Businesses: Organizations using Fortinet VPNs are urged to:

• Upgrade Devices: Ensure all FortiGate devices are updated to the latest firmware.
• Review Configurations: Follow Fortinet’s guidance to assess and restore compromised configuration files.
• Monitor Access: Continuously monitor for any unauthorized access attempts post-patch application.

2. Mysterious Windows INETPUB Folder Creation

Timestamp: 15:45

Shipley transitions to discuss a peculiar development observed by Windows users following Microsoft's April Cumulative Update. A new folder named inetpub appeared on the C drive, typically associated with Internet Information Services (IIS) when web hosting services are enabled.

Key Points:

• Unintended Folder Creation: Microsoft’s update intentionally creates an empty inetpub folder, which users are advised not to delete.
• Associated Vulnerability: The creation is linked to the security flaw CVE-2025-21204, involving improper link resolution. This flaw allows local attackers to exploit symbolic links, potentially escalating permissions and manipulating file operations under the NT Authority System account.
• Microsoft’s Advisory: Users are cautioned against deleting the inetpub folder. If accidentally removed, it can be recreated via the Windows Features panel by reinstalling IIS.

Notable Quote: A representative from Microsoft clarified the necessity of the folder:
"This empty folder had been intentionally created and should not be removed."
[Timestamp: 18:10]

Security Recommendations:

• Do Not Delete INETPUB: Maintain the folder as instructed to prevent exploitation of the associated vulnerability.
• Recreate If Necessary: If the folder is deleted, reinstall IIS to restore it properly.
• Disable Unused Services: If IIS is not in regular use, disable it to minimize potential attack vectors.

3. Risks Associated with AI-Generated Code Dependencies

Timestamp: 25:20

The episode concludes with a discussion on the emerging risks posed by Generative AI in software development. Specifically, the focus is on "slop squatting," where AI models generate non-existent or malicious package dependencies, increasing the threat to software supply chains.

Key Points:

• AI Hallucinations: Large Language Models (LLMs) like those used in code generation often fabricate dependencies, leading to security vulnerabilities.
• Study Findings: Research since March 2024 indicates that over 5% of packages recommended by commercial AI models are non-existent, with open-source models reaching up to 20%.
• Slop Squatting Defined: Seth Michael Larson from the Python Software Foundation describes this phenomenon as scammers exploiting AI's inaccuracies to introduce malicious code through bogus packages.

Notable Quote: Seth Michael Larson succinctly captures the threat:
"LLMs can't stop making up software dependencies and sabotaging everything."
[Timestamp: 28:45]

Preventative Measures:

• Human Oversight: All AI-generated code and dependencies should be meticulously reviewed by experienced developers.
• Verification Protocols: Implement strict verification processes to ensure the legitimacy of any suggested packages.
• Education and Awareness: Train development teams on the risks of AI-generated dependencies and best practices to mitigate them.

Conclusion and Final Thoughts

David Shipley wraps up the episode by reiterating the importance of staying informed and vigilant against evolving cybersecurity threats. He highlights the necessity of proactive measures, such as regular updates, thorough reviews of AI-generated content, and adherence to security advisories from trusted vendors.

Final Quote: "Be extremely careful with AI generated code and review everything by humans. Don't just run it through another AI."
[Timestamp: 35:00]

Listeners are encouraged to reach out with their opinions and concerns via email at contact@EditorialEchnewsDay.ca or by leaving comments under the podcast's YouTube video.

Stay tuned for the next episode of Cybersecurity Today, hosted by Jim Love, where we continue to explore the latest in cybersecurity threats and defenses.