IT SPARC Cast

Three recently patched UniFi OS vulnerabilities are now being actively exploited, highlighting the growing importance of automatic patching and vulnerability management. In this episode of IT SPARC Cast – CVE of the Week, John and Lou explain how chaining CVEs can lead to full system compromise, why UniFi’s default auto-update policy likely protected many users, and why continuous patching may soon replace traditional maintenance windows.⸻📄 Show Notes🚨 CVE of the Week: UniFi OS VulnerabilitiesThis week we’re covering three UniFi OS vulnerabilities:CVE-2026-34908CVE-2026-34909CVE-2026-34910While each vulnerability has its own severity rating, security researchers demonstrated that chaining all three together can result in full remote system compromise with elevated privileges.The vulnerabilities were patched in May 2026, but organizations that delayed updates are now at risk as active exploitation has been reported.⸻⚠️ Why This MattersUniFi OS normally enables automatic updates by default, meaning many deployments were likely protected before the attacks began.However, organizations that disabled auto-updates or delayed maintenance may still be vulnerable.Researchers also released a free detection script to help administrators identify vulnerable UniFi deployments.⸻🛠️ Mitigation Steps✅ Update UniFi OS ImmediatelyVerify every UniFi device is running the latest available firmware and UniFi OS version.If automatic updates were disabled, patch immediately.✅ Verify Auto-Update SettingsConfirm that:Automatic update checks are enabledFirmware updates install automaticallyDevices are regularly checking for new releases✅ Run the Detection ScriptUse the detection tool released by Bishop Fox to identify vulnerable or improperly updated UniFi systems.✅ Audit Network DevicesDon’t stop with UniFi.Review firmware and update status for:FirewallsSwitchesAccess PointsGatewaysOther embedded infrastructure✅ Review Patch StrategyModern attacks are moving faster than traditional maintenance windows.Consider:Overnight automated patchingLive patching where supportedRolling upgrades to minimize downtime⸻🔒 The Bigger LessonJohn and Lou revisit a recurring theme:Modern attacks rely on exploit chaining.Three medium-severity vulnerabilities can combine into a critical compromise.Current CVSS scoring evaluates individual vulnerabilities, but organizations should also consider how vulnerabilities interact across an entire system.⸻🤖 Why Continuous Patching MattersThe average time between disclosure of a critical vulnerability and AI-assisted exploit development continues to shrink.Waiting weeks—or even days—to patch infrastructure is becoming increasingly risky.Vendors are also being encouraged to improve:Live patchingRolling firmware upgradesHigh-availability updates with minimal downtime⸻📣 Wrap UpHas your organization embraced automatic patching, or do you still rely on traditional maintenance windows?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou explore three major stories shaping enterprise IT. Jeff Bezos argues that AI will create labor shortages rather than eliminate jobs, Tesco begins one of the largest VMware migration projects ever announced, and Accenture doubles down on cybersecurity through a series of strategic investments and acquisitions.The discussion focuses on the practical realities behind AI-driven productivity, the growing backlash against VMware licensing changes, and why cybersecurity is becoming a core business function rather than simply an IT responsibility. If you work in enterprise IT, cloud, virtualization, or security, this episode highlights trends that could reshape the industry over the next several years.  ⸻📌 Show Notes00:00 – IntroThis week’s episode covers AI’s impact on the workforce, one of the largest VMware migrations ever attempted, and why cybersecurity is becoming central to business strategy.⸻📰 News Bytes00:47 – AI Will Lead to Labor Shortages, Says an Optimistic Jeff BezosJeff Bezos argues that AI will increase productivity and create new categories of work rather than permanently eliminate jobs. Drawing parallels to earlier waves of automation, he suggests AI will remove bottlenecks and allow people to focus on higher-value tasks.John & Lou discuss the difference between using AI as a growth engine versus a cost-cutting tool, and why leadership decisions may ultimately determine whether organizations thrive or stagnate.Key takeaways:AI may create new opportunities rather than eliminate workProductivity gains can fuel growth instead of downsizingOrganizations that embrace expansion may outperform competitorshttps://www.reuters.com/business/world-at-work/ai-will-lead-labour-shortages-jeff-bezos-says-vivatech-2026-06-17/⸻04:49 – Tesco Moving 40,000 Workloads Off VMwareTesco is migrating approximately 40,000 workloads away from VMware, making it one of the largest publicly disclosed VMware exit projects to date. The move comes amid ongoing concerns around licensing, support, and long-term costs following Broadcom’s acquisition of VMware.The migration highlights how even major enterprises are willing to undertake massive infrastructure changes when economics shift dramatically.Key considerations:40,000 workloads represent a significant migration effortKVM-based alternatives continue gaining tractionVirtualization competition is entering a new phasehttps://arstechnica.com/information-technology/2026/06/tesco-moving-40000-server-workloads-off-vmware-amid-broadcoms-abusive-conduct/⸻11:03 – Accenture Takes Majority Stake in Cybersecurity FirmsAccenture announced major investments and acquisitions in cybersecurity, reinforcing the growing importance of security services across every industry.Rather than treating security as a standalone IT function, organizations increasingly view it as a business-wide requirement. Accenture’s move signals that demand for AI-enabled security expertise is expected to accelerate significantly.Key takeaways:Security spending continues to grow rapidlyAI adoption creates new security requirementsConsulting firms see cybersecurity as a long-term growth markethttps://www.reuters.com/legal/transactional/accenture-take-majority-stake-acquire-cybersecurity-firms-418-billion-deal-2026-06-18/⸻📬 15:25 – Mail BagListener Steve weighs in on Ubiquiti’s new Enterprise Firewall Core, agreeing that it’s a strong first step into enterprise security. The discussion expands into Ubiquiti’s new Enterprise NAS platform, ZFS-based storage, and how the company continues pushing deeper into enterprise infrastructure.⸻🔚 16:49 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Thousands of Fortinet FortiGate devices have been compromised—even in organizations that already applied security patches. In this episode of IT SPARC Cast – CVE of the Week, John and Lou explain how attackers maintained persistence after earlier breaches, why patching alone wasn’t enough, and what every organization running FortiGate firewalls must do immediately to verify they haven’t already been compromised.⸻📄 Show Notes🚨 CVE of the Week (Special Security Alert): FortiGate CompromisesThis week we’re covering a major Fortinet security incident affecting organizations around the world.Unlike most episodes, this isn’t focused on a single CVE. Instead, attackers are leveraging previously exploited FortiGate vulnerabilities and maintaining persistent access even after organizations patched the original flaws.The key lesson:👉 Patching does not remove an attacker who is already inside.⸻⚠️ What Happened?Large organizations across multiple industries have reported compromises involving FortiGate firewalls and VPN infrastructure.Attackers reportedly:Exploited previously disclosed Fortinet vulnerabilitiesEstablished persistence mechanismsMaintained access after patches were installedContinued accessing networks through compromised devicesPotential impacts include:Network visibilityCredential theftTraffic interceptionLong-term unauthorized access⸻🛠️ Immediate Mitigation Steps✅ Audit All FortiGate DevicesIf your FortiGate was internet-facing before patching:Assume compromise until proven otherwise.Review:Administrative accountsVPN configurationsFirewall rulesConfiguration changesScheduled tasks and scripts⸻✅ Upgrade Firmware and SoftwareInstall:Latest supported FortiOS versionLatest firmware updatesAny recommended security updatesDon’t stop at operating system updates—verify firmware integrity as well.⸻✅ Rotate CredentialsImmediately rotate:Administrative passwordsVPN credentialsService accountsShared secretsAPI keysAssume previously exposed credentials may be compromised.⸻✅ Verify Multi-Factor Authentication (MFA)MFA should be enabled for:Firewall administrationVPN accessRemote administrationCritical infrastructure systemsIf MFA is not enabled, prioritize it immediately.⸻✅ Hunt for PersistenceLook for:Unknown accountsSuspicious scriptsUnexpected configuration changesUnauthorized VPN usersUnrecognized scheduled tasksIf something looks unfamiliar, investigate it.⸻🔒 Why This MattersOne of the biggest takeaways from this incident is that perimeter security is no longer enough.If a firewall compromise can expose the entire organization, the network architecture needs work.John and Lou emphasize:Zero Trust architecturesNetwork segmentationLeast privilege accessMFA everywhereContinuous security auditingA firewall should be your first line of defense—not your only line of defense.⸻💡 Key TakeawayThe real danger isn’t the original vulnerability.It’s the persistence left behind after the vulnerability was patched.Organizations that only patch—but don’t investigate for compromise—may still have attackers inside their environments.⸻📣 Wrap UpHave you audited your firewall infrastructure recently? Are you confident patching alone is enough?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou tackle a security-heavy week featuring a new Microsoft Defender zero-day, the largest Patch Tuesday release in Microsoft’s history, and a growing debate around how vulnerability disclosures should be handled in the AI era. As AI accelerates bug discovery, the industry is struggling to keep pace with validation, patching, and deployment.The discussion also covers Ubiquiti’s entry into the enterprise firewall market and OpenAI’s report on coordinated influence campaigns targeting public perception around AI infrastructure and data centers. If you work in enterprise IT, cybersecurity, cloud, or networking, this episode highlights several trends that will directly impact security operations and infrastructure planning.  ⸻📌 Show Notes00:00 – IntroThis week’s episode focuses on security, patch management, enterprise networking, and the growing role AI plays in both finding vulnerabilities and shaping public narratives.⸻📰 News Bytes01:48 – Microsoft Defender “RoguePlanet” Zero-DaySecurity researcher Chaotic Eclipse revealed a new Microsoft Defender vulnerability dubbed “RoguePlanet” that allows local privilege escalation to SYSTEM-level access on Windows 10 and 11.The flaw joins a growing list of publicly disclosed Defender vulnerabilities and highlights ongoing tensions between researchers and Microsoft regarding vulnerability disclosure and patch response times.https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/⸻04:47 – Microsoft Smashes Record for Biggest Ever Patch Tuesday UpdateMicrosoft released more than 200 security fixes in a single Patch Tuesday, setting a new record. The update included dozens of critical vulnerabilities spanning Windows, Office, Azure, Exchange, Active Directory, Hyper-V, BitLocker, and Copilot services.John & Lou discuss why traditional patch cycles may no longer be sufficient as AI dramatically accelerates vulnerability discovery and exploit creation.https://www.computerweekly.com/news/366644117/Microsoft-smashes-record-for-biggest-ever-Patch-Tuesday-update⸻11:40 – Ubiquiti Releases Enterprise FirewallsUbiquiti announced its new Enterprise Firewall Core (EFC), expanding beyond networking into full next-generation firewall capabilities. The platform includes deep packet inspection, IDS/IPS, SSL inspection, AI-assisted threat analysis, and integration with the broader UniFi ecosystem.The aggressive pricing and subscription-light model could make it attractive for SMBs, education, MSPs, and mid-market enterprises.https://blog.ui.com/article/introducing-enterprise-firewall-core⸻17:46 – OpenAI Calls Out Anti-Data Center Influence OperationsOpenAI reported disrupting multiple coordinated campaigns that used AI-generated content, fake personas, and automated translations to influence online discussions around AI infrastructure and data centers.The report found AI significantly increased content generation volume but provided limited evidence that it improved persuasion or effectiveness.https://openai.com/index/prc-linked-influence-operations-ai-debates/⸻📬 21:44 – Mail BagLongtime listener Dennis weighs in on RTX Spark, Microsoft’s AI strategy, AMD’s role in the next Xbox, and the future of gaming platforms. The discussion explores what happens when AI agents become the primary interface and whether future gaming experiences could include Holodecks hosted by Sydney Sweeney.The conversation also raises larger questions about operating systems, platform ecosystems, and whether AI assistants eventually become more important than the devices they run on.⸻🔚 23:21 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

A single-character coding mistake in the Linux kernel created a privilege escalation vulnerability that could allow attackers to gain root access, escape containers, and compromise systems. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2026-23111, discuss why container escapes are so dangerous, and explore how AI-powered code analysis may become essential for finding bugs before attackers do.⸻📄 Show Notes🚨 CVE of the Week: Linux Kernel Privilege Escalation (CVE-2026-23111)This week we’re covering CVE-2026-23111, a Linux kernel vulnerability that demonstrates how a tiny coding error can create a major security risk.The vulnerability:CVSS Score: 7.8Allows local privilege escalation to rootCan enable container escapesImpacts systems using nftables and user namespacesWas caused by a single-character logic errorResearchers demonstrated successful exploitation against major Linux distributions, including Debian and Ubuntu.⸻⚠️ Why This MattersWhile technically a local privilege escalation vulnerability, the real danger comes from exploit chaining.Attackers can:Gain limited access through another vulnerabilityUse CVE-2026-23111 to escalate privilegesEscape containersTake control of the host systemThis is why John and Lou argue that modern vulnerability scoring needs to better account for attack chains rather than evaluating each flaw in isolation.⸻🛠️ Mitigation Steps✅ Verify Your Linux Kernel Is PatchedThe vulnerability was patched in February 2026.Ensure your systems are running updated kernels provided by your Linux distribution.✅ Update Embedded Linux DevicesMany embedded systems:IoT devicesHVAC controllersSecurity appliancesSmart sensorsmay not receive patches automatically.Audit these devices and verify firmware versions.✅ Implement Zero TrustLimit lateral movement through:Zero Trust architecturesLeast-privilege accessNetwork segmentationStrong authentication controls✅ Use Micro-SegmentationRestrict devices to only the resources they require.IoT and embedded systems should never have broad access to:Financial systemsHR systemsCritical infrastructureAdministrative networks✅ Add AI-Assisted Code ReviewThis vulnerability existed because of a one-character mistake.Modern AI tools can:Review codeIdentify logic errorsDetect privilege escalation risksFind issues before deployment⸻🤖 AI: The Defender and the AttackerOne of the biggest themes of this episode is how AI is changing cybersecurity.The same technologies being used to:Find vulnerabilitiesReview codeImprove software qualitycan also be used by attackers to:Discover exploit chainsGenerate exploitsAutomate attacksThe future of security will require organizations to use AI defensively just to keep pace.⸻💬 Listener FeedbackThanks to listener Xavier-Nostromo for highlighting the growing need for AI-powered security defenses.As vulnerability discovery accelerates, organizations can no longer rely solely on traditional patch cycles and manual response processes.The future may require continuous monitoring, continuous validation, and continuous patching.⸻📣 Wrap UpDo you think AI-assisted code review should become mandatory for critical infrastructure and open-source projects?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou take a deep dive into a Microsoft-heavy week that touches nearly every corner of enterprise IT. From a growing controversy around vulnerability disclosure practices to Microsoft’s new AI-native device strategy and NVIDIA’s RTX Spark platform, the discussion explores how AI is reshaping operating systems, endpoints, and enterprise workflows.The episode also examines a surprising announcement that may signal a major shift in the desktop computing landscape: Microsoft bringing Linux CoreUtils directly into Windows. Combined with AI agents, local inference, and cross-platform development, the lines between operating systems are blurring faster than ever. If you work in enterprise IT, cloud, AI, or cybersecurity, this episode is packed with insights into where the industry is heading next.  📌 Show Notes00:00 – IntroThis week’s episode focuses on Microsoft’s evolving AI strategy, security challenges, AI-native devices, and the growing convergence between Windows and Linux. News Bytes00:46 – Microsoft’s Coordinated Vulnerability Disclosure (CVD) ControversyMicrosoft defended its coordinated vulnerability disclosure process after several high-profile Windows vulnerabilities were publicly disclosed before fixes were available. Researchers argue Microsoft has become increasingly difficult to work with and too slow to patch critical issues.John & Lou discuss both sides of the debate and why faster vulnerability discovery driven by AI is putting pressure on traditional disclosure models.Key takeaways:Vulnerability disclosure requires cooperation between researchers and vendorsPatch timelines are becoming increasingly importantAI is accelerating vulnerability discovery faster than everhttps://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure07:20 – Inside Microsoft’s Project SolaraMicrosoft unveiled Project Solara, an AI-native platform designed around agents rather than traditional applications. Running on Android-based hardware, Solara aims to provide AI-first devices that handle workflows, context, and automation without requiring users to jump between apps.The platform includes wearable and desktop reference designs and reflects Microsoft’s vision of AI assistants becoming a core part of everyday work.https://www.geekwire.com/2026/inside-microsofts-project-solara-a-new-platform-for-devices-that-run-ai-agents-instead-of-apps/11:36 – NVIDIA & Microsoft Reinvent Windows PCs with RTX SparkNVIDIA and Microsoft announced RTX Spark, a new AI-focused platform designed to run large AI models, local agents, and advanced inference workloads directly on PCs and workstations.The platform combines NVIDIA Blackwell GPUs with AI-optimized software to reduce cloud dependency and improve data privacy while enabling powerful local AI experiences.https://www.theverge.com/tech/940589/nvidia-rtx-spark-n1-n1x-laptop-desktop-pc-cpu-gpu-ai-release-date17:43 – Microsoft Adds CoreUtils to Windows. So What? Linux Won.Microsoft is bringing native Linux CoreUtils commands directly into Windows, allowing cross-platform scripting without relying on WSL. Commands like grep, cat, find, sort, head, tail, and cut will become first-class Windows citizens.The bigger story isn’t the tools themselves—it’s what they represent: the operating system matters less than the applications, services, and workflows running on top of it.https://blogs.windows.com/windowsdeveloper/2026/06/02/build-2026-furthering-windows-as-the-trusted-platform-for-development/⸻🔚 23:22 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn