Share

IT SPARC Cast
Windows Falls Below 60%! Meta’s Brilliant Memory Hack, and Claude Code Under Fire
In this episode of IT SPARC Cast - News Bytes, John & Lou examine three stories highlighting how AI and enterprise infrastructure continue to evolve. China raises concerns over Anthropic’s Claude Code, Meta reveals an ingenious way to reuse server memory and reduce AI infrastructure costs, and Windows drops below 60% global desktop market share for the first time in decades.
The discussion explores AI security, hyperscale hardware innovation, and whether operating systems are becoming less important than the applications and services running on top of them. If you work in enterprise IT, cloud, AI, virtualization, or infrastructure, this episode offers valuable insight into the trends reshaping the technology landscape.
⸻
📌 Show Notes
00:00 – Intro
This week’s episode covers AI security claims, innovative data center hardware, and changing desktop operating system trends as enterprise computing continues to evolve.
⸻
📰 News Bytes
00:44 – China Issues “Backdoor” Security Alert Over Anthropic’s Claude Code
Chinese authorities issued a security alert alleging certain versions of Claude Code contain monitoring mechanisms that transmit user information. Anthropic has not confirmed the claims, and no independent evidence has verified the alleged backdoor.
John & Lou discuss the importance of independently validating security claims and the broader competitive landscape surrounding AI development.
Key takeaways:
- Claims remain unverified
- AI security deserves careful scrutiny
- Independent validation is essential
https://www.reuters.com/legal/litigation/china-issues-backdoor-security-alert-over-anthropics-claude-code-2026-07-08/
⸻
04:24 – Meta Reuses Old Server Memory with Custom CXL ASIC
Meta unveiled its custom “Vistara” CXL ASIC, allowing older DDR4 memory from retired servers to be reused alongside newer AI infrastructure. The approach reduces hardware costs, extends memory life, and lowers the number of servers required for certain AI workloads.
Key takeaways:
- Extends useful life of server memory
- Reduces infrastructure costs
- Demonstrates creative hyperscale engineering
https://www.theregister.com/systems/2026/06/29/zuck-saves-meta-bucks-by-reusing-memory-from-old-servers-with-a-custom-cxl-asic/5263483
⸻
10:55 – Windows Drops Below 60% Global Desktop Share
According to StatCounter data, Windows has fallen below 60% worldwide desktop market share, while macOS, Linux, and other platforms continue gaining ground.
John & Lou explore whether the operating system itself is becoming less important as web applications, cloud services, AI, and virtualization increasingly abstract users away from the underlying platform.
Key takeaways:
- Windows remains the market leader but continues to decline
- Linux and macOS continue gaining users
- AI and cloud services may reduce OS dependence
https://linuxiac.com/windows-drops-under-60-in-global-desktop-os-share-for-the-first-time-in-years/
⸻
📬 18:28 – Mail Bag
Listener Dennis shares additional thoughts on VMware, open-source infrastructure, and virtualization strategy, reinforcing the growing trend toward organizations building more flexible infrastructure around open technologies rather than proprietary ecosystems.
⸻
🔚 19:39 – Wrap Up
Whether it’s AI security, hyperscale hardware, or desktop computing, the common theme is flexibility. Organizations that embrace open architectures, efficient infrastructure, and thoughtful AI adoption will be better positioned for the next wave of enterprise technology.
⸻
🌐 Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
More episodes
View all episodes

44. The First AI Ransomware Is Here — And It Learned on the Fly
11:25||Season 2, Ep. 44In this episode of IT SPARC Cast – CVE of the Week, John and Lou discuss the first fully autonomous AI-driven ransomware attack ever documented. Researchers observed an AI agent independently executing an entire ransomware campaign—from credential harvesting and privilege escalation to encrypting production systems and adapting to failures in real time.They also examine a new wave of critical UniFi security patches and explain why automatic patching is quickly becoming a necessity rather than a convenience. As AI accelerates both attacks and defenses, organizations must rethink how they approach patch management, Zero Trust, and cyber resilience.⸻📄 Show Notes🚨 CVE of the WeekFirst Fully Agentic Ransomware Attack Raises New Security ConcernsResearchers have documented what appears to be the first fully autonomous AI-powered ransomware attack. After receiving initial access from a human operator, the AI independently:Harvested credentialsMoved laterally across the networkEscalated privilegesEncrypted a production databaseGenerated a ransom noteAdapted to failed attack attempts in just 31 secondsThe attack relied on known vulnerabilities, reinforcing the importance of rapid patching, strong identity controls, credential protection, and Zero Trust architectures. As AI becomes more capable, organizations should expect increasingly automated attacks that can operate at massive scale.https://www.techtarget.com/searchsecurity/news/366645613/First-fully-agentic-ransomware-attack-sparks-readiness-concerns⸻Ubiquiti Releases 25 Security Fixes, Including Seven Critical VulnerabilitiesUbiquiti has released patches for 25 security vulnerabilities, including seven critical flaws rated between 9.1 and 10.0 CVSS, affecting UniFi networking, Protect, Identity, access control, and related products.If automatic updates were enabled, many systems were protected before administrators even learned about the vulnerabilities. The discussion highlights why waiting weeks for maintenance windows is no longer practical. AI-assisted attacks can weaponize newly disclosed vulnerabilities far faster than traditional patch cycles.Recommended actions:Enable automatic updates where appropriatePatch network infrastructure as quickly as possibleReview firmware and software versions regularlyReevaluate maintenance window policies for critical infrastructurehttps://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html⸻💬 Mail BagListener Blake shared that he has chosen not to deploy AI agents because of security concerns.John and Lou discuss the balance organizations must strike between security and productivity. While AI introduces new risks, avoiding it entirely may also create competitive disadvantages. The key is deploying AI responsibly with appropriate safeguards and human oversight.⸻📣 Wrap UpWe’d love to hear your thoughts.Are your patching policies ready for AI-powered attacks? Is continuous patching becoming unavoidable?📧 feedback@itsparccast.comFollow IT SPARC CastIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
44. Microsoft Gives AI Memory | Meta Slows Down & Ford Changes Course
18:01||Season 2, Ep. 44In this episode of IT SPARC Cast - News Bytes, John & Lou explore the next phase of enterprise AI, where long-term memory, agent development, and workforce strategy are becoming just as important as the models themselves. Microsoft introduces Memora to give AI agents persistent memory, Meta acknowledges that AI agent progress is taking longer than expected, and Ford rethinks its software hiring strategy after discovering AI alone isn’t enough.The episode also examines how India is rapidly increasing AI hiring while traditional IT hiring slows, highlighting a broader shift toward higher-value AI skills across the global technology workforce. If you work in enterprise IT, AI, software development, or cloud infrastructure, this episode provides valuable insight into how organizations are adapting to the realities of AI adoption.⸻📌 Show Notes00:00 – Intro📰 News Bytes00:50 – Microsoft Introduces “Memora” for AI AgentsMicrosoft unveiled Memora, a new long-term memory architecture designed to help AI agents retain context across sessions instead of starting from scratch every time. The technology could dramatically improve customer support, help desk operations, troubleshooting, and long-running business workflows.Key takeaways:Persistent memory for AI agentsBetter continuity across customer interactionsNew questions around privacy and memory securityhttps://www.computerworld.com/article/4191034/microsoft-unveils-memora-to-tackle-ai-agents-memory-problem-2.html05:09 – Zuckerberg Says AI Agent Progress Is Slower Than ExpectedDespite major investments and organizational changes, Meta says AI agent development is progressing more slowly than anticipated. While meaningful improvements are still expected, building reliable autonomous agents continues to present technical and operational challenges.John & Lou discuss why the broader AI industry may be experiencing similar growing pains as agentic AI moves from demos into production.Key takeaways:AI agents remain difficult to operationalizeInfrastructure investment continues at record levelsReliable execution remains the biggest challengehttps://www.reuters.com/business/zuckerberg-says-ai-agent-development-going-slower-than-expected-2026-07-02/09:17 – Ford Reassesses AI Hiring StrategyFord is shifting back toward hiring experienced software engineers after finding that AI tools alone did not deliver the expected productivity gains. Rather than replacing experienced developers, the company is pairing AI with seasoned engineering talent.The discussion reinforces a recurring theme: AI works best as a force multiplier, not a replacement for expertise.Key takeaways:Experienced engineers remain essentialAI amplifies skilled teamsOrganizational change matters as much as technologyhttps://www.computerworld.com/article/4190728/ford-disappointed-with-ai-re-hires-veterans.html12:22 – AI Hiring Surges in India’s IT SectorAI hiring in India continues to accelerate even as overall IT hiring declines. Organizations are increasingly seeking talent in generative AI, machine learning, data engineering, and AI infrastructure rather than traditional outsourcing roles.The trend suggests AI is reshaping—not eliminating—the technology workforce.Key takeaways:AI hiring continues to grow rapidlyDemand is shifting toward higher-value technical skillsTraditional IT roles continue evolvinghttps://www.reuters.com/world/india/ai-hiring-outpaces-overall-it-recruitment-india-report-shows-2026-07-03/⸻📬 16:35 – Mail BagLongtime listener Dennis shares a classic science-themed joke. It’s a reminder that even in the fast-moving world of AI and enterprise technology, there’s always room for a good nerd joke.⸻🔚 17:10 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
43. Microsoft Warns: Your AI Agent Could Be Poisoned via MCP
08:38||Season 2, Ep. 43A newly demonstrated attack against the Model Context Protocol (MCP) shows how malicious tool descriptions can manipulate AI agents into leaking sensitive information—without exploiting a software vulnerability. In this episode of IT SPARC Cast – CVE of the Week, John and Lou explain MCP tool poisoning, why prompt injection is evolving, and what organizations deploying AI agents should do to protect themselves.⸻📄 Show Notes🚨 Security Spotlight: MCP Tool PoisoningThis week we’re covering a new attack technique targeting the Model Context Protocol (MCP) used by AI agents.Rather than exploiting software bugs, attackers can modify an MCP tool’s metadata to inject hidden instructions that an AI agent interprets as legitimate commands.The result? AI agents can be manipulated into exposing sensitive information without the user ever seeing the malicious instructions.⸻⚠️ How the Attack WorksResearchers demonstrated that attackers can:Modify an MCP tool’s hidden description metadataEmbed prompt injection instructionsTrick AI agents into revealing sensitive dataAbuse automatically refreshed tool descriptionsOperate without exploiting a traditional software vulnerabilityBecause the instructions are hidden in metadata, human users typically never see them.⸻🛠️ Mitigation Steps✅ Treat Tool Metadata as UntrustedDon’t assume MCP tool descriptions are safe simply because they come from trusted sources.✅ Require Approval for Metadata ChangesIf a tool’s description changes, require administrative review before allowing the updated tool to execute.✅ Apply Least-Privilege AccessGrant AI agents only the permissions they absolutely need.Avoid giving general-purpose agents unrestricted access to:File systemsCredentialsFinancial systemsSensitive data✅ Separate Sensitive ToolsKeep high-privilege tools isolated from general-purpose AI agents whenever possible.✅ Monitor Tool UpdatesAudit changes to MCP tools and monitor for unexpected metadata modifications.✅ Keep Humans in the LoopFor high-risk actions involving sensitive information, require explicit user approval before execution.⸻🤖 Why This MattersThis attack highlights a new reality:The attack surface for AI isn’t just software—it’s prompts, metadata, and trust relationships.As organizations rapidly deploy AI agents, traditional security controls won’t be enough.Future AI security will require:Prompt injection detectionContext-aware validationMetadata inspectionAI-specific security policies⸻💬 Listener FeedbackThanks to Orlando for sharing that his UniFi deployment automatically updated overnight after last week’s episode.It’s another reminder that automatic patching, when appropriate, can significantly reduce exposure to newly discovered threats.⸻📣 Wrap UpAre you comfortable letting AI agents operate autonomously, or should humans remain involved in every sensitive action?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
43. OpenAI’s Spicy New AI Chip, Patch Planet & Why AI Needs Nuclear Power
21:57||Season 2, Ep. 43In this episode of IT SPARC Cast - News Bytes, John & Lou explore how AI is driving the next wave of infrastructure investment. OpenAI launches Patch Planet to help secure critical open-source software, the U.S. announces major funding for new nuclear reactors to support growing energy demand, and OpenAI teams up with Broadcom to introduce its first custom AI inference chip.The discussion highlights three critical themes shaping enterprise IT today: securing the software supply chain, powering tomorrow’s AI data centers, and reducing dependence on traditional GPU architectures. If you work in enterprise IT, cloud, AI, cybersecurity, or infrastructure, this episode offers insight into where the industry is headed next. ⸻📌 Show Notes00:00 – IntroThis week’s episode covers AI-powered software security, next-generation energy infrastructure, and custom silicon designed specifically for large language models.⸻📰 News Bytes00:46 – OpenAI Launches Patch PlanetOpenAI expanded Project Daybreak with Patch Planet, an initiative that helps maintainers of critical open-source projects identify, validate, patch, and test security vulnerabilities using AI alongside human security experts.The goal is to help open-source projects keep pace as AI dramatically accelerates vulnerability discovery.Key takeaways:AI-assisted vulnerability discovery and patchingHuman experts remain part of the validation processFocus on critical open-source infrastructurehttps://openai.com/index/patch-the-planet/⸻05:16 – U.S. Announces $17.5B for New Nuclear ReactorsThe U.S. announced $17.5 billion in loan guarantees to accelerate construction of ten large nuclear reactors, helping address the rapidly growing demand for electricity driven by AI data centers, electrification, and future infrastructure needs.John & Lou discuss why reliable baseload power will be essential for AI growth and how nuclear, renewables, and small modular reactors can work together to support future demand.Key takeaways:10 new large reactors planned across five sitesGrowing AI infrastructure is driving energy demandNuclear remains a key long-term power sourcehttps://apnews.com/article/nuclear-reactors-energy-trump-wright-57841139aca7d2780a12256692b96fc5⸻12:18 – OpenAI & Broadcom Unveil “Jalapeño” AI ChipOpenAI and Broadcom introduced “Jalapeño,” OpenAI’s first custom AI inference processor designed specifically for running large language models more efficiently while reducing dependence on NVIDIA GPUs.The new ASIC focuses on inference performance, lower power consumption, and improved serving efficiency, marking the beginning of OpenAI’s long-term custom hardware strategy.Key takeaways:Purpose-built AI inference processorBetter performance-per-watt for LLM workloadsExpands competition in AI siliconhttps://www.reuters.com/world/asia-pacific/openai-unveils-custom-chip-it-designed-with-broadcom-boost-its-ai-infrastructure-2026-06-24/⸻📬 18:43 – Mail BagLongtime listener Dennis shares his perspective on VMware’s future, arguing that open-source infrastructure and private cloud platforms offer greater flexibility than increasingly expensive proprietary virtualization platforms. The discussion explores why organizations are rethinking virtualization strategies and how AI may accelerate custom infrastructure development.⸻🔚 20:57 – Wrap UpAI is reshaping every layer of enterprise technology—from software security and custom silicon to energy infrastructure and cloud architecture. Organizations that understand how these trends intersect will be best positioned for the years ahead.⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
42. UniFi Under Attack? Why Auto-Patching Saved the Day from Multiple 10.0 CVEs
09:18||Season 2, Ep. 42Three recently patched UniFi OS vulnerabilities are now being actively exploited, highlighting the growing importance of automatic patching and vulnerability management. In this episode of IT SPARC Cast – CVE of the Week, John and Lou explain how chaining CVEs can lead to full system compromise, why UniFi’s default auto-update policy likely protected many users, and why continuous patching may soon replace traditional maintenance windows.⸻📄 Show Notes🚨 CVE of the Week: UniFi OS VulnerabilitiesThis week we’re covering three UniFi OS vulnerabilities:CVE-2026-34908CVE-2026-34909CVE-2026-34910While each vulnerability has its own severity rating, security researchers demonstrated that chaining all three together can result in full remote system compromise with elevated privileges.The vulnerabilities were patched in May 2026, but organizations that delayed updates are now at risk as active exploitation has been reported.⸻⚠️ Why This MattersUniFi OS normally enables automatic updates by default, meaning many deployments were likely protected before the attacks began.However, organizations that disabled auto-updates or delayed maintenance may still be vulnerable.Researchers also released a free detection script to help administrators identify vulnerable UniFi deployments.⸻🛠️ Mitigation Steps✅ Update UniFi OS ImmediatelyVerify every UniFi device is running the latest available firmware and UniFi OS version.If automatic updates were disabled, patch immediately.✅ Verify Auto-Update SettingsConfirm that:Automatic update checks are enabledFirmware updates install automaticallyDevices are regularly checking for new releases✅ Run the Detection ScriptUse the detection tool released by Bishop Fox to identify vulnerable or improperly updated UniFi systems.✅ Audit Network DevicesDon’t stop with UniFi.Review firmware and update status for:FirewallsSwitchesAccess PointsGatewaysOther embedded infrastructure✅ Review Patch StrategyModern attacks are moving faster than traditional maintenance windows.Consider:Overnight automated patchingLive patching where supportedRolling upgrades to minimize downtime⸻🔒 The Bigger LessonJohn and Lou revisit a recurring theme:Modern attacks rely on exploit chaining.Three medium-severity vulnerabilities can combine into a critical compromise.Current CVSS scoring evaluates individual vulnerabilities, but organizations should also consider how vulnerabilities interact across an entire system.⸻🤖 Why Continuous Patching MattersThe average time between disclosure of a critical vulnerability and AI-assisted exploit development continues to shrink.Waiting weeks—or even days—to patch infrastructure is becoming increasingly risky.Vendors are also being encouraged to improve:Live patchingRolling firmware upgradesHigh-availability updates with minimal downtime⸻📣 Wrap UpHas your organization embraced automatic patching, or do you still rely on traditional maintenance windows?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
42. 40,000 Workloads Leaving VMware?! Bezos Says AI Won’t Kill Jobs
17:35||Season 2, Ep. 42In this episode of IT SPARC Cast - News Bytes, John & Lou explore three major stories shaping enterprise IT. Jeff Bezos argues that AI will create labor shortages rather than eliminate jobs, Tesco begins one of the largest VMware migration projects ever announced, and Accenture doubles down on cybersecurity through a series of strategic investments and acquisitions.The discussion focuses on the practical realities behind AI-driven productivity, the growing backlash against VMware licensing changes, and why cybersecurity is becoming a core business function rather than simply an IT responsibility. If you work in enterprise IT, cloud, virtualization, or security, this episode highlights trends that could reshape the industry over the next several years. ⸻📌 Show Notes00:00 – IntroThis week’s episode covers AI’s impact on the workforce, one of the largest VMware migrations ever attempted, and why cybersecurity is becoming central to business strategy.⸻📰 News Bytes00:47 – AI Will Lead to Labor Shortages, Says an Optimistic Jeff BezosJeff Bezos argues that AI will increase productivity and create new categories of work rather than permanently eliminate jobs. Drawing parallels to earlier waves of automation, he suggests AI will remove bottlenecks and allow people to focus on higher-value tasks.John & Lou discuss the difference between using AI as a growth engine versus a cost-cutting tool, and why leadership decisions may ultimately determine whether organizations thrive or stagnate.Key takeaways:AI may create new opportunities rather than eliminate workProductivity gains can fuel growth instead of downsizingOrganizations that embrace expansion may outperform competitorshttps://www.reuters.com/business/world-at-work/ai-will-lead-labour-shortages-jeff-bezos-says-vivatech-2026-06-17/⸻04:49 – Tesco Moving 40,000 Workloads Off VMwareTesco is migrating approximately 40,000 workloads away from VMware, making it one of the largest publicly disclosed VMware exit projects to date. The move comes amid ongoing concerns around licensing, support, and long-term costs following Broadcom’s acquisition of VMware.The migration highlights how even major enterprises are willing to undertake massive infrastructure changes when economics shift dramatically.Key considerations:40,000 workloads represent a significant migration effortKVM-based alternatives continue gaining tractionVirtualization competition is entering a new phasehttps://arstechnica.com/information-technology/2026/06/tesco-moving-40000-server-workloads-off-vmware-amid-broadcoms-abusive-conduct/⸻11:03 – Accenture Takes Majority Stake in Cybersecurity FirmsAccenture announced major investments and acquisitions in cybersecurity, reinforcing the growing importance of security services across every industry.Rather than treating security as a standalone IT function, organizations increasingly view it as a business-wide requirement. Accenture’s move signals that demand for AI-enabled security expertise is expected to accelerate significantly.Key takeaways:Security spending continues to grow rapidlyAI adoption creates new security requirementsConsulting firms see cybersecurity as a long-term growth markethttps://www.reuters.com/legal/transactional/accenture-take-majority-stake-acquire-cybersecurity-firms-418-billion-deal-2026-06-18/⸻📬 15:25 – Mail BagListener Steve weighs in on Ubiquiti’s new Enterprise Firewall Core, agreeing that it’s a strong first step into enterprise security. The discussion expands into Ubiquiti’s new Enterprise NAS platform, ZFS-based storage, and how the company continues pushing deeper into enterprise infrastructure.⸻🔚 16:49 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
41. FortiGate Firewalls Compromised: Why Patching Didn’t Fix the Problem
07:28||Season 2, Ep. 41Thousands of Fortinet FortiGate devices have been compromised—even in organizations that already applied security patches. In this episode of IT SPARC Cast – CVE of the Week, John and Lou explain how attackers maintained persistence after earlier breaches, why patching alone wasn’t enough, and what every organization running FortiGate firewalls must do immediately to verify they haven’t already been compromised.⸻📄 Show Notes🚨 CVE of the Week (Special Security Alert): FortiGate CompromisesThis week we’re covering a major Fortinet security incident affecting organizations around the world.Unlike most episodes, this isn’t focused on a single CVE. Instead, attackers are leveraging previously exploited FortiGate vulnerabilities and maintaining persistent access even after organizations patched the original flaws.The key lesson:👉 Patching does not remove an attacker who is already inside.⸻⚠️ What Happened?Large organizations across multiple industries have reported compromises involving FortiGate firewalls and VPN infrastructure.Attackers reportedly:Exploited previously disclosed Fortinet vulnerabilitiesEstablished persistence mechanismsMaintained access after patches were installedContinued accessing networks through compromised devicesPotential impacts include:Network visibilityCredential theftTraffic interceptionLong-term unauthorized access⸻🛠️ Immediate Mitigation Steps✅ Audit All FortiGate DevicesIf your FortiGate was internet-facing before patching:Assume compromise until proven otherwise.Review:Administrative accountsVPN configurationsFirewall rulesConfiguration changesScheduled tasks and scripts⸻✅ Upgrade Firmware and SoftwareInstall:Latest supported FortiOS versionLatest firmware updatesAny recommended security updatesDon’t stop at operating system updates—verify firmware integrity as well.⸻✅ Rotate CredentialsImmediately rotate:Administrative passwordsVPN credentialsService accountsShared secretsAPI keysAssume previously exposed credentials may be compromised.⸻✅ Verify Multi-Factor Authentication (MFA)MFA should be enabled for:Firewall administrationVPN accessRemote administrationCritical infrastructure systemsIf MFA is not enabled, prioritize it immediately.⸻✅ Hunt for PersistenceLook for:Unknown accountsSuspicious scriptsUnexpected configuration changesUnauthorized VPN usersUnrecognized scheduled tasksIf something looks unfamiliar, investigate it.⸻🔒 Why This MattersOne of the biggest takeaways from this incident is that perimeter security is no longer enough.If a firewall compromise can expose the entire organization, the network architecture needs work.John and Lou emphasize:Zero Trust architecturesNetwork segmentationLeast privilege accessMFA everywhereContinuous security auditingA firewall should be your first line of defense—not your only line of defense.⸻💡 Key TakeawayThe real danger isn’t the original vulnerability.It’s the persistence left behind after the vulnerability was patched.Organizations that only patch—but don’t investigate for compromise—may still have attackers inside their environments.⸻📣 Wrap UpHave you audited your firewall infrastructure recently? Are you confident patching alone is enough?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
41. 200 Microsoft Patches?! RoguePlanet Zero-Day & Ubiquiti’s Enterprise Firewall
24:27||Season 2, Ep. 41In this episode of IT SPARC Cast - News Bytes, John & Lou tackle a security-heavy week featuring a new Microsoft Defender zero-day, the largest Patch Tuesday release in Microsoft’s history, and a growing debate around how vulnerability disclosures should be handled in the AI era. As AI accelerates bug discovery, the industry is struggling to keep pace with validation, patching, and deployment.The discussion also covers Ubiquiti’s entry into the enterprise firewall market and OpenAI’s report on coordinated influence campaigns targeting public perception around AI infrastructure and data centers. If you work in enterprise IT, cybersecurity, cloud, or networking, this episode highlights several trends that will directly impact security operations and infrastructure planning. ⸻📌 Show Notes00:00 – IntroThis week’s episode focuses on security, patch management, enterprise networking, and the growing role AI plays in both finding vulnerabilities and shaping public narratives.⸻📰 News Bytes01:48 – Microsoft Defender “RoguePlanet” Zero-DaySecurity researcher Chaotic Eclipse revealed a new Microsoft Defender vulnerability dubbed “RoguePlanet” that allows local privilege escalation to SYSTEM-level access on Windows 10 and 11.The flaw joins a growing list of publicly disclosed Defender vulnerabilities and highlights ongoing tensions between researchers and Microsoft regarding vulnerability disclosure and patch response times.https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/⸻04:47 – Microsoft Smashes Record for Biggest Ever Patch Tuesday UpdateMicrosoft released more than 200 security fixes in a single Patch Tuesday, setting a new record. The update included dozens of critical vulnerabilities spanning Windows, Office, Azure, Exchange, Active Directory, Hyper-V, BitLocker, and Copilot services.John & Lou discuss why traditional patch cycles may no longer be sufficient as AI dramatically accelerates vulnerability discovery and exploit creation.https://www.computerweekly.com/news/366644117/Microsoft-smashes-record-for-biggest-ever-Patch-Tuesday-update⸻11:40 – Ubiquiti Releases Enterprise FirewallsUbiquiti announced its new Enterprise Firewall Core (EFC), expanding beyond networking into full next-generation firewall capabilities. The platform includes deep packet inspection, IDS/IPS, SSL inspection, AI-assisted threat analysis, and integration with the broader UniFi ecosystem.The aggressive pricing and subscription-light model could make it attractive for SMBs, education, MSPs, and mid-market enterprises.https://blog.ui.com/article/introducing-enterprise-firewall-core⸻17:46 – OpenAI Calls Out Anti-Data Center Influence OperationsOpenAI reported disrupting multiple coordinated campaigns that used AI-generated content, fake personas, and automated translations to influence online discussions around AI infrastructure and data centers.The report found AI significantly increased content generation volume but provided limited evidence that it improved persuasion or effectiveness.https://openai.com/index/prc-linked-influence-operations-ai-debates/⸻📬 21:44 – Mail BagLongtime listener Dennis weighs in on RTX Spark, Microsoft’s AI strategy, AMD’s role in the next Xbox, and the future of gaming platforms. The discussion explores what happens when AI agents become the primary interface and whether future gaming experiences could include Holodecks hosted by Sydney Sweeney.The conversation also raises larger questions about operating systems, platform ecosystems, and whether AI assistants eventually become more important than the devices they run on.⸻🔚 23:21 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn