SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

Apr 21, 2025
Discussions take a deep dive into a recent wave of account lockouts caused by Microsoft Entra's new security feature, sparking chaos among users. An exploit targeting Erlang/OTP SSH vulnerabilities raises alarms with easy remote code execution. Sonicwall devices are under threat from an older command injection exploit after brute-force access. Finally, an unpatched vulnerability in bubble.io exposes projects to potential breaches, underscoring the need for vigilance in cybersecurity.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Manage Microsoft Entra Lockouts

  • Address Microsoft Entra lockout alerts by urging users to change passwords promptly.
  • Meanwhile, consider temporary workarounds to keep critical accounts active until the situation stabilizes.
INSIGHT

Microsoft Entra Lockout Insight

  • Microsoft Entra's new security feature locks accounts if passwords seem compromised based on backend data.
  • This led to widespread account lockouts, affecting up to a third of users in some organizations.
ADVICE

Mitigate Zoom Exploit Risks

  • Educate users about risks of unauthorized system access requests on Zoom and similar platforms.
  • Consider disabling system access request feature globally if your organization does not use it legitimately.
Get the Snipd Podcast app to discover more snips from this episode
Get the app