SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug
Apr 21, 2025
Discussions take a deep dive into a recent wave of account lockouts caused by Microsoft Entra's new security feature, sparking chaos among users. An exploit targeting Erlang/OTP SSH vulnerabilities raises alarms with easy remote code execution. Sonicwall devices are under threat from an older command injection exploit after brute-force access. Finally, an unpatched vulnerability in bubble.io exposes projects to potential breaches, underscoring the need for vigilance in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Microsoft Entra Lockout Insight
- Microsoft Entra's new security feature locks accounts if passwords seem compromised based on backend data.
- This led to widespread account lockouts, affecting up to a third of users in some organizations.
Manage Microsoft Entra Lockouts
- Address Microsoft Entra lockout alerts by urging users to change passwords promptly.
- Meanwhile, consider temporary workarounds to keep critical accounts active until the situation stabilizes.
Zoom Social Engineering Trick
- Attackers join Zoom calls pretending to be potential partners, then rename themselves "Zoom."
- This tricks users into granting system access, facilitating attacker commands on victims' systems.