

SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug
Apr 21, 2025
Discussions take a deep dive into a recent wave of account lockouts caused by Microsoft Entra's new security feature, sparking chaos among users. An exploit targeting Erlang/OTP SSH vulnerabilities raises alarms with easy remote code execution. Sonicwall devices are under threat from an older command injection exploit after brute-force access. Finally, an unpatched vulnerability in bubble.io exposes projects to potential breaches, underscoring the need for vigilance in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Manage Microsoft Entra Lockouts
- Address Microsoft Entra lockout alerts by urging users to change passwords promptly.
- Meanwhile, consider temporary workarounds to keep critical accounts active until the situation stabilizes.
Microsoft Entra Lockout Insight
- Microsoft Entra's new security feature locks accounts if passwords seem compromised based on backend data.
- This led to widespread account lockouts, affecting up to a third of users in some organizations.
Mitigate Zoom Exploit Risks
- Educate users about risks of unauthorized system access requests on Zoom and similar platforms.
- Consider disabling system access request feature globally if your organization does not use it legitimately.