SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited;
Dec 17, 2025
Microsoft is moving away from RC4 for Windows authentication, providing guidance for a smooth transition. FortiCloud's SSO vulnerability is being actively exploited, prompting urgent patching recommendations. Additionally, three vulnerabilities were discovered in FreePBX, including a concerning authentication bypass that could lead to remote code execution. Security measures are emphasized, especially after potential FortiGate compromises where attackers could access sensitive configurations.
AI Snips
Chapters
Transcript
Episode notes
Prepare Now For RC4 Decommissioning
- Do inventory and prepare to remove RC4-dependent systems before Microsoft disables RC4 by default next year.
- Use Microsoft's logging and PowerShell tools to find accounts still using RC4 and update passwords or configurations.
Act Fast On FortiCloud SSO Exploits
- Patch FortiGate devices immediately or disable FortiCloud SSO to stop active exploit attempts.
- After any compromise, change all local credentials and rotate seeds and MFA secrets stored on the device.
Chained FreePBX Flaws Lead To RCE
- FreePBX flaws combine SQL injection with an authentication-bypass header to achieve unauthenticated RCE.
- Default FreePBX installs are not vulnerable unless the web authentication mode is enabled, reducing immediate exposure.