SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Top of the News
Asana Fixes Vulnerability in MCP Server Feature
Asana has fixed a vulnerability in their implementation of the Model Context Protocol (MCP) artificial intelligence integration protocol that could have been exploited to see data belonging to other organizations. Asana introduced the opt-in MCP server feature at the beginning of May 2025, and disabled the use of MCP from June 5 through 17 while addressing the issue. Asana writes that "as part of [their] remediation efforts, [they] reset all connections to the MCP server. This means [users will] need to manually reconnect [their] Asana instance to the MCP server."
Editor's Notes
- Slide 1 of 2
This is the proverbial tip of the iceberg for MCP attacks, this one being associated with a logic flaw yielding some level of cross-tenant access. Look for many, many more of these in coming years. And for our penetration testing friends out there - get smart on this stuff fast and integrate it into your testing regimen. You'll need it! This is especially important in verifying authorization of access when using AI features. In his keynote speech at the RSAC Conference this year, SANS Fellow Josh Wright spoke of "Authorization Sprawl.' AI features enabled with MCP are one way attackers can find and exploit authorization sprawl, as indicated in this Asana issue.
- Slide 2 of 2
The flaw allowed a user to access their allowed data types from other customers, due to incomplete access control enforcement. You need to have your Asana admin review logs for MCP access, review AI generated summaries/answers, and report immediately any data which appear to be from another organization. Review the recommendations from UpGuard (https://www.upguard.com/blog/asana-discloses-data-exposure-bug-in-mcp-server) before (re)integrating LLMs into sensitive workflows.
Slide 1 of 0- Slide 1 of 2
Motors WordPress Theme Vulnerability is Being Actively Exploited
A critical privilege escalation vulnerability in the Motors theme for WordPress is being actively exploited to take control of admin accounts and take over vulnerable sites. Wordfence detected and reported the flaw in May; the issue affects all versions of the theme up to and including 5.6.67. The theme's developers released an update to address the flaw on May 14, 2025. The attacks began on May 20. As of June 7, Wordfence reported having blocked more than 23,000 exploit attempts against customers.
Editor's Notes
- Slide 1 of 3
CVE-2025-4322, privilege escalation/account takeover flaw, has a CVSS score of 9.8. In short, the plugin didn't properly validate a user before allowing a password change, so an arbitrary user could change any password, including the administrator password. If you're using the Motors theme, make sure you're on 5.6.68 or higher. Double check if your theme updates are automatic, your content providers may not wish those to update without oversight.
- Slide 2 of 3
Many WordPress themes and plugins are a constant source of concern with a myriad of vulnerabilities. If you run a WordPress site, make sure you strip out any themes and plugins that are not absolutely essential to the functionality of your site.
- Slide 3 of 3
WordPress risks have reached "crisis" proportions: https://www.techspot.com/news/108233-linux-foundation-steps-neutral-solution-wordpress-crisis.html. While the Linux Foundation has recognized the problem and while there are alternatives, the use of WordPress is so broad that it is likely to remain at crisis level for the foreseeable future.
Slide 1 of 0- Slide 1 of 3
CISA Adds Linux Flaw to Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity privilege escalation flaw in the Linux kernel OverlayFS subsystem to the Known Exploited Vulnerabilities (KEV) catalog. The KEV describes the flaw: "Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system." The vulnerability was disclosed and patched in early 2023; proof of concept exploits have been available for more than two years. US Federal Civilian Executive Branch agencies must mitigate the vulnerability by July 8, 2025.
Editor's Notes
- Slide 1 of 2
CVE-2023-0386, CVSS score 7.8, improper ownership flaw, had patches released in January 2023, and initial POC exploits appeared in May of 2023. While the description of the exploit is hard to follow, it's easy to perform and your Linux distro is likely included, so make sure you're running the latest supported kernel. Aside from the patch, one mitigation is to block the loading of the OverlayFS kernel module, but test as that can have operational impacts.
- Slide 2 of 2
It's disappointing that a vulnerability found and patched two years ago now finds its way onto the KEV list because of organization inaction. How does one expect to protect themselves when they don't take patch management seriously?
Slide 1 of 0- Slide 1 of 2
The Rest of the Week's News
Cyber Resilience Corps Report: The Roadmap to Community Cyber Defense
A new report, 'The Roadmap to Community Cyber Defense: A Path Forward from the Cyber Resilience Corps,' lays out a strategy for meeting the cybersecurity needs of organizations like hospitals, schools, non-profits, local utilities, local governments, and small businesses that lack sufficient cybersecurity resources. The Cyber Resilience Corps is a volunteer organization led by the University of California Berkeley Center for Long Term Cybersecurity (CLTC) and the CyberPeace Institute; the report is based on information garnered from the first year of the Cyber Resilience Corps' operations. The report describes a "co-responsibility model ... that details what cyber responsibilities community organizations can reasonably be expected to shoulder and what duties should be shifted towards other, more capable actors."
Editor's Notes
- Slide 1 of 3
The CLTC is proposing a mechanism for filling gaps in cyber security through the use of volunteer organizations and low-cost cybersecurity services, to achieve security goals, particularly for community organizations. Elements include not only how to organize and simplify over time, but also guidance for states to create a regional cyber support ecosystem. As one involved in multiple nonprofits with limited to no cybersecurity budget, having an organized approach to leverage available free, or nearly free, resources coupled with an overall approach is a big win.
- Slide 2 of 3
An excellent compilation of cause and effect for the cyber underserved. Nothing in the report is new but formally documenting it is a good thing. Until companies simplify cybersecurity and build secure-by-default products, it is going to take fiscal resources. Unfortunately, those are in short supply and tend to be influenced by changes in government (state and federal) administrations. Philanthropies are another option, but they tend to only fund for a year or two, and there are a growing number of non-profits that require sustained funding.
- Slide 3 of 3
These organizations are targets more collectively than individually. When breached, they finance the miscreants, serve as proxies to hide the source of attacks, and populate botnets. Their numbers inflate the attack surface of our infrastructure. Encouraging them to adopt strong authentication, and other efficient measures, is essential to our collective security.
Slide 1 of 0- Slide 1 of 3
ICO Fines 23andMe Over 2023 Breach
The UK's Information Commissioner's Office (ICO) has fined 23andMe £2.31M (US$3.13M) "for failing to implement appropriate security measures to protect the personal information of UK users, following a large-scale cyber attack in 2023." For several months in mid-2023, a threat actor conducted a credential stuffing attack that compromised personal information of nearly 160,000 UK residents. The ICO found that 23andMe lacked multifactor authentication for access to stored raw genetic data. The ICO also cited 23andMe's "inadequate" response to the incident. Since the breach, 23andMe has filed for bankruptcy and is expected to be sold to a new owner.
Editor's Notes
- Slide 1 of 4
This is a good one for CISOs to use to make sure merger/acquisition decisions include possible future security liabilities. Relatively small issue here - but remember: Back in 2016, AOL learned of Yahoo's massive breach *after* making a $4.5B acquisition offer. That led to a $350M reduction in the offer, which was probably a low estimate of the real hard cost to AOL.
- Slide 2 of 4
ICO is really watching protections of personal information. Make sure you're not only implementing MFA and robust access controls, but also properly obtaining permission for collection of the data you have. If you haven't checked your protection, disposal, and access controls on PII recently against all applicable privacy standards, GDPR, CCPA/CPRA, HIPAA, GLBA, COPPA, etc., it's time.
- Slide 3 of 4
Interesting ruling. Has MFA moved from a security best practice now to a mandatory cybersecurity requirement? Don't get me wrong, 23andMe failed the cybersecurity standard duty of care in protecting user data and should be held accountable. It would perhaps be helpful if there were a minimum set of requirements that every organization had to meet, such as IG1 of the CIS Critical Security Controls.
- Slide 4 of 4
If Microsoft can mandate Passkeys for all users, then there is no reason why we cannot use them for all public facing applications.
Slide 1 of 0- Slide 1 of 4
Losses From UK Retailer Breaches Could Total £440M ($592M)
The UK's Cyber Monitoring Centre (CMC) estimates that the costs associated with the recent Marks & Spencer and Co-op breaches will total between £270M (US$363M) and £440M ($592M). CMC, a non-profit organization established by the insurance industry, has combined the Marks & Spencer and Co-op cyberattacks into "a single combined cyber event" because "one threat actor claimed responsibility for both M&S and Co-op, the close timing, and the similar tactics, techniques, and procedures (TTPs)." CMC declined to include the recent Harrods breach in the combined event. The threat actors believed to be responsible for the attacks appear to have turned their attention to US insurance companies.
Editor's Notes
- Slide 1 of 3
The CMC has published a detailed methodology on how it categorizes breaches but I couldn't find any information on how they arrive at cost estimates. It seems odd to me to lump costs together by threat actor, since costs to a high-end department store are going to be very different than costs to a grocery chain, vs. being similar because the same bad guys launched the attack. We will now see AI engines start to 'learn' on this data and then other AI engines start to 'hallucinate' on those outputs.
- Slide 2 of 3
Scattered Spider appears to be behind both the M&S and Co-op breach, but not Harrods due to lack of data about that attack. The group leverages their English-speaking members to pull off advanced social engineering attacks obtaining unauthorized access. Not unlike a marketing campaign, this group focuses on a single target at a time. Rather than worry about you being a target or not, make sure that you're prepared for social engineering, to include fake IT support calls/emails. Ask what's trending in your email quarantine/spam filters, and reward reporting.
- Slide 3 of 3
One suspects that investors are interested in those numbers. That is to say they are "material."
Slide 1 of 0- Slide 1 of 3
McLaren Health Care Says Summer 2024 Cybersecurity Incident Affects Nearly 750,000 Individuals
Michigan-based McLaren Health Care has begun notifying more than 743,000 people that their data were compromised during a 2024 ransomware attack. Threat actors had access to McLaren's systems between July 17 and August 3, 2024. The compromised data include both personally identifiable information (PII) and protected health information (PHI). While the incident was detected in August 2024 and disclosed later that same month, the investigation to determine who was affected did not conclude until early May 2025. This is the second ransomware attack McLaren has suffered in the past several years; a July 2023 incident compromised data belonging to 2.2 million individuals.
Editor's Notes
- Slide 1 of 2
The information disclosed included names, driver's license numbers, and medical information. Victims are being given one year of credit monitoring services. Two things jump out: first, the investigation taking ten months; second, that they were successfully compromised twice within twelve months. I'm not unsympathetic Ð this had to be horrible for McLaren - and today's table stakes are such that you need to be expeditious in your investigation and comprehensive in your mitigations to maintain the confidence of both consumers and regulators.
- Slide 2 of 2
In spite of, or because of, HIPAA, leakage of healthcare data has reached troubling proportions. We need to prescribe essential and efficient measures to include strong authentication and isolation of clinical applications and data from such high risk applications as browsing and e-mail.
Slide 1 of 0- Slide 1 of 2
Chinese State-Sponsored Threat Actors Target Canadian Telecom
In a jointly published statement, the Canadian Centre for Cybersecurity and the US Federal Bureau of Investigation (FBI) are warning that a group of Chinese state-sponsored threat actors known as Salt Typhoon have exploited a known, critical vulnerability to compromise a Canadian telecommunications firm. The vulnerability, CVE-2023-20198, which has a CVSS score of 10.0, has also been exploited by the threat actors to target the networks of US telecommunications companies, including Verizon, Lumen, AT&T, and most recently Viasat.
Editor's Notes
- Slide 1 of 3
CVE-2023-20198, CVSS score 10.0 and CVE-2023-20273, CVSS score 7.2, are being used together to obtain access and escalate privileges. CVE-2023-20198 was reported on the NIST KEV 10/16/2023, with a due date of 10/20/2023 due to exploit activity observed at that time. Cisco released software updates in October of 2023, and there isn't an effective workaround. Make sure that you're applying the updates to your boundary control and network equipment. Where services are critical, such as telecom, broadband or satellite, make sure that you have redundancy and fail-over, not only to support the required service level but also so you can patch without service interruption.
- Slide 2 of 3
Salt Typhoon's campaign has been very successful. It may well serve a strategic objective. It requires at least a tactical response.
- Slide 3 of 3
Nothing surprising from the joint announcement. You could argue that the miscreant was only targeting North American telco providers. But I suspect the reality is that the global ICT sector is the target for this nation-state attack.
Slide 1 of 0- Slide 1 of 3
Citrix Addresses NetScaler Vulnerabilities
Citrix has fixed a critical out-of-bounds read vulnerability in NetScaler ADC and NetScaler Gateway. The flaw, CVE-2025-5777 "could potentially allow unauthorized attackers to steal valid session tokens from the memory of Internet-facing NetScaler devices via malformed requests." CVE-2025-5777 bears resemblances to CVE-2023-4966, known as CitrixBleed. In the same security bulletin, Citrix also addressed CVE-2025-5349, a high-severity improper access control vulnerability affecting NetScaler ADC and NetScaler Gateway.
Editor's Notes
Historically, attackers have been quick to leverage vulnerabilities in Citrix NetScaler services, so rapid application of the fix is prudent. After applying the patches to your NetScaler devices, be sure to terminate any active ICA and PCoIP sessions to invalidate any possibly stolen session tokens. Session termination, using the kill sessions command, rather than a reboot, is required to prevent those sessions from being restored using existing tokens.
Microsoft Ending Support for Old Hardware Drivers
In a June 19 Hardware Dev Center blog, Microsoft writes that they will "clean up" legacy drivers on Windows Update to improve compatibility and strengthen security. The first set of drivers that will be pulled are those that already have replacements on Windows Update. Microsoft writes, "the rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the Windows ecosystem, while making sure that Microsoft Windows security posture is not compromised."
Editor's Notes
- Slide 1 of 2
They are working to remove expired/legacy drivers. Six-month notification will be provided to those whose drivers will be unpublished/expired. Partners with drivers which are removed can request they be republished but require a business justification. While not stated, those drivers will likely be expected to meet current security requirements, as Microsoft is stating compatibility and security are the core drivers, no pun intended, behind this project.
- Slide 2 of 2
Microsoft's commitments to being device-open and backwards-compatible proved to be popular among users and sound business for Microsoft. This move may reduce risk with a minimum of business disruption.
Slide 1 of 0- Slide 1 of 2
Internet Storm Center Tech Corner
SANS Internet Storm Center StormCast Tuesday, June 24, 2025
Ichano ATHome IP Camera Scans; NetScaler Vulnerability; WinRar Vulnerability
https://isc.sans.edu/podcastdetail/9502
Scans for Ichano AtHome IP Cameras
A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software.
https://isc.sans.edu/diary/Scans+for+Ichano+AtHome+IP+Cameras/32062
Critical NetScaler Security Update CVE-2025-5777
CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
WinRar Vulnerability CVE-2025-6218
WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution
SANS Internet Storm Center StormCast Monday, June 23, 2025
ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials
https://isc.sans.edu/podcastdetail/9500
ADS & Python Tools
Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams.
https://isc.sans.edu/diary/ADS+Python+Tools/32058
Enhanced security defaults for Windows 365 Cloud PCs
Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings.
CVE-2025-34508: Another File Sharing Application, Another Path Traversal
Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to.
Unexpected security footguns in Go's parsers
Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour.
https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/
SANS Internet Storm Center StormCast Friday, June 20, 2025
New Employee Phishing; Malicious Tech Support Links; Social Engineering App Specific Passwords
https://isc.sans.edu/podcastdetail/9498
How Long Until the Phishing Starts? About Two Weeks
After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails.
https://isc.sans.edu/diary/How+Long+Until+the+Phishing+Starts+About+Two+Weeks/32052
Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers
Scammers are placing Google ads that point to legitimate companiesÕ sites, but are injecting malicious text into the page advertising fake tech support numbers
What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
Targeted attacks are tricking victims into creating app-specific passwords to Google resources.