SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThe European Union Agency for Cybersecurity (ENISA) has communicated to news sources that ongoing disruptions to major airline operations in Europe are the result of a ransomware attack. Starting on Friday, September 19, 2025, and continuing over the weekend, London's Heathrow Airport, Berlin Brandenburg Airport, Brussels Airport, and Dublin Airport were forced to delay and cancel flights and switch to manual check-in and boarding, with Brussels reportedly cancelling more than half of all outbound flights for Monday. The target disabled by the attack was the third-party ARINC cMUSE software (Aeronautical Radio Incorporated, Multi User System Environment) used for passenger processing, produced by Collins Aerospace, a company owned by major defense conglomerate RTX. According to a Heathrow memo seen by the BBC, Collins initially rebuilt and relaunched its systems after discovering the attack, only to find the hackers had maintained access. The memo also reportedly estimates that over a thousand Heathrow computers will have to be restored manually in person. Collins has reportedly advised airlines "not to turn off computers or log out of the Muse software if they were logged in." As of Monday, September 22, Collins has stated only that software updates are finalizing; affected airports are still waiting on the company for a fixed system. Heathrow stated, "This system is not owned or operated by Heathrow, so whilst we cannot resolve the IT issue directly, we are supporting airlines and have additional colleagues in the terminals to assist passengers." Heathrow notes that most flights are operating normally, and all affected airports are encouraging passengers to plan arrival times appropriately and check flight status before arriving for travel, as delays continue. Also on Friday, Pulkovo Airport in St. Petersburg experienced an unrelated cyberattack that disrupted its website but did not affect airline operations, and Dallas Fort Worth International Airport in Texas suffered a Terminal Radar Approach Control (TRACON) outage resulting in significant flight delays and cancellations, due to the unexplained severing of two fiber optic cables.
A couple of take-aways here. First, third-party risk is tricky and common/best-of-breed solutions can result in multi-site outages. Second, when remediating, make sure the adversary is truly out of your system(s). Ensure the holes are closed. Third, (network) path diversity still matters; cable cuts can still happen. Make sure to include these scenarios in your table-top, and identify how you can mitigate them, if at all, and where you cannot, what your communication/action plan will be when they occur.
Just consider this as a weekly reminder of (1) the complexity of supply chains; (2) the need for a formal Supply Chain Security program; and (3) the need for maintaining segregation/separation/security zoning to limit breach impact. I guess we should also add: before switching over to new apps, make sure your systems aren’t already compromised.
Another supply chain attack that’s played out in real time. Market consolidation can lead to a single point of failure across an industry sector, as it did in the airline industry. Organizations should use this as an opportunity to revisit their risk register looking at technology diversification and supply chain risk to operations.
BBC
Reuters
The Register
SecurityWeek
Dark Reading
The Record
The Guardian
TechCrunch
The Register
The Record
The US Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis report detailing "two sets of malware from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM)." The vulnerabilities, both rated high severity, affect Ivanti EPMM versions 11.12.0.4 and earlier, 12.3.0.1 and earlier, 12.4.0.1 and earlier, and 12.5.0.0 and earlier. Ivanti disclosed the vulnerabilities on May 13, 2025, and CISA added both to the Known Exploited Vulnerabilities (KEV) catalog on May 19. CISA's analysis includes a description of how the malware is delivered, as well as indicators of compromise (IoCs), and suggested mitigations.
These are the zero-day flaws patched by Ivanti back on May 13. Make sure that you're running the latest Ivanti EPMM, with the latest security guidance implemented. Also make sure that your threat hunters have the IoCs published in CISA analysis report ar25-261a. It's a good idea to consider your mobile device management platform a critical or high value asset with corresponding security controls and monitoring for nefarious activity.
The Register
The Hacker News
BleepingComputer
CISA
NIST
NIST
Fortra has published a security advisory describing "a deserialization vulnerability (CVE-2025-10035) in the License Servlet of Fortra's GoAnywhere MFT [that] allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection." Fortra urges customers "to monitor their Admin Audit logs for suspicious activity and the log files for errors containing SignedObject.getObject: If this string is present in an exception stack trace ... then the instance was likely affected by this vulnerability." Fortra has released updates to address the issue; users are advised to upgrade to the latest release 7.8.4, or the Sustain Release 7.6.3.
CVE-2025-10035, deserialization flaw, has a CVSS score of 10.0. Make sure that you're limiting access to the GoAnywhere Admin Console (i.e., not open to the public) as well as applying the update. Also have your threat hunters look for the IoCs in the logs to see if further actions are necessary.
Dark Reading
CyberScoop
The Register
The Hacker News
Help Net Security
BleepingComputer
SecurityWeek
Fortra
NIST
The HIPAA Journal's Healthcare Breach Report for August 2025 found "a 13.7% month-over-month increase in large healthcare data breaches." The US Department of Health and Human Services Office for Civil Rights (HHS OCR) received 58 reports for breaches affecting 500 or more individuals during the month of August 2025, just below the average of 63.5 breaches affecting 500 people or more over the past 12 months. The actual number of people affected by breaches reported to HHS OCR has fallen for the past two months. The number of people affected by breaches over a twelve month period is down nearly 85 percent, due in part to the Change Healthcare breach disclosed in July 2024, which exposed data belonging to 192.7 million individuals. The single largest breach reported in August 2025 was the DaVita ransomware attack and data theft that affected nearly 2.7 million individuals. The HIPAA Journal also keeps a running table of Healthcare Data Breach Statistics (see the second link below).
Of interest is the causes of the breaches, hacking/IT incident, and location of breached data network server, then email, which you may wish to consider when prioritizing and justifying your preventative measures. The tricky part is, even when you've got those measures implemented, you must make sure that new services and devices are incorporated in those protections rather than introducing a new "weakest link."
Not surprising. The healthcare sector continues to be a frequent target of ransomware gangs and yes, they occasionally reel in a 'big fish' like Change Healthcare. While the report is informative, every, and I mean every healthcare CISO is already aware they are a target, and they should have doubled down on essential cyber hygiene.
HIPAA Journal
HIPAA Journal
Researchers at Radware discovered and disclosed an indirect prompt injection vulnerability in the ChatGPT Deep Research agent when integrated with Gmail, allowing the agent to directly exfiltrate inbox data without user interaction. When the agent crawls a user's inbox, it reads malicious instructions hidden in the body of an email and executes them. Notably the prompts cause the agent to exfiltrate the data using its built-in browsing tool; because the agent transmits the data directly from OpenAI servers rather than through the client-side interface, this bypasses "traditional enterprise defenses — such as secure web gateway, endpoint monitoring, or browser security policies," and is not visible to the user. Radware overcame the agent's security restrictions by employing social engineering strategies, such as asserting authority in the guise of an HR compliance message, creating urgency and negative consequences, making false security claims, providing a clear example of what the agent must do, obfuscating the request with official-sounding jargon, and insisting the agent retry multiple times, thus continuing past occasional failures. Radware notes that "the attack pattern generalizes to any data connector integrated with Deep Research," which can access many services including but not limited to Google Drive, Dropbox, Sharepoint, Outlook Mail, Outlook Calendar, Google Calendar, Microsoft Teams, Hubspot, Notion, Linear, and GitHub. The researchers recommend that enterprises sanitize email, normalizing and removing suspicious CSS and HTML elements, but state that "a more robust mitigation" involves continuously tracking the "alignment" of the agent, monitoring its behavior and intent in order to block deviations. Radware disclosed the flaw on June 18, 2025, and OpenAI patched the flaw in early August, marking it as resolved on September 3.
This is a new class of attack, codenamed ShadowLeak by Radware. The attack is triggered by AI prompts in data, typically hidden, in the connected services, Gmail, Outlook, GitHub, Google Drive, Teams, etc. The attack still requires the user to initiate Deep Research, a new feature which was introduced in February; it's likely your users are leveraging this feature regularly. It's important to understand this attack involves exfiltrating data via the OpenAI servers, bypassing your traditional security controls, making detection essentially impossible. Beyond the fix from OpenAI, consider your AI agents as privileged users and restrict what they can access.
We have at least 5-10 more years of headlines of this type (“AI Software Allows Bad Stuff to Happen to Sensitive Data”). AI Data Governance is key – huge amounts of software accessing huge amounts of data (think operating systems for the past 40 years) are essentially never-ending sources of attackable surfaces.
ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent
Dark Reading
The Hacker News
The Register
Multiple groups representing US state and local governments have signed a letter to legislators calling for the reauthorization of the State and Local Cybersecurity Grant Program (SLCGP). Earlier this month, the US House Homeland Security Committee voted to extend the program for a decade through the Protecting Information by Local Leaders for Agency Resilience, or PILLAR, Act, but did not address the amount of funding SLCGP should receive. The initial iteration of SLCGP allocated $1 billion over four years with matching funds required from state and local government, increasing with each year. The letter requests that "as Congress continues working to reauthorize this grant program, we urge you to strongly support its successful continuation by ensuring that any reauthorization is accompanied by a robust appropriation that will allow the program to meet the goals outlined by its authors.” Without reauthorization, SLCGP is set to expire at the end of September. Organizations signing the letter include the National Governors Association, National League of Cities, National Association of State Chief Information Officers, National Conference of State Legislatures, National Emergency Management Association, National Association of Counties, United States Conference of Mayors, Council of State Governments, and the International City/County Management Association.
Restoring the initial funding for SLCGP would be of high value to State and Tribal agencies who need every advantage with cyber security initiatives. Five industry groups led by the Alliance for Digital Innovation also filed a request for reauthorization, suggesting $2.25 billion annually in funding for the SLCGP. The timing is unfortunate, and with focus on a possible government shutdown October 1st, this request may be lost in the noise. While that plays out, the best move (and there is little time for this) is to apply immediately in hopes of getting a piece of what remains, or to possibly be in the queue in the event it is reauthorized.
In a September 19 Public Service Announcement, the US Federal Bureau of Investigation (FBI) warns that "threat actors are spoofing the FBI Internet Crime Complaint Center (IC3) government website." The FBI recommends that people wishing to visit the IC3 website type "www.ic3.gov" in the address bar instead of using a search engine; avoid clicking on sponsored results from search engines; never share sensitive information if they have doubts about a site's legitimacy; and report incidents to www.ic3.gov. They also remind users that "IC3 does not maintain any social media presence."
The spoofed sites, such as icc3[.]live, look very convincing, reflecting current FBI warnings on the legitimate IC3 site. It’s worth reminding your users about the FBI-recommended mitigations against spoofed websites, such as caution clicking sponsored results in a search engine, and checking the URL visited to make sure it's what was expected. Make sure that your DNS service is set to block/disable known spoofed sites.
Not surprising that miscreants would try to spoof a government website. What probably aided in this was the fact that IC3 doesn’t maintain any social media presence. Further, really, do you think users will bother to type in the URL, as opposed to using the search engine? I would add to the FBI recommendations, to routinely, perhaps daily, restart your web browser, and to maintain a rigorous patch management process for the enterprise.
Multinational automobile manufacturer Stellantis says that a data security breach of a third-party service provider has compromised basic customer data for the company's North American customer service operations. Stellantis is the parent company to more than a dozen automobile brands, including Alfa Romeo, Chrysler, Citroën, Dodge, Fiat, Jeep, Opel, and Peugeot; they operate manufacturing facilities around the works and have operations in more than 130 countries. They plan to notify affected customers directly. The company has not said how many individuals are affected by the breach.
Another third-party breach. Time to reconsider what your response will be; sitting back while they investigate may not be the message you wish to send to users. If nothing else, make sure that you have current and validated incident reporting and response contacts for both parties, as well as a clear understanding of their notification process. For example, in a past life, a provider said they would notify US-CERT, and expected us to pick up notification from there. This necessitated clarifying discussions to establish a path forward with acceptable risk.
A teenage individual surrendered authorities in Las Vegas, Nevada, to face charges related to a series of cyberattacks targeting casinos in that city between August and October 2023. The unnamed individual was "booked on three counts of obtaining and using personal identifying information of another person to harm or impersonate, one count of extortion, one count of conspiracy to commit extortion, and one count of unlawful acts regarding computers." This arrest follows the arrests of two teenaged Scattered Spider suspects in the UK last week. In a separate, related story, experts from risk advisory firm Kroll speaking at the Gartner Security & Risk Management Summit 2025 described Scattered Spider's tactics and techniques and offered recommendations for organizations to protect themselves against Scattered Spider attacks.
Even though he turned himself in, he is going to be tried as an adult in this case. Make sure that you're implementing protections against Scattered Spider, or similar, attacks, which include: phishing-resistant MFA; protections against social engineering such as in-person or video requirements for password resets; ensuring third-party security is fully implemented and current; and verifying your monitoring and response capabilities cover all your services equally.
SANS Internet Storm Center StormCast Tuesday, September 23, 2025
Ivanti EPMM Exploit; GitHub Impersonation; Oracle Scheduler Ransomware
https://isc.sans.edu/podcastdetail/9624
CISA Reports Ivanti EPMM Exploit Sightings
Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May.
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
LastPass Observes Impersonation on GitHub
LastPass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware.
https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
Oracle Scheduler Ransomware
Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service.
SANS Internet Storm Center StormCast Monday, September 22, 2025
Odd HTTP Request; GoAnywhere MFT Bug; EDR Freeze
https://isc.sans.edu/podcastdetail/9622
Help Wanted: What are these odd requests about?
An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you know what the request is about.
https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/
Forta GoAnywhere MFT Vulnerability
Forta’s GoAnywhere MFT product suffers from a critical deserialization vulnerability. Forta released an advisory disclosing the vulnerability on Thursday.
https://www.fortra.com/security/advisories/product-security/fi-2025-012
EDR Freeze
A new tool, EDR Freeze, allows regular users to suspend EDR processes.
https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html
Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.
Browse ArchiveWebcast | Modernizing OT Security: How Frenos Uses Digital Twin Technology, AI and Threat Emulation to Transform Security Posture & Compliance | Wednesday, October 1, 2025 at 10:30AM ET Join SANS experts Jason Dely & Tim Conway to discover how forward-leaning organizations are transforming operational technology defenses to stay ahead of evolving cyber threats.
Webcast | SANS CloudSecNext Summit Solutions Track 2025 | Friday, October 3, 2025 at 10:00AM MT See the newest cloud-native tools and strategies in action, and walk away ready to strengthen your organization's cloud security posture.
Webcast | Continuous Penetration Testing: Closing the Gaps Between Threat and Response | Thursday, October 23, 2025 at 10:30AM ET Learn how continuous testing exposes hidden vulnerabilities before attackers do-closing the gaps traditional assessments leave behind.
Webcast | Fall Cyber Solutions Fest: Threat Track | Thursday, November 6, 2025 at 9:30AM ET Gain cutting-edge intelligence on today's most dangerous adversaries and practical tactics to stop them in their tracks.