SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Top of the News
Cisco Announces Max-Severity SD-WAN Flaw, Record Revenue, and Layoffs
Cisco urges users to apply patches for a maximum-severity vulnerability in the Cisco Catalyst SD-WAN Controller (formerly vSmart), that is under active exploitation. CVE-2026-20182, CVSS score 10.0, allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges by sending crafted requests that exploit improper functioning of the peering authentication mechanism. Rapid7, who discovered and first disclosed the flaw, characterize this as "the cybersecurity version of a Jedi mind trick," explaining that "an attacker can present themselves to the controller as a trusted network router and, if the system accepts that claim without properly validating it, they can obtain the highest level of administrative access." While this flaw affects the same vdaemon service as another CVSS 10.0 flaw in the Cisco Catalyst SD-WAN Controller and Manager fixed in March (CVE-2026-20127), the new flaw is not a patch bypass but rather a separate issue. Users should check for indicators of compromise (IoCs) and upgrade to the fixed release indicated for their system in Cisco's advisory; there are no workarounds. This news coincides with Cisco's announcement of "reduction of [their] overall workforce in Q4 by fewer than 4,000 jobs" following record revenue growth in Q3. Cisco CEO Chuck Robbins states that the company will instead invest "in silicon, optics, security, and in [their] employees’ use of AI across the company."
Editor's Notes
- Slide 1 of 4
These are the droids you're looking for. Don't overlook this as the flaw from March: same daemon, new issue, new patch, no workaround. The Cisco advisory includes the IoCs, a validation checklist, and example output. Check Cisco's fixed releases table, as you may have to move off an EOL version to get the fix. Note that the cloud managed Cisco SD-WAN has already been patched.
- Slide 2 of 4
I should highlight here that this system in question is the SD-WAN component of the Cisco Product line; if you are a customer, you should patch immediately. There is also guidance on how to see if you have been impacted.
- Slide 3 of 4
It’s been a bad few months for Cisco. That said, as a founding member of Project Glasswing, hopefully Cisco is leveraging Claude Mythos to accelerate its vulnerability detection and patch management. In the near-term, organizations should look to automate their own patch management process as vendors make patches available.
- Slide 4 of 4
The cost of patching, not to mention the risk of not doing so, is part of the cost of use. It should be identified (or at least assumed) as part of the acquisition process and decision to buy and use.
Slide 1 of 0- Slide 1 of 4
Mexican Water Utility AI-Assisted Breach
Between December 2025 and February 2026, a threat actor using AI-assisted attacks breached nine Mexican government entities, exfiltrating large amounts of data. According to a report from Gambit, Claude and GPT-4.1 APIs "performed much of the technical work, including reconnaissance, exploit customization, privilege escalation, database architecture mapping, exfiltration infrastructure development, tunnel chain construction, and credential harvesting." Gambit brought in Dragos to assess the threat actor's attack against one of the targets, the Servicios de Agua y Drenaje de Monterrey (SADM) utility in Monterrey, Mexico. Dragos found that the threat actor appeared to be looking for data to steal until becoming aware that the network at SADM contained an OT interface. Claude identified the utility's vNode industrial gateway as "a high-value critical asset." The attacker told Claude to generate an attack, which turned out to be an unsuccessful password spray attack. The failed password spraying attack indicates good password hygiene on the SADM system. In its threat intelligence brief, Dragos writes that "AI can make OT systems more visible to adversaries already operating inside IT environments," and goes on to say that "the further integration of AI into adversary operations reinforces the view that prevention-only security strategies are increasingly insufficient on their own, underscoring the growing importance of strong foundational security aligned with the SANS Five Critical Controls for ICS Cybersecurity."
Editor's Notes
- Slide 1 of 5
The important takeaway here is not that AI suddenly made the attacker unstoppable. The attacker still needed access, persistence, and operational understanding. What AI changed was the speed and scale at which reconnaissance and targeting could happen once inside the environment. There is an important defensive lesson in this story. The attempted password spray against the OT interface failed because basic security controls were working. That reinforces a point many administrators should understand: strong foundational practices still matter, even in an era of AI-assisted attacks.
- Slide 2 of 5
My buddy John asked me if we're seeing OT attacks on critical infrastructure other than the electrical sector, and here we are. Read the Dragos writeup; their recommendations apply broadly. AI is redefining what we consider "secure enough" — that space where you've implemented enough controls to achieve an acceptable level of risk. There is no such thing as absolute security. Security through obscurity has never been a sound principle either. Tempting, sure, but effective, no. What we need to do is revisit our accepted risks and cyber hygiene with an eye to AI, keeping in mind that basics like patches, limiting access, MFA, password hygiene, and comprehensive hardware (and software) inventory still work.
- Slide 3 of 5
This story is a timely reality check on AI-assisted cyberattacks. While the headlines and hype will show that AI appears to have accelerated reconnaissance and attack preparation, traditional security controls such as strong passwords still proved effective in preventing further compromise. Given the rise in this type of attack, organisations should avoid both being overly complacent and being distracted by the hype. Remember that AI may improve attacker efficiency and scalability, but good foundational security practices remain highly effective.
- Slide 4 of 5
Imagine how long a manual attack like that might have taken. AI is a productivity enhancer. That said, this attack required significant special knowledge on the part of the attacker. A human being is responsible for anything the computer is asked to do and for all of the results.
- Slide 5 of 5
Expect more AI-assisted attacks in our future. The best defense remains adherence to strong cybersecurity fundamentals such as the CIS Critical Security Controls. If you make that investment, you’re better positioned to absorb the change brought on by AI. If you haven’t, no time like the present to begin.
Slide 1 of 0- Slide 1 of 5
Third Linux Kernel Privilege Escalation Flaw in Two Weeks
A researcher has disclosed a vulnerability of the same class as the recently disclosed "Dirty Frag" flaw, making this the third Linux kernel privilege escalation flaw with proof-of-concept (PoC) exploit code published in the last two weeks. Dubbed "Fragnesia," CVE-2026-46300 carries a CVSS score of 7.8, and allows an unprivileged local attacker to elevate privileges to root by exploiting a "write-what-where condition" page-cache corruption vulnerability to overwrite sensitive system files. Fragnesia affects the XFRM ESP-in-TCP subsystem in all the same major distributions affected by Dirty Frag, but it involves a separate single CVE rather than two. William Bowling with the V12 team disclosed the vulnerability and published the PoC exploit on May 13. Continuing the trend, this disclosure and public PoC arrived before many distributions could issue their own patches; users can apply the kernel patch directly, and if patching is not possible, the same actions that mitigate Dirty Frag also mitigate Fragnesia: temporarily disable the vulnerable kernel modules, assess operational impact of remediation, harden local access paths, monitor for suspicious activity, and conduct cleanup if compromise is suspected. There is evidence of exploitation in the wild for Copy Fail and Dirty Frag, but none yet for Fragnesia at the time of this writing.
Editor's Notes
- Slide 1 of 3
Fortunately, the mitigation for Dirty Frag, disabling esp4, esp6 and rxpc modules, also works for Fragnesia. This flaw modifies cached file pages, not on-disk files, using created namespaces with CAP_NET_ADMIN privileges. In this case you need to watch for suspicious namespace creation, XFRM manipulation of use of AF_ALG. If detected, clearing page cache contents or rebooting will clear out the modified in-memory binaries.
- Slide 2 of 3
There will be many more of these coming I believe. Here is the thing to note about this one: there is currently no patch but there is a workaround. If you can disable this feature in the kernel, then maybe you should try and do that. I know the kernel team is working to try and get a kill switch for modules and functions as a workaround for these types of scenarios.
- Slide 3 of 3
For whatever reason, the vulnerability researcher(s) don’t feel compelled to follow the responsible disclosure process. That’s unfortunate, as the choices available to you until the major Linux distributions offer a patch are somewhat stark.
Slide 1 of 0- Slide 1 of 3
The Rest of the Week's News
AI-Driven Microsoft Patch Tuesday Includes 30 Critical CVEs
On Tuesday, May 12, Microsoft released updates to address more than 130 vulnerabilities across their products lines. This month's Patch Tuesday does not include any previously disclosed or exploited vulnerabilities; thirty of the flaws are rated critical. Microsoft notes that larger batches of updates are likely to be the norm as AI becomes more a part of the process. In a note accompanying the Patch Tuesday release, Microsoft VP of Engineering Tom Gallagher writes that in this month's batch of fixes, "a greater share of the issues addressed were discovered by Microsoft, compared to prior months. Many of these were surfaced through AI investments and investigations across our engineering and research teams, including the use of Microsoft's new multi-model AI-driven scanning harness. A number were also credited to external researchers working in collaboration with AI." Gallagher advises users to "stay current on supported operating systems, products, and patches, and revisit the speed and consistency of your patching cadence, reduce unnecessary exposure, tighten identity, segment your environments, and invest in detection and response."
Editor's Notes
- Slide 1 of 3
As expected, using AI for discovery and resolution of vulnerabilities is resulting in a spike in flaw counts. Microsoft, Apple, Mozilla, Google and Oracle are using AI, likely as part of Project Glasswing, for flaw discovery and remediation. That is a lot of flaws to digest/understand. Ultimately, the number of newly discovered flaws is expected to taper off; fortunately, resources such as Rapid7 and the SANS ISC are helping with the heavy lifting when it comes to finding the more concerning issues. Specific to Microsoft, you want to keep an eye on CVE-2026-41089, a Netlogin flaw which allows SYSTEM privileges; CVE-2026-41096, a Windows DNS RCE flaw; and CVE-2026-41103, a privilege escalation flaw using forged credentials bypassing Entra ID.
- Slide 2 of 3
About half of the critical flaws only affect Microsoft’s cloud products, and users do not have to take any action. Microsoft, in recent months, has become more transparent about vulnerabilities in its cloud products, leading to more of them being included in “Patch Tuesday.”
- Slide 3 of 3
Validates my long-held contention that Microsoft legacy code contains a reservoir of both known and unknown vulnerabilities. For reasons that include backwards compatibility, they are difficult to fix. That said, moving them from unknown to known is a necessary first step.
Slide 1 of 0- Slide 1 of 3
Instructure Must Brief US House on Canvas Disruptions
US Congressman and House Committee on Homeland Security Chairman Andrew R. Garbarino (R-NY) has sent a letter to the CEO of Instructure Holdings Inc., insisting on a "full and transparent accounting" of cybersecurity incidents that disrupted the Canvas educational platform in May 2026. Garbarino notes that the incidents compromised a company that serves more than 8,000 institutions and 30 million active users globally, prompting the committee to investigate the disruption as "a matter of national concern." The letter gives an overview of the alleged details of the incidents as reported by news sources, expressing dissatisfaction with "the gap between Instructure’s public characterization of this event and the scale suggested by the attacker’s own claims." The committee requests a briefing on circumstances, nature, scope, procedures for containment and notification, and coordination with authorities, to take place no later than Thursday, May 21, 2026.
Editor's Notes
Read the letter to Instructure. Feels like getting called into the principal's office. As you may recall, they apologized for not handling the incident disclosure well, to include downplaying the second attack and whether they paid the extortion. Even if that communication had been more transparent, it's still likely they'd be called upon to report further given the adoption of Canvas, but they would already be prepared to discuss the incident in detail. Make sure you understand incident communication and reporting requirements from both a customer and regulator point of view. Be prepared to be proactive, rather than playing catchup and begging forgiveness later.
Foxconn North American Factories Suffered Cyberattack
Multinational electronics manufacturer Foxconn Technology Group, headquartered in Taiwan where the company is known as Hon Hai, has confirmed to news sources that the company's North American factories recently experienced a cyberattack. According to Foxconn, "The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production." The company has not disclosed further details about the scope, nature, or timing of the attack, and has not verified any claims of ransomware or data theft. Foxconn reported more than $260 billion of revenue in 2025, and employs over 900,000 people at 240 campuses in 24 countries; the company is a prominent manufacturer for major tech brands including Apple, Nvidia, Intel, Amazon, Dell, Google, Huawei, Microsoft, Nintendo, Sony, and Xiaomi.
Editor's Notes
- Slide 1 of 3
While attacks disrupting the supply chain are nothing new, we are seeing more and more of them occurring. In today's world of complex supply chains and just-in-time manufacturing, businesses need to ensure that their resilience planning looks at not just the cybersecurity risks within their supply chain but also at the disruption a cyberattack on a key supplier could have on their business, and implement controls to mitigate that impact.
- Slide 2 of 3
Foxconn is targeted as a manufacturer and an opportunity for supply chain disruption or manipulation/theft of IP. The Nitrogen Ransomware gang is taking credit for the attack, claiming to have taken 8TB of data including technical drawings, instructions and internal product documentation for products from Apple, Dell, Intel, Google, Nvidia and others. While the specific attack vector is unknown, Nitrogen specializes in SEO poisoning and fake software downloads to distribute malware. Make sure that your EDR is ubiquitous, configured for maximum effectiveness, and that you are actively blocking malicious sites. Ensure that downloads are verified, and that you can detect and stop attempted exfiltration of data.
- Slide 3 of 3
Not a lot of details, but it just goes to show that even a Fortune 30 company can fall victim to a suspected ransomware attack. It’s unlikely that we’ll know the details of the attack, and more importantly, what cybersecurity defenses were lacking.
Slide 1 of 0- Slide 1 of 3
Community Bank Reports Data Exposure Incident
A Pennsylvania-based bank has reported itself to the US Securities and Exchange Commission (SEC) for "an internal incident involving the handling of certain non‑public customer information using an unauthorized artificial intelligence-based software application." While the incident did not affect bank operations, Community Bank deemed the event to be material and made the decision to self-report "due to the volume and sensitive nature of the non-public information." The compromised data include names, Social Security numbers (SSNs) and dates of birth. Community Bank is conducting an internal investigation.
Editor's Notes
- Slide 1 of 3
This incident demonstrates the growing risks associated with the unsanctioned use of AI tools within organisations. Just like the introduction of BYOD through smartphones, people are going to use these AI services unless structured and workable enterprise AI alternatives are made available. Banning the use of AI tools will not work, however companies need to understand that sensitive data being entered into unapproved AI services can quickly create both security and regulatory issues. Organisations, especially those operating within the EU and regulated by the EU GDPR and the EU AI Act, should ensure clear policies exist around the use of AI applications, particularly where personal or sensitive data is involved. Introducing authorised and sanctioned tools that staff can easily use is also a necessary step. Blocking access to public AI services via web proxy solutions and/or monitoring DNS traffic going to such sites could be an additional layer of control.
- Slide 2 of 3
With the intense pressure to adopt and embrace AI, guidance is essential. It is really tempting for staff to use their credentials to point an AI agent at data to conduct analysis without consideration of where that data is copied/processed. Our challenge is to help staff use AI securely, to support delivery and innovation without compromising security or causing undue delays in delivery. Take a hard look at creating local instances, to include your private cloud services, where you can control data flow and access. Do not become the problem (or roadblock) that the smart people you've hired feel the need to solve.
- Slide 3 of 3
Here’s an example of an employee’s desire to use AI having harmful effects on the company. An AI Acceptable Use Policy coupled with employee AI awareness training could have reduced the likelihood of this data spillage. Let this serve as a reminder to companies to create policies around the use of AI for business operations.
Slide 1 of 0- Slide 1 of 3
West Pharmaceutical Data Exfiltrated and Systems Encrypted
In a Form 8-K filing with the US Securities and Exchange Commission (SEC), Pennsylvania-based West Pharmaceutical Services Inc. disclosed that it experienced a ransomware attack. West Pharmaceutical first detected the incident on May 4, 2026, and three days later determined that the incident was "a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party and certain systems were encrypted." The incident has temporarily disrupted the company's global business operations. West Pharmaceutical has notified law enforcement agencies and brought in third-party cyber forensic experts. In a Thursday, May 13 update to the West Pharmaceutical's "Company Alerts" page, the company writes that based on the findings of Palo Alto Networks Unit 42, "the currently available evidence indicates that the identified unauthorized activity has been contained and the immediate risk to West’s operational environment has been mitigated."
Editor's Notes
The Healthcare sector continues to have a sustained high level of malicious activity targeting them, meaning you need to stay on your toes ensuring that you're set for defending and monitoring, and that your communication and response plans are also dialed in. West Pharmaceutical is recovering services pretty quickly, indicating they were ready and trained to do so. Go beyond the tabletop: practice recovery of systems so staff can execute smoothly. When was the last time you had recovery capability for everything? It's really easy to kick that can down the road in the heat of deploying new capability; don't leave it forgotten.
G7 Working Group Publishes SBOM Guidance for AI (AIBOM)
Cybersecurity-focused agencies from the G7 countries have published a document that "provides actionable guidelines for public and private sector stakeholders on what is reasonable to expect in a Software Bill of Materials (SBOM) for AI, and to improve transparency and cybersecurity along the AI supply chain." The guidance divides the information into seven clusters: metadata, system level properties, models, datasets, infrastructure, security, and key performance indicators. The clusters are further divided into elements, which "capture the distinctive features of AI system components." The elements described in the document are designed to establish minimum voluntary standards; they are not mandatory and "are open to further refinements to keep pace with technological development and evolution of legal or policy frameworks within G7 members." The G7 countries are Canada, France, Germany, Italy, Japan, the UK and the US.
Editor's Notes
- Slide 1 of 3
As organisations increasingly deploy AI systems, understanding the provenance of models, datasets, and supporting infrastructure becomes essential for both security and governance. Organisations operating in the EU should pay close attention to these developments given the wider regulatory focus under laws such as the EU AI Act and the EU GDPR.
- Slide 2 of 3
We're all trying to figure out what questions to ask about AI to understand and secure it. This document is only 26 pages long and is worth reviewing. While we don't yet have AIBOMs, this is a minimum set of characteristics you'll want to understand about AI systems, which you can then leverage to ensure you've appropriately incorporated necessary cybersecurity tools. Keep an eye on this as it matures.
- Slide 3 of 3
The re-use of poorly documented code is risky. Developers are responsible for all the code they use in their product, whether or not it is original. A digital SBOM is essential documentation.
Slide 1 of 0- Slide 1 of 3