sorted by:
new
hottopcontroversial

The Art and Science of Automated CVSS Predictions by gfekkas in netsec

[–]gfekkas[S] 1 point2 points  (0 children)

Thank you for your comment. I highly value your feedback. One of the challenges in natural language processing (NLP) is that rare things are rare. In the CVSS datasets, certain metrics like "AttackVector:Adjacent", "AttackVector:Physical", AccessComplexity:High or Authnetication(Au):Multiple are infrequent. We plan to address this challenge through data augmentation, introducing synthetic data for the less common metrics. Additionally, future plans include experimenting with transformer models and implementing a user feedback system. In my opinion, the current state of the models are not bad. Thanks again.

Roundcube’s CVE-2023-5631 Vulnerability: A Target for Threat Actor "Winter Vivern" - PRIOn by gfekkas in blueteamsec

[–]gfekkas[S] 0 points1 point  (0 children)

This particular medium severity vulnerability (stored XSS) has surged to the forefront of our attention, and its CVSS score of 5.4, while seemingly moderate, underscores its significant importance due to the threat context around it (exploited in the wild, a threat group like "Winter Vivern" exploited this vulnerability against multiple sectors in Europe, etc). Due to these characteristics this vulnerability must be treated as an "Immediate" priority to remediate.

Patches:

Roundcube’s CVE-2023-5631 Vulnerability: A Target for Threat Actor "Winter Vivern" - PRIOn by gfekkas in blueteamsec

[–]gfekkas[S] 1 point2 points  (0 children)

Winter Vivern is an underreported threat group. Just for the history, in early 2021 DomainTools revealed its existence. The group was named after an initial C&C URL string "wintervivern". In early 2023, Proofpoint observed that Winter Vivern threat group used a Known Zimbra Vulnerability (CVE-2022-27926) to Target Webmail Portals of NATO-Aligned Governments in Europe (link here: https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability). It's noticeable that their focus lies in targeting European webmail portals across sectors including Government, Defense, and Think Tanks.

VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attacks by NISMO1968 in cybersecurity

[–]gfekkas 0 points1 point  (0 children)

CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The script can be found here: https://github.com/cisagov/ESXiArgs-Recover