You must login to view this content
You must login to view this content
You must login to view this content
The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor.
The post Russian-Backed Threat Group Uses SocGholish to Target U.S. Company appeared first on Security Boulevard.
You must login to view this content
The common perception is that a security vulnerability is a rare, complex attack pattern. In reality, the journey of most flaws begins much earlier and much more simply: as a code quality issue. For both developers and security practitioners, understanding this lifecycle is crucial to building secure, reliable, and maintainable software.
The post Why prioritizing code quality is the fastest way to reduce security risks appeared first on Security Boulevard.
Session4A: IoT Security
Authors, Creators & Presenters: Eman Maali (Imperial College London), Omar Alrawi (Georgia Institute of Technology), Julie McCann (Imperial College London)
PAPER
Evaluating Machine Learning-Based IoT Device Identification Models for Security Applications
With the proliferation of IoT devices, network device identification is essential for effective network management and security. Many exhibit performance degradation despite the potential of machine learning-based IoT device identification solutions. Degradation arises from the assumption of static IoT environments that do not account for the diversity of real-world IoT networks, as devices operate in various modes and evolve over time. In this paper, we evaluate current IoT device identification solutions using curated datasets and representative features across different settings. We consider key factors that affect real-world device identification, including modes of operation, spatio-temporal variations, and traffic sampling, and organise them into a set of attributes by which we can evaluate current solutions. We then use machine learning explainability techniques to pinpoint the key causes of performance degradation. This evaluation uncovers empirical evidence of what continuously identifies devices, provides valuable insights, and practical recommendations for network operators to improve their IoT device identification in operational deployments
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Machine Learning-Based loT Device Identification Models For Security Applications appeared first on Security Boulevard.
Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633) in Windows systems. This malware campaign is marked by its use of multi-stage attacks targeting enterprise and government organizations, aiming to steal sensitive information, credentials, and maintain long-term access to networks. Emerging in 2025, these […]
The post Water Gamayun Hackers Exploit Windows MSC EvilTwin 0-Day to Inject Stealthy Malware appeared first on Cyber Security News.