Network Security

<p>SESSION<br> Session 3C: Mobile Security</p><p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/G86w5GFo9X8?si=E1R74BDZnWeZ8ZpO" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">Authors, Creators &amp; Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology) <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p>PAPER<br> Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse<br> For decades, law enforcement and commercial entities have attempted botnet takedowns with mixed success. These efforts, relying on DNS sink-holing or seizing C&amp;C infrastructure, require months of preparation and often omit the cleanup of left-over infected machines. This allows botnet operators to push updates to the bots and re-establish their control. In this paper, we expand the goal of malware takedowns to include the covert and timely removal of frontend bots from infected devices. Specifically, this work proposes seizing the malware’s built-in update mechanism to distribute crafted remediation payloads. Our research aims to enable this necessary but challenging remediation step after obtaining legal permission. We developed ECHO, an automated malware forensics pipeline that extracts payload deployment routines and generates remediation payloads to disable or remove the frontend bots on infected devices. Our study of 702 Android malware shows that 523 malware can be remediated via ECHO’s takedown approach, ranging from covertly warning users about malware infection to uninstalling the malware.</p> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel. <p></p></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/11/20/ndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/ndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse/" data-a2a-title="NDSS 2025 – Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Hitchhiking%20Vaccine%3A%20Enhancing%20Botnet%20Remediation%20With%20Remote%20Code%20Deployment%20Reuse" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Hitchhiking%20Vaccine%3A%20Enhancing%20Botnet%20Remediation%20With%20Remote%20Code%20Deployment%20Reuse" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Hitchhiking%20Vaccine%3A%20Enhancing%20Botnet%20Remediation%20With%20Remote%20Code%20Deployment%20Reuse" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Hitchhiking%20Vaccine%3A%20Enhancing%20Botnet%20Remediation%20With%20Remote%20Code%20Deployment%20Reuse" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-hitchhiking-vaccine-enhancing-botnet-remediation-with-remote-code-deployment-reuse%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Hitchhiking%20Vaccine%3A%20Enhancing%20Botnet%20Remediation%20With%20Remote%20Code%20Deployment%20Reuse" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/G86w5GFo9X8?si=E1R74BDZnWeZ8ZpO">https://www.youtube-nocookie.com/embed/G86w5GFo9X8?si=E1R74BDZnWeZ8ZpO</a> </p>

<p>SESSION<br> Session 3C: Mobile Security</p><p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/FTzknkTHoDM?si=tybwURzQinBLJPkk" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">Authors, Creators &amp; Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science, Worcester Polytechnic Institute), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China) <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p>PAPER<br> What’s Done Is Not What’s Claimed: Detecting and Interpreting Inconsistencies in App Behaviors<br> The widespread use of mobile apps meets user needs but also raises security concerns. Current security analysis methods often fall short in addressing user concerns as they do not parse app behavior from the user’s standpoint, leading to users not fully understanding the risks within the apps and unknowingly exposing themselves to privacy breaches. On one hand, their analysis and results are usually presented at the code level, which may not be comprehensible to users. On the other hand, they neglect to account for the users’ perceptions of the app behavior. In this paper, we aim to extract user-related behaviors from apps and explain them to users in a comprehensible natural language form, enabling users to perceive the gap between their expectations and the app’s actual behavior, and assess the risks within the inconsistencies independently. Through experiments, our tool InconPreter is shown to effectively extract inconsistent behaviors from apps and provide accurate and reasonable explanations. InconPreter achieves an inconsistency identification precision of 94.89% on our labeled dataset, and a risk analysis accuracy of 94.56% on widely used Android malware datasets. When applied to real-world (wild) apps, InconPreter identifies 1,664 risky inconsistent behaviors from 413 apps out of 10,878 apps crawled from Google Play, including the leakage of location, SMS, and contact information, as well as unauthorized audio recording, etc., potentially affecting millions of users. Moreover, InconPreter can detect some behaviors that are not identified by previous tools, such as unauthorized location disclosure in various scenarios (e.g. taking photos, chatting, and enabling mobile hotspots, etc.). We conduct a thorough analysis of the discovered behaviors to deepen the understanding of inconsistent behaviors, thereby helping users better manage their privacy and providing insights for privacy design in further app development.</p> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel. <p></p></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/11/20/ndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/ndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors/" data-a2a-title="NDSS 2025 – Detecting And Interpreting Inconsistencies In App Behaviors"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Detecting%20And%20Interpreting%20Inconsistencies%20In%20App%20Behaviors" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Detecting%20And%20Interpreting%20Inconsistencies%20In%20App%20Behaviors" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Detecting%20And%20Interpreting%20Inconsistencies%20In%20App%20Behaviors" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Detecting%20And%20Interpreting%20Inconsistencies%20In%20App%20Behaviors" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-detecting-and-interpreting-inconsistencies-in-app-behaviors%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Detecting%20And%20Interpreting%20Inconsistencies%20In%20App%20Behaviors" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/FTzknkTHoDM?si=tybwURzQinBLJPkk">https://www.youtube-nocookie.com/embed/FTzknkTHoDM?si=tybwURzQinBLJPkk</a> </p>

How China-linked hackers co-opted Anthropics ClaudeThe group used it to launch an AI agent that then went on the attackFOR THE targets of GTG-1002, a Chinese state-sponsored hacking group, it felt li… [+138 chars]

I do want to provide an update on what benefits our operational transformation has generated for Men thus far since its delivery in mid-Q1. After all, the cost savings from this transformation are ho… [+9505 chars]

How Chinese-linked hackers co-opted Anthropics ClaudeThe group used it to launch an AI agent that then went on the attackFOR THE targets of GTG-1002, a Chinese state-sponsored hacking group, it felt … [+140 chars]

Arc Raiders players have torn through the game like a pack of ravenous, apricot-devouring hyenas in the three weeks since launch. Steam achievement data shows that 39% of players have earned more tha… [+8242 chars]

Tiger Data Postgres for Developers, devices, and agents The data platform trusted by hundreds of thousands from IoT to Web3 to AI and more. Namespace Speed up your development and testing workflows … [+764 chars]

<ul><li>The "finger" command remains exploitable for remote code execution even after years of disuse</li><li>Attackers use batch scripts to channel server responses directly into Windows command ses… [+3364 chars]

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild A new 7-Zip flaw tracked as CVE-2025-11001 (CVSS score of 7.0) is now being actively exploited in the wild, NHS England warn… [+1824 chars]

The High Boy looks like an iPod or budget gaming handheld at first glance with its vertical layout centred control scheme. However, creator High Code has developed its device with hacking in mind. Du… [+1233 chars]

Operation WrtHug hijacks 50,000+ ASUS routers to Bìbuild global botnet A new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mai… [+2408 chars]

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet A new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mai… [+2408 chars]

This should be exciting, I said to my wife as I sat down to watch the sixth and final episode of Last Samurai Standings first season. There should be some cool fights. My wife laughed. I think thats… [+7844 chars]

You’ve used AI at least 50 times today. You just didn’t notice. AI isn’t coming to change society. That ship has sailed. It’s already herewoven into your daily life. Making thousands of invisible d… [+16948 chars]

Across Africa, startups and SMEs are solving critical challenges in sectors like health, education, agriculture, and finance. Yet many of these businesses struggle to achieve sustainable growthnot be… [+5338 chars]

NEW YORK, Nov. 19, 2025 (GLOBE NEWSWIRE) -- Questexs Fierce Network, a mega portal to meet the needs of decision makers throughout the global communications industry, today unveils the finalists for … [+9343 chars]

A tool to check what's not backed up in your Git repository. Why git-ok? When managing multiple local repositories, it's common to want to clean up old projects. However, before deleting a reposito… [+4761 chars]

Fortinet is proud to be an official launch partner for third-party rules for AWS Network Firewall, with Fortinet Managed IPS Rules, enhanced by FortiGuard AI-Powered Security Services. This new offer… [+3930 chars]

An endorsement from Donald Trump could be a "kiss of death" for Republican candidates in the midterms next year. Stanford professor David Brady believes the seal of approval from the president coul… [+2073 chars]

Feudal Japan is not much like the Wild West or Hyrule. The lands of Ezo don’t have an abundance of tumbleweeds or dragons that pierce the morning sky. But Ghost of Yotei shows they have quite a bit i… [+8447 chars]

Maladjusted women may enter lesbian parodies of holy matrimony to avoid the stress of relating to the opposite sex. However, getting along with the same sex can pose difficulties too: In July 2019, … [+784 chars]

EXCLUSIVE: Filmmaker Eugene Jarecki harbors no doubt about who came out the victor in the protracted legal battle between the U.S. government and Wikileaks founder Julian Assange. He says Assange pre… [+4017 chars]

Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. Over the past six months, sc… [+3893 chars]

Strata Identity announced the availability of the AI Identity Gateway, an enterprise-grade runtime identity and policy-enforcement control point for agentic behavior. As part of Maverics for Agentic … [+3673 chars]

FREMONT, Calif, Nov. 19, 2025 (GLOBE NEWSWIRE) -- Actelis Networks, Inc. (NASDAQ: ASNS) ("Actelis" or the "Company"), a market leader in cyber-hardened, rapid-deployment networking solutions for IoT … [+2992 chars]