Abstract: A method and system are disclosed. The method and system include receiving, at a wrapper, a communication and a context associated with the communication from a client. The communication is for a data source. The wrapper includes a dispatcher and a service. The dispatcher receives the communication and is data agnostic. The method and system also include providing the context from the dispatcher to the service. In some embodiments, the method and system use the service to compare the context to a behavioral baseline for the client. The behavioral baseline incorporates a plurality of contexts previously received from the client.

Abstract: Aspects of the disclosure relate to quantification of attack surfaces in an enterprise computing system. A computing platform may receive indications of usage of a plurality of controls associated with an enterprise computing system. The computing platform may determine, based on a mapping between the plurality of controls and a plurality of attack vectors, one or more controls of the plurality of controls that are mapped to an attack vector. The computing platform may determine respective compliance scores of the one or more controls, and determine, based on the respective compliance scores, a vulnerability score associated with the attack vector. The computing platform may transmit an indication of the determined vulnerability score associated with the attack vector.

Abstract: A contactless card can include a plurality of keys for a specific operation, e.g., encryption or signing a communication. The contactless card can also include an applet which uses a key selection module. The key selection module can select one of the plurality of keys and the applet can use the key to, e.g., encrypt or sign a communication using an encryption or signature algorithm. The contactless card can send the encrypted or signed communication to a host computer through a client device. The host computer can repeat the key selection technique of the contactless device to select the same key and thereby decrypt or verify the communication.

Abstract: A cyber security method including: obtaining user flow data associated with a browsing session at a website; constructing a directed graph representative of the browsing session; computing a set of features for the directed graph; and applying a machine learning classifier to the set of features, to classify the browsing session as legitimate or fraudulent.

Abstract: Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.

Abstract: Systems and methods are provided for determining whether or not users of a communication network are implementing Multi-Factor Authentication (MFA) when authenticating with an entity's business tools, applications, and cloud services. This information can be used as component in the calculation of a risk score that can help quantify and assess the risk posture of the entity. In some embodiments, network traffic flow metadata may be used to anonymously identify user data to assess the entity's use of MFA in determining enterprise risk that may not rely on questionnaires, surveys, manual data entry, and/or interviews. Embodiments of the application can produce a real-time analysis of the security risk of the system.

Abstract: A network malicious behavior detection method, including: checking each piece of network packet to determine whether a protocol payload contained therein matches an element in a predetermined protocol payload set, marking each piece of the network packet as a suspicious network packet if the check result is true, and transferring each piece of the network packet to a target device if the check result is false; and performing a malicious behavior checking process on at least one piece of the suspicious network packet, blocking the transfer of at least one piece of the suspicious network packet to the target device if the check result is true, and enabling the transfer of at least one piece of the suspicious network packet to the target device if the check result is false.

Abstract: A system and method for protecting cloud-hosted applications against hypertext transfer protocol (HTTP) flood distributed denial-of-service (DDoS) attacks are provided. The method includes collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing at least one rate-based feature and at least one rate-invariant feature based on the collected telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate behavior of at least HTTP traffic directed to the protected cloud-hosted application; evaluating the at least one rate-based feature and the at least one rate-invariant feature to determine whether the behavior of the at least HTTP traffic indicates a potential HTTP flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTP flood DDoS attack is determined.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified subscriptions and financial accounts. The identified subscriptions and financial accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted financial accounts and subscriptions to prevent unauthorized access or use.

Abstract: Methods allow a predicting and detecting potential anomalies at a service infrastructure. A strings table having entries that define character strings and corresponding anomaly probabilities is accessed. A log entry related to an event occurring in the service infrastructure is generated in a database. The log entry includes a character string designating a name of a file or an IP address and a domain name hosted by the service infrastructure. A search is made for the character string in the strings table. The domain name is marked as suspect if the character string is found in the strings table and if an anomaly probability for the character string exceeds a predetermined threshold. The anomaly probabilities may be calculated using a Bayesian filter that accounts for a number of domains hosted by the service infrastructure on which the character string has recently appeared.

Abstract: A method for securing Secure Objects that are protected from other software on a heterogeneous data processing system including a plurality of different types of processors wherein different portions of a Secure Object may run on different types of processors. A Secure Object may begin execution on a first processor then, depending on application requirements, the Secure Object may make a call to a second processor passing information to the second processor using a special inter-processor function call. The second processor performs the requested processing and then performs an inter-processor “function return” returning information as appropriate to the Secure Object on the first processor.

Abstract: Systems and methods for authenticating a user are provided. A method may comprise providing interactive media on a computing device associated with a user. The interactive media may comprise a plurality of images. The plurality of images may be presented on a graphical display of the computing device. The method may also comprise receiving input data from the computing device when the user selects a sequence of images from the plurality of images on the graphical display of the computing device. The selected sequence of images may correspond to a sequence of grammatical words. The method may further comprise analyzing the input data by comparing the sequence of grammatical words to a passcode, and authenticating the user when the sequence of grammatical words is equal to the passcode.

Abstract: In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include validating user data pages extracted from a digital identification in circumstances where a user device that includes the digital identification is either unavailable or presently lacks network connectivity. For instance, an authorized device may be used to extract user data pages from the digital identification by either exchanging communications with the user device using a proximity-based data exchange protocol, or by using a physical identification card to identify the digital identification on a user record. The user data pages may then be validated by comparing checksums associated with user data pages against the checksums within the user record, and decrypting the user data pages using a decryption key that is variably designated by a security status assigned to the digital identification.

Abstract: Techniques for secure remote troubleshooting of a private cloud are disclosed herein. One example technique includes identifying that a received command is received via an established servicing connection between the private cloud and the public cloud. The example technique can then include determining, based on a list of access authorizations corresponding to the servicing connection, whether access to the computing service or computing resource to which the command is directed is allowed from the public cloud via the servicing connection. In response to determining that access to the computing service or computing resource is not allowed, the command is prevented from being executed in the private cloud, and thus avoiding unauthorized access to the computing service or computing resource in the private cloud.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing security of a vehicle are provided. One of the methods includes: monitoring a plurality of activities of one or more electronic devices associated with the vehicle; generating a plurality of event logs based on the monitored activities; sending the generated event logs to a server; and receiving, from the server, one or more alerts created based on the generated event logs.

Abstract: This specification generally relates to methods and systems for applying network policies to devices based on their current access network. One example method includes identifying a proxy connection request sent from a particular client device to a proxy server over a network, the proxy connection request including a hostname and configured to direct the proxy server to establish communication with the computer identified by the hostname on behalf of the client device; determining an identity of the client device based on the proxy connection request; identifying a domain name system (DNS) response to a DNS request including the hostname from the proxy connection request; and updating DNS usage information for the particular client based on the identified DNS response including the hostname from the proxy connection request.

Abstract: A method by a web application layer proxy for predictively activating security rules to protect one or more web application servers from attacks by one or more web application clients. The method includes applying a set of security rules to web application layer requests received from the one or more web application clients that are intended for the one or more web application servers, determining a set of recently triggered security rules, where the set of recently triggered security rules includes those security rules in the set of security rules that were triggered within a most recent period of time, applying a prediction model to the set of recently triggered security rules to determine one or more security rules that are predicted to be triggered, and activating the one or more security rules.

Abstract: The present concepts relate to identifying entities based on their behavior using machine learning models. Where an entity may be a bot or a human, the entity's requests sent to a website are used to generate a graph. The graph may be used to create an image, such that the image reflects the entity's browsing behavior. A machine learning model, which has been trained using a first training set of images that correspond to bots and a second training set of images that correspond to humans, can determine whether the entity is a bot or a human by performing an image classification.

Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

Abstract: Methods and systems for detection of cyberattacks in onboard systems of aircraft. Measurements carried out on these onboard systems are correlated, in case of doubt of one of the measurements, to validate the doubt, (and therefore a cyberattack) or to avert the risk. The correlation can be understood as a coming into correspondence of two or more elements/facts (for example measurements or acquired values) which makes it possible to highlight if there is a dependence of one upon the other and thus to justify modifications of one by those of the other. The correlation, preferably temporal, between identification of a suspect measurement and one or more other (quasi)simultaneous measurements allows dynamic detection, in real time, of the cyberattacks, whether they be already known or not. Thus, there is no dependence on a static protection of the onboard systems developed on the a priori knowledge of the existing cyberattacks alone.