Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; an operating system; an application framework including instructions to search a target directory for one or more shared libraries and to attempt to load the one or more shared libraries if found; and an application including: a library file including a primary feature module to provide a primary feature of the application, the primary feature module structured to operate within the application framework, wherein the library file is not independently executable by the operating system; and an unmanaged executable binary to host the library file, wherein the unmanaged executable binary is not managed by the application framework, and includes hooks to intercept the application framework's attempt to load the one or more shared libraries, and to provide security services to the one or more shared libraries before permitting the application framework to attempt to load the one or more shared libraries.

Abstract: A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.

Abstract: Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score.

Abstract: A method, apparatus, and system for provisioning a device onto a network using a non-secure communication channel between the device and a provisioner is described. The provisioner receives a timestamp-based on-time password (TOTP), and a universal resource identifier (URI) from the device and provides the TOTP and an out-of-band (OOB) UUID to a remote server over a secure communication channel identified by the URI. The device is then provisioned onto a network based on comparisons of the UUID and the TOTP.

Abstract: Methods, systems, articles of manufacture and apparatus are disclosed to reduce spoofing vulnerabilities. An example apparatus to verify token integrity for a computing device includes an artifact engine to store first artifact data with a first timestamp in a device artifact storage, and store second artifact data with a second timestamp in the device artifact storage. The example apparatus includes an offchain identification protector (OIP) controller to generate a first token based on the first artifact data and the first timestamp, the first token to establish a first entry in a blockchain at a first time, and generate a second token based on the second artifact data, the second timestamp, and the first token, the second token to establish a second entry in the blockchain at a second time after the first time.

Abstract: The technology disclosed teaches incident-driven and user-targeted data loss prevention that includes a CASB controlling exfiltration of sensitive content in documents stored on cloud-based services in use by organization users, by monitoring manipulation of the documents. CASB identifies the cloud-based services that the particular user has access to and at least one document location on the cloud-based services to inspect for sensitive documents, in response to receiving an indication that user credentials have been compromised. The CASB performs deep inspection of documents identified as stored at the location and detects at least some sensitive documents. Based on the detected sensitive documents, the CASB determines data exposure for the organization due to the compromised credentials of the particular user.

Abstract: Techniques are described to detect and/or prevent malicious wireless attacks and/or suspicious wireless activity related to a wireless network in a commercial passenger vehicle. For example, an access point located in the commercial passenger vehicle receives a set of wireless beacon frames from a first wireless device, makes a first determination of a first beacon frame rate of the set of wireless beacon frames, receives a second beacon frame after a first beacon frame, makes a second determination of a second beacon frame rate of the second beacon frame relative to the first beacon frame, makes a third determination that a second wireless device is impersonating the first wireless device upon comparing the first beacon frame rate to the second beacon frame rate, and sends, upon making the third determination, a security alert message to an external input/output (I/O) device in the commercial passenger vehicle.

Abstract: Techniques to facilitate network security analysis and attack response are disclosed herein. In at least one implementation, a passive analysis system receives a copy of network traffic, performs deep analysis on the copy of network traffic, and generates security data points based on the deep analysis. The passive analysis system then provides the security data points to an active inline security device, wherein the active inline security device compares incoming network traffic to the security data points to detect security events.

Abstract: A data transmission system and method in a physical network separation environment is provided, which includes: a drive device controlling connection switching for one storage medium drive writing or reading a data file on or from a predetermined storage medium; a source-side server executing writing the data file on the storage medium loaded in the storage medium drive, after switching to a connection to the storage medium drive; a clean PC conducting hash value verification and a test for infection of malicious code with respect to the data file that has been written on the storage medium, after switching to a connection to the storage medium drive; and a destination-side server executing reading the tested data file from the storage medium, after switching to a connection to the storage medium drive.

Abstract: Disclosed herein are computer-implemented methods; computer-implemented systems; and non-transitory, computer-readable media, for sending cross-chain messages. One computer-implemented method includes storing an authenticable message (AM) associated with a first account of a blockchain node to a blockchain associated with the first blockchain network, where the AM comprises an identifier (ID) of the first blockchain network, information of the first account, and information of a recipient of the AM. The AM and location information is translated to a relay to be forwarded to the recipient located outside of the first blockchain network, where the location information identifies a location of the AM in the first blockchain and the recipient includes one or more accounts outside of the first blockchain network.

Abstract: Disclosed herein are computer-implemented methods; computer-implemented systems; and non-transitory, computer-readable media, for sending cross-chain messages. One computer-implemented method includes storing an authenticable message (AM) associated with a first account to a blockchain associated with the first blockchain network, where the AM is generated based on a protocol stack comprising an outer-layer protocol, a middle-layer protocol, and an inner-layer protocol, the outer-layer protocol comprises an identifier (ID) of an originating blockchain network and the middle-layer protocol, the middle-layer protocol comprises information of the sending account and the inner-layer protocol, the inner-layer protocol comprises an ID of a destination blockchain network, information of a receiving account associated with the destination blockchain network, and message content.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: Techniques are described herein for assembling/evaluating automated assistant responses for privacy concerns. In various implementations, a free-form natural language input may be received from a first user and may include a request for information pertaining to a second user. Multiple data sources may be identified that are accessible by an automated assistant to retrieve data associated with the second user. The multiple data sources may collectively include sufficient data to formulate a natural language response to the request. Respective privacy scores associated with the multiple data sources may be used to determine an aggregate privacy score associated with responding to the request. The natural language response may then be output at a client device operated by the first user in response to a determination that the aggregate privacy score associated with the natural language response satisfies a privacy criterion established for the second user with respect to the first user.

Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Abstract: An adaptive greylist may be used to reject authentication requests that originate from a source network address that has been taken over by a malicious actor. A percentage of successful authentications for a predetermined number of authentication requests that last originated from a source network address may be calculated. Accordingly, the source network address may be added to a greylist of suspended network addresses when the percentage of successful authentications is less than a predetermined percentage threshold. On the other hand, the source network address is kept off the greylist of suspended network addresses when the percentage of successful authentications is equal to or greater than the predetermined percentage threshold.

Abstract: Particular embodiments described herein provide for a system that can be configured to facilitate the use of a blockchain for distributed denial of service attack mitigation, the system can include a network security provider and a validating node. The network security provider can recognize that a distributed denial of service (DDoS) attack is occurring, create a block that includes data related to the DDoS attack, and publish the block that includes the data related to the DDoS attack for addition to a blockchain. The validating node can validate the block that includes the data related to the DDoS attack and the block that includes the data related to the DDoS attack can be added to the blockchain. The block that includes the data related to the DDoS attack can be analyzed to determine how to mitigate a similar DDoS attack.

Abstract: Removing protections on a session-key protected design include receiving a double encrypted vendor private key and an encrypted session key. The double encrypted vendor private key is decrypted into a single encrypted vendor-private key using a user private key, and the single encrypted vendor-private key is decrypted into a vendor private key using a vendor pass phrase. The encrypted session key is decrypted into a session key using the vendor private key, and the session-key protected design is decrypted into a plain design using the session key.

Abstract: An intermediate data transmission device arranges for mutual authentication between itself and a remote terminal to allow data to be exchanged between the remote terminal and a server through the device. The server sends first and second key codes to the intermediate device, the key codes both being derived from a shared secret known to the server and remote terminal but not to the intermediate device. In response to a challenge from the intermediate device the remote terminal uses the shared secret to generate a duplicate of the first key code and transmits the duplicate to the intermediate device. The intermediate device compares the first key code and the duplicate of the first key code received respectively from the server and the remote terminal to verify the authenticity of the remote terminal.

Abstract: Methods and systems are described in the present disclosure for classifying malicious objects. In an exemplary aspect, a method includes: collecting data describing a state of an object of the computer system, forming a vector of features, calculating a degree of similarity based on the vector, calculating a limit degree of difference that is a numerical value characterizing the probability that the object being classified will certainly belong to another class, forming a criterion for determination of class of the object based on the degree of similarity and the limit degree of difference, determining that the object belongs to the determined class when the data satisfies the criterion, wherein the data is collected over a period of time defined by a data collection rule and pronouncing the object as malicious when it is determined that the object belongs to the specified class.

Abstract: An identity authentication method is described. The method includes, when receiving a group joining request that is sent by a first terminal and that is used for joining a trusted group, generating, by a server, a first certificate for the first terminal based on a first version number, and sending them to the first terminal. The method further includes, when determining that a second terminal is removed from the trusted group, updating the first version number to a second version number; and separately generating, by the server based on the second version number, a corresponding second certificate for a terminal not removed from the trusted group; and separately sending the corresponding second certificate and the second version number to the terminal not removed from the trusted group. In this way, during authentication, a terminal may compare a version number of the other party to perform identity authentication, thereby improving authentication efficiency.