Abstract: Preserving web page functionality through dynamic analysis of host web pages. Web pages accessed by a user device may be monitored. The web browser may apply a blocking policy that blocks an external domain from loading functional content into the web page, which results in a breakage in the web page. The breakage in the web page may be identified through a dynamic analysis of the web page and correlated with the functional content from the blocked external domain. Once identified and correlated, the blocking policy may be modified to allow the external domain to load the functional content and reloading the web page.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: The disclosed computer-implemented method for managing privacy policy violations may include obtaining, by the computing device, an intermediate representation of a privacy policy, wherein the intermediate representation denotes a formal policy and is generated by extracting the privacy policy in natural language from a website and parsing the privacy policy. The method may also include comparing, by the computing device, behavior of the website against the intermediate representation, thereby detecting at least one violation of the formal policy. The method may further include enforcing, by the computing device, the formal policy at least in part by taking a security action in response to the violation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for utilizing user profile data to protect against phishing attacks may include (i) detecting a target user profile associated services accessed by a network-based application, (ii) determining identifiers associated with each of the services, (iii) extracting, for each of the identifiers, feature vectors describing exploitable screen elements in the network-based application associated with phishing attacks, (iv) updating, based on the feature vectors, previously extracted feature vectors in a data repository storing additional profiles for other users associated with the services, (v) predicting, utilizing a machine-learning model, phishing attack threats for target profile user based on a similarity with the additional profiles, and (vi) performing a security action that protects against the phishing attack threats. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for preventing social engineering attacks using distributed fact checking may include (i) capturing one or more words or tones received by a party to a communication, (ii) extracting speech features associated with the words or tones to identify one or more alleged facts in the communication, (iii) generating one or more queries to verify the alleged facts in the communication, (iv) determining, utilizing distributed fact checking, whether the alleged facts are true based on the queries, and (v) performing a security action that generates an alert to protect against a potential social engineering attack on the receiving party when at least one of the alleged facts are determined to be false. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.

Abstract: The disclosed computer-implemented method for selectively encrypting controlled information for viewing by an augmented reality device may include (i) automatically identifying, at a computing device and using at least one of natural language processing and/or a pre-defined data loss prevention policy, a portion of a source text including controlled information, (ii) tokenizing the portion of the source text, and (iii) performing a security action that may include (A) generating a public key, (B) encrypting the tokenized portion of the source text with the public key to produce an encrypted marker, and (C) replacing the portion of the source text with the encrypted marker to produce a replacement document. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems are provided for monitoring private information exposure. One example method generally includes detecting, at a computing device, a potentially exposing post on a publicly-accessible server and determining, by an exposure model operated by the computing device, an exposure chance for the potentially exposing post. The method further includes transmitting an initial notification of the potentially exposing post from the computing device to a client device based on the exposure chance from the exposure model and detecting an update event associated with the potentially exposing post. The method further includes updating the exposure model based on the update event and transmitting a personalized notification from the computing device to the client device based on the update event.

Abstract: Uniform Resource Locator (URL) transformation and redirection with access control. A method may include registering for an account with a secure redirection application; requesting, from the secure redirection application, a unique site identifier for an online entity; receiving, from the secure redirection application, the unique site identifier; submitting user data and the received unique site identifier to the online entity; receiving, from the online entity, a unique URL generated by the secure redirection application, in response to submitting the user data and the received unique site identifier to the online entity; and actuating the unique URL to be directed to the online entity.

Abstract: Thwarting data leakage from a webpage. In some embodiments, a method may include detecting, at a browser on the network device, a visit to the webpage, directing a headless browser on the network device to visit the webpage in parallel to the browser visiting the webpage, detecting, at the headless browser, data leakage from the webpage, presenting, at the browser, a notification regarding the data leakage that allows a user to indicate whether the data leakage should be allowed, receiving, at the browser, an indication that the data leakage should not be allowed, and in response to receiving the indication that the data leakage should not be allowed, thwarting the data leakage by performing a remedial action at the network device to protect the network device from the data leakage.

Abstract: Thwarting an impersonation attack using online decoy text. In one embodiment, a method may include intercepting first actual text submitted online by a first user, generating decoy text to replace the first actual text, sending the decoy text for posting online, training a machine learning model using the decoy text to make the machine learning model capable of recognizing a decoy language pattern in the decoy text, intercepting second actual text submitted to a web server by a second user purporting to be the first user, determining, using the machine learning model, that a language pattern in the second actual text matches the decoy language pattern in the decoy text, and, in response, determining that the second user is impersonating the first user in an impersonation attack and thwarting the impersonation attack by performing a remedial action at the web server to protect the web server from the impersonation attack.

Abstract: The present disclosure relates to security incident analysis systems, and more specifically to searching across multiple security incident analysis systems through a unified conversational agent. One example method generally includes receiving, from a client device, a natural language command requesting information about a security incident from a first incident analysis system. One or more keywords related to the security incident are extracted from the natural language command. The unified conversational agent executes a search against the first incident analysis system and one or more second incident analysis systems for the information about the security incident based on the extracted one or more keywords and transmits, to the client device, an indication of the information about the security incident aggregated from the executed search against the first incident analysis system and the one or more second incident analysis systems.

Abstract: The disclosed computer-implemented method for assessing security risks of users of computer networks of organizations may include (i) detecting, at a risk computing device, a location of a host electronically accessed by a user computing device, the host location having an electronic address outside of a computer network of an organization, (ii) identifying, at the risk computing device, a host user credential sent to the host location from the user computing device, (iii) determining, at the risk computing device, that the host user credential matches an organization user credential associated with the organization's computer network, and (iv) calculating, at the risk computing device, a risk score for a user of the user computing device based on the determination that the host user credential matches the organization user credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for determining the risk of information leaks from cloud-based services may include (1) identifying a cloud-based service that provides remote software-services to client organizations, (2) extracting, from a publicly accessible page of the cloud-based service, a list of customers that use the cloud-based service, (3) retrieving, for each customer in the list of customers, at least one link to a customer page on the cloud-based service that represents a method for the customer to access the remote software-services offered by the cloud-based service, (4) analyzing each identified customer page for at least one risk factor, and (5) calculating, based on the analysis, a risk score for the service that represents an overall estimation of security risks to client organizations that utilize the cloud-based service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting incorrect translations of one or more terms in a computing string is described. A key term in a first language and a translation of the key term in a second language are retrieved. One or more compound terms in the first language that include the key term in the first language are identified. A computing string in the first language and a translation of the computing string in a second language are retrieved. The one or more compound terms in the first language are removed from the computing string in the first language. The key term in the second language is compared with one or more words included in the computing string in the second language. The translation of the one or more terms of the computing string are classified as incorrect based on the comparison.