Abstract: The disclosed computer-implemented method for identifying security threats in smart contract-based services to protect against malicious attacks utilizing off-blockchain resources may include (i) identifying a reference associated with a transaction on a smart contract-based platform, (ii) detecting content describing one or more smart contracts associated with the reference on the platform, (iii) extracting an identifier from the content to locate off-blockchain resources utilized by the smart contracts, (iv) determining potential security threats associated with the off-blockchain resources, and (v) performing a security action that protects against the potential security threats. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may (i) include collecting a set of field reports indicating respective geofencing violations, (ii) grading a safety measurement, based on an analysis of the respective geofencing violations, for each candidate route in a set of multiple candidate routes generated for travel between a starting point and a destination point, and (iii) recommending, from among the set of multiple candidate routes, a recommended route based at least in part on the recommended route being graded as safer than another candidate route. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enforcing strict network connectivity and storage access during online payments may include (i) determining that a webpage in a tab of a browser application executing on the computing device includes a payment page for an e-commerce website, (ii) based on determining that the webpage includes a payment page, providing formjacking attack protection by monitoring network connectivity and storage access by the browser tab, (iii) based on the formjacking attack protection, identifying a potentially malicious attempt to hijack information entered into at least one web form included in the payment page, and (iv) in response to identifying the potentially malicious attempt, preventing the potentially malicious attempt from hijacking the information entered into the at least one web form included in the payment page. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking on Wi-Fi captive portals may include (i) detecting telemetry data generated from establishing a connection with a network access device associated with a captive portal, (ii) determining, based on the telemetry data, a target set of domains associated with a service set identifier assigned to the network access device, (iii) analyzing web tracking behavior data associated with the target set of domains to identify web trackers on the captive portal for a dataset of potential users, (iv) calculating a privacy risk score associated with the web trackers on the captive portal, and (v) performing a security action that protects against a potential invasion of user data privacy by presenting a privacy risk score notification associated with the web trackers on the captive portal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automatically identifying server-side tracking on websites may include collecting, by at least one processor, tracker parameters requested by websites. The method may additionally include inferring, by the at least one processor based on the collected tracker parameters, event forwarding by detecting two or more of the websites that request a similar set of the tracker parameters. The method may also include comparing, by the at least one processor, content of the two or more of the websites. The method may further include performing, by the at least one processor, a security action in response to the comparison. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for identifying and remediating security threats against graph neural network models may include (i) analyzing an input format for model data utilized by a graph neural network (GNN) model on a target computing system, (ii) generating probing data corresponding to the input format, (iii) querying the GNN model utilizing the probing data, (iv) building, based on a query response output of the GNN model utilizing the probing data, one or more shadow GNN models, (v) verifying a performance metric of the shadow GNN models against a target performance metric associated with the GNN model, and (vi) performing a security action that protects against a potential security threat against the GNN model when the performance metric of the shadow GNN models is similar to target performance metric associated with the GNN model. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Differentiating between human interaction and computer interaction using a natural perception of human eyes to identify human users. One or more images may be displayed within one or more test fields on a web page. The one or more images themselves, or a duration for which they are presented, may cause a human eye to not see something that is in the images or to see something that is not in the images. Input may be received from the user identifying all images that are perceived by the user. A determination may be made that the user is a human user based on what the user identifies. Access to another web page may be granted to users who are determined to be human and denied to users that are not determined to be human.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: The disclosed computer-implemented method for protecting user data privacy by detecting the extension of tracker coverage of website browsing sessions through indirect data disclosure may include (i) navigating to an origin website during a new web browsing session, (ii) analyzing the origin website to detect clickable elements and tracking domains, (iii) identifying webpage navigation information for destination websites and resources loaded by the tracking domains, (iv) grouping the webpage navigation information for the destination websites by a common destination tracking domain, (v) determining web trackers extending a tracker coverage from the origin website to the destination websites, and (vi) performing a security action that protects against a potential invasion of user data privacy by providing a notification of the extended tracker coverage during a browsing session in the origin website. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for dynamically classifying browser fingerprinting into user tracking and cloaking may include identifying, by a computing device, one or more website scripts as one or more candidates for cloaking based on function hooking and execution attribution. The method may additionally include identifying, in response to the identification of the one or more candidates for cloaking, at least one of the candidates for cloaking that lacks a direct connection to fingerprinting based on the function hooking and the execution attribution. The method may also include classifying, in response to the identification of the at least one of the candidates for cloaking that lacks a direct connection to fingerprinting, the at least one of the candidates for cloaking based on a hierarchical analysis. The method may further include performing a security action based on the classification. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Protecting against a tracking parameter in a web link. In one embodiment, a method may include receiving an input URL during a browser navigation session on a user device, the input URL including parameters, determining that the parameters include a tracking parameter, pausing the browser navigation session on the user device, launching the input URL in a headless browser that operates in an isolated environment that simulates one or more features of the user device, landing on a destination web page in the isolated environment, identifying a URL of the destination web page as a destination URL, and resuming the browser navigation session on the user device by replacing the input URL, which includes the tracking parameter, with the destination URL, which does not include the tracking parameter, in order to protect the user device from the tracking parameter.

Abstract: Identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source. An authentic writing style contained within a legitimate electronic message that originates from a vender may be identified. The authentic writing style may be stored in a database. A new electronic message may be received that appears to originate from the vendor. The new electronic message may contain a new writing style. The new writing style may be compared with the authentic writing style stored in the database to identify any differences between the new writing style and the authentic writing style. A determination may be made that the new electronic message does not originate from the vender based, at least on part, on one or more differences identified between the writing styles. A security action may then be performed to protect against the new electronic message.

Abstract: The disclosed computer-implemented method for protecting the security of authentication credentials utilized to access sensitive data during online transactions may include (i) registering, utilizing a set of cryptographic keys, a proxy service with a third-party service provider of sensitive online transactions, (ii) identifying user credentials for accessing the third-party service provider, (iii) encrypting the user credentials utilizing the set of cryptographic keys, (iv) sending the encrypted user credentials in a request for authentication tokens, (v) accessing, responsive to the request, the authentication tokens for sharing with an access manager of the user credentials, and (vi) performing a security action that protects against a data privacy invasion by utilizing the authentication tokens to validate a user requesting access to a website hosted by the third-party service provider without the user credentials. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for utilizing telemetry data to customize threat protection actions against potential malware threats may include (i) detecting telemetry data on a group of client devices, (ii) determine customer type data and threat type data for the client devices based on the telemetry data, (iii) group the client devices into one or more threat clusters based on the customer type data and the threat type data, and (iv) perform a security action that protects against potential malware threats associated with each of the threat clusters. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting malware based on anomalous cross-customer financial transactions may include (i) detecting, using a machine-learning algorithm, a set of anomalies associated with fraudulent financial transactions for source user accounts in a group of customer financial accounts, (ii) identifying, based on customer transaction metadata associated with a group of target user accounts in the customer financial accounts, a cluster of financial transactions having anomaly instances in common with the set of anomalies, (iii) linking each of the customer financial accounts having the common anomaly instances in the cluster of financial transactions with a corresponding customer threat protection account to discover a user device identification, (iv) determining that artifacts appearing on a group of user devices are associated with a potential malware attack, and (v) performing a security action that protects against the potential malware attack.

Abstract: The disclosed computer-implemented method for protecting user data privacy against the use of fake first-party domains by hidden web trackers may include (i) identifying a group of subdomains associated with one or more websites, (ii) comparing an Internet Protocol (IP) address range for each of the subdomains, (iii) determining, based on the comparison, that an IP address range for a target subdomain is potentially utilized by a hidden web tracker as a fake first-party subdomain in the websites, (iv) detecting similarities between any scripts loaded by websites associated with the target subdomain and any functions performed by the scripts, and (v) perform a security action that protects against utilizing fake domains for evading web browser tracking protection by identifying the target subdomain as the fake first-party subdomain based on the detected similarities. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for protecting against an estimated level of online tracking are disclosed. In one embodiment, a method may include collecting data relating to a plurality of known users. This first data may include browser histories and a level of online tracking for each known user. The known users may be organized into clusters and second data relating to an unknown user may be received. The second data may include an identification of one or more categories of websites that the unknown user visits, and one or more websites within each of the one or more categories of websites that the unknown user visits. A matching cluster for the unknown user may be identified and levels of online tracking for similar known users within the matching cluster may be used to estimate a level of online tracking for the unknown user.

Abstract: Preserving web page functionality through dynamic analysis of host web pages. Web pages accessed by a user device may be monitored. The web browser may apply a blocking policy that blocks an external domain from loading functional content into the web page, which results in a breakage in the web page. The breakage in the web page may be identified through a dynamic analysis of the web page and correlated with the functional content from the blocked external domain. Once identified and correlated, the blocking policy may be modified to allow the external domain to load the functional content and reloading the web page.

Abstract: Methods and systems for efficient scaling of a domain name system (DNS) service architecture. In some embodiments a plurality of messaging servers may be separated into a number of pools. A plurality of client devices may be connected to a messaging server within a pool. When a notification is received for a target client device, a backend server may identify the pool that includes the messaging server that is connected to the target client device. The backend server may send the notification to the group of messaging servers within the identified pool while avoiding sending the notification to messaging servers within different pools.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.