Abstract: Protecting against potentially harmful app (PHA) installation on a mobile device. In some embodiments, a method may include identifying apps already installed on multiple mobile devices, identifying PHAs in the apps already installed on the multiple mobile devices, training a machine learning classifier, based on the apps already installed on multiple mobile devices, to predict a likelihood that each of the PHAs will be installed on any mobile device, identifying one or more apps already installed on a particular mobile device, predicting, using the machine learning classifier, a likelihood that a target PHA of the PHAs will be installed on the particular mobile device based on the one or more apps already installed on the particular mobile device, and in response to the likelihood being higher than a threshold, performing a remedial action to protect the particular mobile device from the target PHA.

Abstract: Mitigating website privacy issues by automatically identifying cookie sharing risks in a cookie ecosystem. In some embodiments, a method may include generating, by the computing device, a cookie tree representing cookies created on a web browser while browsing a website. The cookie tree may include nodes representing organizations. The cookie tree may further include hierarchical edges between the nodes representing creation chains of the nodes. The method may also include determining, by the computing device, a creator, a sender, and a receiver of each of the cookies. The method may further include mitigating, by the computing device, website privacy issues based on the creator, sender, and receiver of each of the cookies.

Abstract: Protecting from automatic reconnection with Wi-Fi access points having bad reputations. In some embodiments, a method may include determining that the mobile device is within range of a Wi-Fi access point, determining that the mobile device is configured to automatically reconnect to the Wi-Fi access point, receiving a request to indicate whether the Wi-Fi access point has a bad reputation, accessing an access point reputation database to determine whether the Wi-Fi access point has a bad reputation, sending an indication that the Wi-Fi access point has a bad reputation, and, in response to the indication that the Wi-Fi access point has a bad reputation, protecting the mobile device from the Wi-Fi access point by performing a remedial action at the mobile device.

Abstract: A method for securing and authorizing sensitive operations is described. A computing device may receive a first authentication factor from a second computing device based on a request from the second computing device to authorize an operation; upon validating the first authentication factor, send to at least the second computing device and a third computing device, a request for a second authentication factor; and authorize the operation based on validating the second authentication factor from the second computing device or from the third computing device, or from both.

Abstract: The disclosed computer-implemented method for restricting capture of self-portrait images on mobile devices may include (i) capturing sensor data associated with a surrounding environment, (ii) detecting a user input for taking one or more self-portrait images, determining, based on the sensor data, one or more potential hazards associated with the taking of the self-portrait images within the surrounding environment, and (iv) performing a security action to protect against the potential hazards associated with the taking of the self-portrait images within the surrounding environment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Identifying and removing a tracking capability from an external domain that performs a tracking activity on a host web page. Tracking capabilities of an external domain may be removed by altering web requests and/or responses to API calls. Once these tracking capabilities of the external domain have been removed, the altered web requests and/or altered responses to API calls may be transmitted to a web browser and/or entity making the API call thereby protecting user privacy while allowing the external domain to interact with the host web page.

Abstract: The disclosed computer-implemented method for deep packet inspection of vulnerable network devices may include (i) detecting at least one vulnerability associated with a network device service, (ii) identifying one or more network devices associated with the vulnerability, (iii) initiating a deep packet inspection of data traffic communicated by a target network device, (iv) determining, based on the deep packet inspection, one or more signatures associated with a potential malware attack for the target network device, and (v) performing a security action that mitigates the potential malware attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for improving application installation may include (i) receiving, in response to initiating an installation procedure for an application published by a security application publisher, a signed web token that is formatted according to an Internet standard that defines a structure of the signed web token such that a private section of a payload of the signed web token asserts at least one private claim, and (ii) applying the private claim to customize the installation procedure of the application according to a configuration of a technology partner that partners with the security application publisher. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Determining a number of secondary tracking attempts avoided by blocking a primary tracking domain from loading in a host web page. In particular, a set of rules that identify numbers of secondary tracking domains that are loaded into web browsers through host web pages by external domain and primary tracking domain combinations may be identified. The set of rules may be created based on loading patterns, resource patterns, parameter patterns, and header patterns exhibited by the external domain and primary tracking domain combinations. The rules may be applied to determine a number of secondary tracking attempts avoided by blocking a primary tracking domain from loading in a host web page.

Abstract: Virtual ad blocking on a computing device. In some embodiments, a method may include receiving, at the virtual machine, an indication that the computing device is requesting delivery of a web page, downloading, at the virtual machine, the web page, rendering, at the virtual machine, a first version of the web page, identifying, at the virtual machine, a presence of at least one advertisement element on the rendered first version of the web page, removing, at the virtual machine, the presence of the at least one advertisement element on the rendered first version of the web page, rendering, at the virtual machine, a second version of the web page that does not include the presence of the at least one advertisement element, and sending the second version of the web page that does not include the presence of the at least one advertisement element to the computing device.

Abstract: The disclosed computer-implemented method for identifying and mitigating phishing attacks may include (i) receiving a request for sensitive data utilized to access a network service, (ii) launching an autofill provider for providing the sensitive data to the network service, (iii) identifying, utilizing the autofill provider, a domain for the network service and a data type associated with the sensitive data utilized to access the network service, (iv) determining, utilizing the autofill provider, a reputation for the network service based on the domain and the data type, and (v) performing a security action that protects against a phishing attack based on the reputation determined for the network service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Protecting PII submitted through a browser. In some embodiments, a method may include detecting multiple PII of a user submitted to multiple organization websites through a browser. The method may also include encrypting each of the PII. The method may further include storing each of the encrypted PII along with an identifier of the organization website to which the PII was submitted. The method may also include receiving a request to view the PII along with an indicator of the organization website to which the PII was submitted. The method may further include retrieving each of the encrypted PII along with the identifier of the organization website to which the PII was submitted. The method may also include decrypting each of the encrypted PII. The method may further include displaying each of the PII along with the indicator of the organization website to which the PII was submitted.

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for identifying security risks posed by application bundles may include (i) intercepting, using a VPN client of the computing device, network traffic of the computing device, wherein an operating system of the computing device restricts applications into a sandboxed environment, (ii) storing, on the computing device, a copy of at least a portion of the network traffic of the computing device within a sandbox associated with the VPN client, (iii) identifying, by analyzing the copy of the network traffic, an application bundle within the network traffic, (iv) determining, by analyzing the application bundle in the sandbox associated with the VPN client, that the application bundle poses a security risk, and (v) in response to determining that the application bundle poses a security risk, performing a security action to remedy the security risk. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing web tracking transparency to protect user data privacy may include (i) receiving a browser request for target websites during a browsing session, (ii) identifying a tracking type for website trackers utilized by the target websites, the tracking type including a direct tracking type or a tracking sharing type, (iii) extracting an information category for the target websites, (iv) detecting text patterns shared between the target websites in a common information category, (v) determining information collected about a user by the website trackers by combining the tracking type for the website trackers, the information category for the target websites, and the detected text patterns, and (v) performing a security action that protects against unsolicited website tracking in future browsing sessions by providing the information collected by the website trackers to the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for facilitating utilization of processing resources of a plurality of user electronic devices for mining of cryptocurrency. A user application on each user device includes code for a cryptocurrency mining module and code for functionality different from cryptocurrency mining. Various mining activity data indicative of an extent to which each of the plurality of user electronic devices is utilized by a cryptocurrency mining pool to perform cryptocurrency mining operations is received. The method further includes receiving, from at least one of the cryptocurrency mining pool and a cryptocurrency server separate from the cryptocurrency mining pool, an aggregate amount of cryptocurrency. The aggregate amount cryptocurrency may be exchanged, by communicating with a cryptocurrency exchange server, for an aggregate amount of currency other than cryptocurrency.

Abstract: The disclosed computer-implemented method for protecting against password attacks by concealing the use of honeywords in password files may include (i) receiving a login request comprising a candidate password for a user, (ii) authenticating the login request by determining whether a hash of a true password for the user stored in a honeyserver matches a hash of the candidate password, (iii) determining whether the candidate password has matches a hash of a honeyword stored in a password file when the true password hash fails to match the candidate password hash, (iv) classifying the password file as being potentially compromised when the candidate password hash matches the honeyword hash stored in the password file, and (v) performing a security action that protects against a password attack utilizing the potentially compromised password file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting user privacy may include (i) detecting that a website indicates a user account identifier, (ii) detecting whether a third-party script has access to the user account identifier, and (iii) performing, based at least in part on detecting that the third-party script has access to the user account identifier, a security action to protect user privacy such that the security action facilitates an attempt to prevent the third-party script from actually accessing the user account identifier. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for increasing cybersecurity protection may include (i) receiving, at a subscription-management computing device, an alert indication that indicates (A) a cybersecurity status score on a protected computing device is lower than a threshold value and (B) the protected computing device is associated with an expired subscription to a cybersecurity service and (ii) performing, responsive to receiving the alert indication, a security action comprising sending, from the subscription-management computing device to a server, a transfer instruction directing the server to transfer, to the protected computing device, at least a portion of a duration of a valid subscription to the cybersecurity service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may include (i) detecting, by a privacy-protecting security application, an attempt by a user to upload an item of media content, (ii) determining, by the privacy-protecting security application, that the item of media content matches a true identity signature for the user that the privacy-protecting security application generated based on other items of media content relating to the user, and (iii) prompting, by the privacy-protecting security application in response to determining that the item of media content matches the true identity signature, the user to perform a privacy-protecting security action to prevent exposing a true identity for the user. Various other methods, systems, and computer-readable media are also disclosed.