Abstract: A method for improving security of peripheral devices is described. The method includes displaying, by a processor of a computing device, a code, receiving, by the processor, a user input after displaying the code, comparing, by the processor, the user input to the displayed code, and establishing, by the processor, secure communication between a peripheral device and a software application at the computing device based at least in part on a result of the comparing the user input to the displayed code.

Abstract: Routing server communications through a nearby mobile device. In some embodiments, the method may include establishing a direct communication channel between the first mobile device and the second mobile device, determining which of the first mobile device and the second mobile device is currently a more efficient mobile device that is able to communicate with a server device more efficiently, sending a first server query from the less efficient mobile device to the more efficient mobile device over the direct communication channel, forwarding the first server query from the more efficient mobile device to the server device over the Internet, receiving a first server response at the more efficient mobile device from the server device over the Internet, and forwarding the first server response from the more efficient mobile device to the less efficient mobile device over the direct communication channel.

Abstract: The disclosed computer-implemented method for adaptively managing data drift in a classifier may include (i) receiving, at a computing device, an input sample of digital information having an unknown reputation and (ii) performing a security action that may include (A) identifying the input sample as benign or malicious based on a result obtained by classifying the input sample using a machine learning model trained using activity regularization, (B) calculating an internal activity of the machine learning model occurring during the classifying, (C) calculating an activation entropy of the machine learning model occurring during the classifying, (D) comparing a combination of the internal activity and the activation entropy to a threshold, and (E) when the combination of the internal activity and the activation entropy meets or exceeds the threshold, identifying the result as a low-confidence result. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for hindering malicious computing actions may include (i) identifying an attempt by an agent to perform an action on a computing resource that is vulnerable to attempted actions performed by unauthorized agents, (ii) requesting from the agent, in response to identifying the attempt to perform the action on the computing resource, a payment to an owner of the computing resource equal to a monetary value assigned to performing the action on the computing resource, (iii) receiving, by the owner of the computing resource, the payment of the monetary value from the agent, and (iv) allowing, in response to receiving the payment of the monetary value from the agent, the attempt by the agent to perform the action on the computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting malicious in-application transactions may include identifying an application running on a computing device, wherein the application is granted access to a payment system, monitoring data between the application and the payment system, determining at least one characteristic associated with the application, determining the at least one characteristic is associated with a malicious transaction on the payment system, and performing at least one action to prevent the malicious transaction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for optimizing network decision nodes is described. In one embodiment, the method includes generating an initial network of decision nodes constructed according to one or more rules, rearranging one or more decision nodes of the initial network based at least in part on a conversion of the one or more rules to a disjunctive normal form, analyzing the rearranged network of decision nodes in an upstream direction, and optimizing the rearranged network by merging two or more decision nodes of the rearranged network based at least in part on the analysis of the rearranged network. In some cases, the decision nodes include one or more levels of parent nodes and child nodes, each level of child nodes being connected to respective parent nodes. In some cases, the upstream direction is in a direction from the child nodes to the parent nodes.

Abstract: Analyzing and mitigating website privacy issues by automatically classifying cookies.

Abstract: The disclosed computer-implemented method for asynchronously and statelessly loading data while maintaining ordering may include parsing multiple data records, appending an identifier to each data record, where the appended identifier establishes a parsing order indicating an order in which each data record was parsed, inserting the parsed data records into multiple persistent queues in parallel, and asynchronously loading the data records from the persistent queues into a database in parallel according to the appended identifiers. As such, the data records may be stored in the database in the established parsing order. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for managing devices may include (i) intercepting outbound network traffic that is directed to an original target network destination, and (ii) redirecting the outbound network traffic to a virtual computing node within a publicly available on-demand cloud computing platform for the virtual computing node to apply a management policy to the outbound network traffic prior to the outbound network traffic arriving at the original target network destination, where a management service directs the performance of both configuring the computing device to redirect the outbound network traffic to the virtual computing node within the publicly available on-demand cloud computing platform and configuring the virtual computing node within the publicly available on-demand cloud computing platform to apply the management policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for mitigating stalkerware by rendering it useless is performed, at least in part, by a computing device comprising at least one processor. The method includes detecting, by the at least one processor in accordance with a security configuration of the computing device, a stalkerware application running in a foreground of the computing device. The method also includes overlaying, by the at least one processor in accordance with the security configuration, the stalkerware application with a window in response to the detecting. The method further includes performing a security action by intercepting one or more user inputs to the stalkerware application via the window, thereby preventing user configuration of the stalkerware application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Identifying and protecting against a computer security threat while preserving privacy of individual client devices using differential privacy for text documents. In some embodiments, a method may include receiving, at the remote server device, text documents from one or more local client devices, generating, at the remote server device, a differential privacy document vector for each of the text documents, identifying, at the remote server device, a computer security threat to a first one of the one or more local client devices using the differential privacy document vectors, and, in response to identifying the computer security threat, protecting against the computer security threat by directing performance, at the first local client device or the remote server device, of a remedial action to protect the first local client device from the computer security threat.

Abstract: The disclosed computer-implemented method for detecting potentially malicious content in decentralized machine-learning model updates may include (i) receiving messages communicated within a group of client devices for performing an update of a shared machine-learning model, (ii) determining a bias of a target message in the messages communicated from a target client device in the group with respect to a remaining number of the messages in the messages communicated from the other client devices in the group, (iii) assigning a confidence score to each of the other client devices based on the bias determined for the target message, the confidence score representing a likelihood of potentially malicious content in the target message, and (iv) performing, based on the confidence score, a security action that prevents the potentially malicious content from compromising the update of the shared machine-learning model. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Analyzing and mitigating privacy issues on a computing device using cookie generation flows. The method includes initiating a headless web browser, monitoring a request made of a website accessed by the headless web browser, monitoring scripts created on the website, instrumenting a function used to create a cookie on the computing device, tracing an initial generation of a call used to create the cookie on the computing device, obtaining a cookie generation flow related to the creation of the cookie, and initiating a security action based on obtaining the cookie generation flow.

Abstract: A method for approving financial transactions is described. In one embodiment, the method may include receiving, from a transaction interface, a transaction request to approve a financial transaction, determining a payment method of the financial transaction is associated with a regulated account, transmitting, based at least in part on the determining the payment method of the financial transaction is associated with the regulated account, an approval request to approve the financial transaction to a first administrator associated with the regulated account, and upon receiving a response to the approval request, transmitting to the transaction interface a transaction response message indicating whether the financial transaction is approved.

Abstract: Server Name Indication (SNI) hostname extraction to populate a reverse Domain Name System (DNS) listing to protect against potentially malicious domains. In some embodiments, a method may include detecting a Transport Layer Security (TLS) handshake between a first client application and a first server application, extracting an SNI hostname and an Internet Protocol (IP) address from the TLS handshake, populating the reverse DNS listing with the SNI hostname as a domain paired with the IP address, detecting communication between a second client application and the IP address, accessing the reverse DNS listing to determine the domain paired with the IP address, determining that the domain is a potentially malicious domain, and in response to determining that the domain is a potentially malicious domain, performing a remedial action to protect against the potentially malicious domain.

Abstract: The disclosed computer-implemented method for securing communications may include (i) establishing an overlay network within a publicly available on-demand cloud computing platform, the overlay network enabling secure communications between devices by maintaining within the overlay network a services mapping table that defines access rights to at least one of shared data or services, and (ii) transferring data, by the overlay network acting as an intermediary, from a first device that has securely connected to the overlay network to a second device that has securely connected to the overlay network, in accordance with the access rights defined in the services mapping table. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may include (i) intercepting, through a cloud-based security proxy service, network traffic originating from a mobile application at a mobile device connected to a local area network protected by the cloud-based security proxy service, (ii) detecting, by the cloud-based security proxy service, a threat indicator indicated by the mobile application, and (iii) modifying the network traffic originating from the mobile application at the mobile device by applying, by the cloud-based security proxy service based on detecting the threat indicator indicated by the mobile application, a security policy to protect the local area network from a candidate threat corresponding to the threat indicator. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may include (i) detecting, at a parental control system, network activity originating from a child computing device operated by a child and (ii) providing, through the parental control system to a guardian computing device operated by a guardian of the child and based on the network activity originating from the child computing device operated by the child, information indicating an overview of activity by the child at the child computing device to enable the guardian to apply, from the guardian computing device, application-specific policies that restrict application activity at the child computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Identifying and protecting against malicious apps installed on client devices. In some embodiments, a method may include (a) identifying client devices, (b) identifying apps installed on the client devices, (c) assigning each of the apps known to be a malicious app with a highest app suspicion score, (d) assigning each of the other apps as an unknown app with a lowest app suspicion score, (e) assigning each of the client devices with a device suspicion score, (f) assigning each of the unknown apps with an updated app suspicion score, (g) repeating (e), and repeating (f) with a normalization, until the device suspicion scores and the app suspicion scores converge within a convergence threshold, (h) identifying one of the unknown apps as a malicious app, and (i) protecting against the malicious app by directing performance of a remedial action to protect the client device from the malicious app.

Abstract: The disclosed computer-implemented method for restoring applications may include (i) detecting an indication to restore a previous version of an application installed within a mobile operating system environment, (ii) retrieving the previous version of the application from a protected location within the mobile operating system environment where a sandboxing security component stored the previous version of the application, and (iii) executing the previous version of the application within a security sandbox managed by the sandboxing security component. Various other methods, systems, and computer-readable media are also disclosed.