Abstract: A method to manage Internet of Things (IoT) devices is described. In one embodiment, the method includes detecting a presence of a first IoT device in a network associated with the computing device, managing access to the first IoT device based at least in part on authentication information associated with the first IoT device, identifying one or more updates associated with the first IoT device, and applying at least one update to the first IoT device based at least in part on identifying the one or more updates. In one embodiment, the method further includes analyzing a packet stream to determine one or more identifiers associated with the first IoT device, and identifying the first IoT device based at least in part on the one or more determined identifiers.

Abstract: The disclosed computer-implemented method for managing connections may include (i) detecting, by a security agent on an endpoint, an attempt by another application on the endpoint to establish a connection according to a specific Internet protocol, and (ii) injecting, by the security agent on the endpoint, into an options field within a header of a network packet within the connection, the header formatted according to the specific Internet protocol, at least one byte that reveals identifying information about the application to enable an in-line proxy security device to manage the connection according to the revealed identifying information. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting anomalous system command line data may include (i) receiving command line data from a target computing system, (ii) building a baseline model that utilizes machine-learning to analyze the command line data, the baseline model comprising a support-vector machine (SVM), natural language processing, and a hashing function, (iii) assigning, utilizing the baseline model, a score to each of a plurality of instances of the command line data, and (iv) identifying, based on the score, anomalous commands comprising potentially malicious data when any of the instances of the command line data fails to exceed a threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users from security threats may include (i) receiving a photograph of a target that a user is attempting to acquire, (ii) extracting, from the photograph, an identifier of the target, (iii) applying the identifier of the target to a software security policy that indicates whether the target is safe for the user, and (iv) releasing locked resources to enable the user to acquire the target based on a determination that the software security policy indicates that the target is safe for the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for customizing security alert reports may include (i) identifying a local machine learning model that predicts how a client responds to security alerts generated for the client, (ii) identifying a set of peer machine learning models that predict how a set of peers of the client each responds to security alerts generated for each respective peer, (iii) measuring a level of similarity between the client and each respective peer of the set of peers according to a similarity metric to create a similarity model, (iv) aggregating the local machine learning model and at least one of the set of peer machine learning models based on the similarity model to create an aggregated machine learning model, and (v) protecting the client by applying the aggregated machine learning model to customize an electronically displayed security alert report. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for controlling access to a computing device includes detecting one or more wireless devices configured as wireless access points. A handshake operation involving the computing device and a key device may then be performed. The method further includes receiving, at the computing device and during a calibration phase, wireless signals transmitted by the key device wherein during the calibration phase the computing device determines an approximate signal strength corresponding to a desired distance between the computing device and the key device. Subsequent to the calibration phase, other wireless signals transmitted by the key device are received at the computing device. The method further includes detecting, based upon a received signal strength of the other wireless signals, that the computing device and the key device are separated by at least the desired distance and, in response, electronically locking or otherwise inhibiting user access to the computing device.

Abstract: The disclosed computer-implemented method for protecting users may include (i) identifying a first light-and-radio frequency signature that was captured by a security device based on signals emanating from a mobile computing device at a first time and location, (ii) identifying a second light-and-radio frequency signature that was captured by a same or different security device based on signals emanating from the same mobile computing device at a second time and location, (iii) determining that the first light-and-radio frequency signature and the second light-and-radio frequency signature match such that an inference is made that an individual possessing the mobile computing device was present at both the first time and location and the second time and location, and (iv) performing, based on the inference, a security action to protect a user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for verifying decentralized federated data using influence evaluation may include (i) calculate an influence score for each of a group of data instances, (ii) rank the data instances based on the influence scores, (iii) determine an anomaly score for each of the ranked data instances, (iv) select the ranked data instances with the highest anomaly scores as containing potentially malicious data, and (v) perform a security action that protects against the potentially malicious data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for password breach monitoring and notification may include (i) detecting a set of authentication credentials for a user, (ii) generating a one-way hash for a password associated with the authentication credentials, (iii) selecting a hash prefix including a subset of data in the hash, (iv) sending the hash prefix to a backend service for matching with a set of hash suffixes associated with known compromised passwords, (v) determining that a breach has occurred based on the password associated with the authentication credentials being compromised when the hash prefix matches a hash suffix in the set of hash suffixes, and (vi) performing a security action that protects against an additional breach associated with the compromised password. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented methods for automatically recovering from malware attacks may include (1) saving, in response to determining that a reputation of a process is unknown, a backup copy of a file on a remote storage device prior to allowing the process to modify the file; (2) determining, after the process has modified the file, that the process is potentially malicious; and (3) restoring, in response to determining that the process is potentially malicious, the backup copy of the file from the remote storage device. The provided methods may automatically recover computers from ransomware attacks and other malware attacks which encrypt file systems. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Employing beacon messages to restart an application on a mobile device. In some embodiments, a method may include subscribing, at the secondary mobile device, to a beacon publisher of the primary mobile device. The method may also include determining, based on historical location data, that the primary mobile device is likely within range of the secondary mobile device for beacon communication therebetween. The method may further include activating, at the primary mobile device, the beacon publisher. The method may also include publishing, at the primary mobile device, a beacon message configured to cause a secondary mobile application on the secondary mobile device to restart. The method may further include receiving, at the secondary mobile device, the beacon message. The method may also include, in response to receiving the beacon message, restarting, at the secondary mobile device, the secondary mobile application of the secondary mobile device.

Abstract: The disclosed computer-implemented method for selectively encrypting controlled information for viewing by an augmented reality device may include (i) automatically identifying, at a computing device and using at least one of natural language processing and/or a pre-defined data loss prevention policy, a portion of a source text including controlled information, (ii) tokenizing the portion of the source text, and (iii) performing a security action that may include (A) generating a public key, (B) encrypting the tokenized portion of the source text with the public key to produce an encrypted marker, and (C) replacing the portion of the source text with the encrypted marker to produce a replacement document. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for training malware classifiers may include (1) perturbing, at a computing device, a binary file in a manner that maintains functionality of the binary file, (2) classifying the perturbed binary file with a first machine learning classifier to produce a classification result, (3) producing a transformed file by repeating the perturbing and classifying steps until the transformed file becomes misclassified, and (4) performing a security action comprising training a second machine learning classifier with the transformed file and an associated correct classification result. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for identifying privacy leakage information may include (1) identifying, at the computing device, at least one informative word in a digital text and (2) performing a security action that identifies privacy leakage information, where the security action includes (A) determining, for at least one identified informative word, a type of privacy leakage and a respective confidence score indicating a probability the identified informative word causes the type of privacy leakage, (B) determining, using the respective confidence score, a combined confidence score for each respective element within a level of detail to display, and (C) displaying, on a display device, the combined confidence score for each respective element within the level of detail to display. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems are provided for monitoring private information exposure. One example method generally includes detecting, at a computing device, a potentially exposing post on a publicly-accessible server and determining, by an exposure model operated by the computing device, an exposure chance for the potentially exposing post. The method further includes transmitting an initial notification of the potentially exposing post from the computing device to a client device based on the exposure chance from the exposure model and detecting an update event associated with the potentially exposing post. The method further includes updating the exposure model based on the update event and transmitting a personalized notification from the computing device to the client device based on the update event.

Abstract: The disclosed computer-implemented method for performing load balancing and distributed high-availability may include (i) detecting through a group communication channel that links all nodes of a computing cluster that an overburdened node of the computing cluster has fallen below a predefined performance level, (ii) determining to transfer a specific microservice transaction from the overburdened node to a helper node in the computing cluster, (iii) copying data for the specific microservice transaction from a portion of a central data store that is reserved for the overburdened node to another data store that is reserved for the helper node, and (iv) completing, by the helper node, the specific microservice transaction by referencing the copied data for the specific microservice transaction in the data store that is reserved for the helper node. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Adaptive security filtering on a client device. A method may include applying a data filter to a client device to obtain a first set of data associated with the client device, determining a risk level of a datum of the first set of data, determining a resource level associated with obtaining the first set of data, adjusting the data filter to an adjusted filter based on the determined risk level of the datum and the determined resource level, and applying the adjusted filter to the client device.

Abstract: Privacy preserving secure task automation. A method may include generating, by a first section of a platform, a pair of encryption keys (private and shared secret keys); receiving, by a second section of the platform, platform user data, trigger service user data; and action service user data, wherein the user of the services and platform are the same; sending the shared secret key to the services; storing the private key in the first section; receiving from the trigger service, by the second section, a first communication encrypted with the shared secret key, regarding occurrence of a trigger; determining, by the first section, that the trigger corresponds to the user of the platform; encrypting a second message with the shared secret key, requesting invocation of the action based on the trigger; and transmitting the second encrypted message to the action service without the data related to the user of the platform.

Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Identifying and protecting against evolving cyberattacks using temporal word embeddings. In some embodiments, a method may include identifying sequences of security events that occurred over time on endpoint devices. The method may also include embedding each of the sequences of security events into low dimensional vectors, such that each of the sequences of security events is treated as a sentence, and such that each of the security events is treated as a word in the corresponding sentence. The method may further include analyzing the low dimensional vectors to identify a first cyberattack represented by a first sequence of security events and a second cyberattack represented by a second sequence of security events that is different from the first sequence of security events, the second cyberattack being an evolved version of the first cyberattack. The method may also include, in response to identifying the second cyberattack, protecting against the second cyberattack.