Abstract: Thwarting one-time password (OTP) theft. In one embodiment, a method may include receiving, at a messaging application executing on the mobile device, a text message from a website that includes an original OTP. The method may also include encrypting, by the messaging application, the original OTP included in the text message to thwart theft of the original OTP from the text message.

Abstract: Securing a network device by forecasting an attack event using a recurrent neural network. In one embodiment, a method may include collecting event sequences of events that occurred on multiple network devices, generating training sequences, validation sequences, and test sequences from the event sequences, training a recurrent neural network using the training sequences, the validation sequences, and the test sequences, collecting an event sequence of the most recent events that occurred on a target network device, forecasting, using the recurrent neural network and based on the event sequence of the most recent events that occurred on the target network device, the next event that will occur on the target network device, and in response to the forecasted next event being an attack event, performing a security action to prevent harm to the target network device from the attack event.

Abstract: The disclosed computer-implemented method for categorizing web applications based on age restrictions in online content policies may include (i) accessing a web application associated with a group of application pages, (ii) determining policy data for accessing content from the web application in the application pages, (iii) extracting one or more age restrictions for accessing the web application from the policy data, and (iv) performing a security action that prevents underage access to the web application based on the age restrictions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for identifying a malicious user interface may include (1) detecting, at a computing device, a launch of a user interface (UI), (2) gathering characteristics of the UI including a UI image, (3) identifying the UI is not permissible by comparing the UI image to a whitelist including permissible UI images, and (4) performing, when the UI image is not permissible, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting passwords may include (i) intercepting network traffic indicating an attempted login procedure at a workload device to login to a protected resource, (ii) prompting a user, in response to intercepting the network traffic, and at an authentication device that has been registered to the user, to indicate whether to approve the attempted login procedure, (iii) collecting, at the authentication device, a credential for the attempted login procedure that was stored in a protected vault of the authentication device, (iv) providing, by the authentication device to the workload device, an authentication decision based on the collected credential, and (v) injecting, at the workload device, the authentication decision into a browser session to enable the user to complete the attempted login procedure to login to the protected resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for delegating endpoint security operations to a nearby computing device may include (i) receiving device state data from one or more computing devices, (ii) determining a device state reputation for each of the one or more computing devices based on the device state data, (iii) selecting a device from the one or more computing devices based on the device state reputation for each of the one or more computing devices, and (iv) in response to selecting the device, delegating one or more operations for a security action to the selected device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enabling multi-factor authentication for seamless website logins may include (1) generating a numerical sequence utilized for authenticating a user for multi-factor authentication on a website, (2) detecting user login credentials for initiating a multi-factor authentication session on the website, (3) receiving, in response to the user login credentials, a request for multi-factor authentication data associated with the numerical sequence from the website, (4) retrieving, utilizing an application programming interface (API), the multi-factor authentication data from a secure storage associated with the user, and (5) providing, utilizing the API, the multi-factor authentication data to the website to login the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for learning queries in automated incident remediation is performed by one or more computing devices, each comprising one or more processors. The method includes parsing at least a portion of incidents from an incident log based at least in part on one or more incident types associated with each incident from the portion of the incidents, identifying parameters associated with a plurality of queries, grouping the plurality of queries into a plurality of query groups based at least in part on the identified parameters, identifying a new incident added to the incident log, and generating an automated query based at least in part on a similarity between the new incident and a prior incident.

Abstract: The disclosed computer-implemented method for improving application analysis may include (i) configuring a computing environment to execute an application such that the computing environment spoofs a simulated geolocation that is detected by the application, (ii) performing a dynamic analysis of how the application behaves within the simulated geolocation, and (iii) generating a holistic security analysis of the application based on both a result of the dynamic analysis performed for the simulated geolocation and an additional result of at least one additional dynamic analysis performed for a second geolocation that is distinct from the simulated geolocation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for preventing malicious applications from exploiting application services may include (i) identifying an attempt by an application, executing within a sandboxed environment that isolates the application's data and code execution from at least one other application executing within an operating system on the computing device, to launch at least one application service, (ii) determining that the application represents a potential security risk, (iii) prompting a user of the computing device to remediate the potential security risk posed by the application by performing a recommended security action, and (iv) while waiting for the user to perform the recommended security action, securing the computing device by blocking the attempt by the application to launch the application service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for controlling access to a peripheral device may include receiving an input/output request related to a process attempting to access the peripheral device. The method can also include determining an access state for the process indicative of whether the process will be allowed to gain access to the peripheral device. The access state can be based on a context property of the process. The method can further include responding to the input/output request with initiation of a virtual peripheral output from a virtual peripheral device if the access state is indicative of the process not being allowed access to the peripheral device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for controlling access to a computing device which involves detecting, at a key device, one or more wireless devices configured as wireless access points. A handshake operation involving the key device and the computing device is performed wherein the computing device is included among the one or more wireless devices. Wireless signals transmitted by the computing device are received, during a calibration phase, at the key device. During the calibration phase the key device determines an approximate signal strength corresponding to a desired distance between the key device and the computing device. Based upon a received signal strength of other wireless signals transmitted by the computing device, it may be detected that the key device and the computing device are separated by at least the desired distance. If so, the computing device may be electronically locked or user access to it otherwise inhibited.

Abstract: The disclosed computer-implemented method for detecting misuse of online service access tokens may include (1) receiving a user permission token to access an online service that manages one or more user resources, (2) monitoring, based on utilization of the user permission token, usage data associated with an access token issued to a relying party for accessing the user resources managed by the online service, (3) identifying, based on the usage data, activity associated with the access token being misused by the relying party, and (4) performing, a security action that protects the user resources against the activity associated with the access token being misused by the relying party. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for issuing proactive parental control alerts may include (i) monitoring, through a sensor of the computing device, sensor data indicating an emotional state of a child consuming media content through the computing device, (ii) detecting, through analyzing the sensor data, that the media content has triggered an adverse emotional state within the child, and (iii) performing a security action, in response to detecting that the media content has triggered the adverse emotional state within the child, by issuing an alert in connection with a parental control software system that controls access by the child to media content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for implementing adaptive policy based computer security is described. In one embodiment, the method may include monitoring a behavior of a user on a computing device associated with the user, determining whether the user triggers one or more policy triggers associated with a broad policy or at least one sub-policy of the broad policy, or both, and upon determining the user triggers at least one policy trigger during the monitoring period, implementing a customized version of the broad policy on the computing device. In some cases, the method may include implementing the broad policy on the computing device upon determining the user does not trigger any of the one or more policy triggers. In other cases, the method may include triggering at least one of the policy triggers based at least in part on a requested action and determining whether the requested action includes a security threat.

Abstract: The disclosed computer-implemented method for detecting certificate pinning may include (i) attempting, by a security network proxy, to break a network connection between a client device and a server device, (ii) detecting, by the security network proxy, whether the network connection between the client device and the server device is certificate pinned based on a result of attempting to break the network connection, and (iii) performing a security action by the security network proxy to protect the client device at least in part based on detecting whether the network connection between the client device and the server device is certificate pinned. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting unauthorized use of an application may include (1) receiving, by the computing device, fingerprint data associated with a fingerprint, where the fingerprint data is received from the touchscreen, when a user interface of the application is displayed on the touchscreen, and in an absence of displaying a request for fingerprint data on the touchscreen, (2) comparing the received fingerprint data to a whitelist of authorized fingerprint data to determine a presence of a match, where the authorized fingerprint data indicates at least one fingerprint of at least one user that is authorized to access the application and (3) performing, when the received fingerprint data does not match the whitelist of authorized fingerprint data, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for controlling uploading of potentially sensitive information to the Internet may include (i) loading, at the computing device, at least a portion of a webpage and (ii) performing a security action including (A) converting, at the computing device, components of the webpage from an online status to an offline status, (B) receiving a sensitive information input to a respective offline component of the webpage, (C) converting, based on a stored user preference and in response to receiving the sensitive information input, the respective offline component to the online status, (D) buffering an outgoing network request comprising the sensitive information input, (E) receiving an approval input indicating approval to transmit the potentially sensitive information to the Internet, and (F) releasing the outgoing network request in response to receiving the approval input. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for anomaly detection using grouping-based graph summarization is performed by one or more computing devices, each including one or more processors. The method includes identifying a first graph from a stream of incoming graphs, generating a first summary of the first graph, classifying the first summary in a first category, identifying a second graph from the stream of incoming graphs, generating a second summary of the second graph, comparing the first summary with the second summary, mapping the first summary and the second summary to the first category upon determining that the comparing indicates a similarity between the first summary and the second summary satisfies a graph similarity threshold, analyzing a frequency of graphs being mapped to graph categories, the graph categories including at least the first category, and detecting an anomaly in one of the graph categories based at least in part on the analysis.

Abstract: The disclosed computer-implemented method for classifying electronic files may include (i) identifying an electronic file that is being evaluated for importance by a file-categorization system, (ii) collecting, via at least one user-state monitoring device, information about a physical state of at least one user while the user is interacting with the electronic file, (iii) determining, based on the information about the physical state of the user while the user was interacting with the electronic file, whether the user considers the electronic file to be important, and (iv) classifying, by the file-categorization system and based at least in part on determining whether the user considers the electronic file to be important, the electronic file as an important file. Various other methods, systems, and computer-readable media are also disclosed.