Abstract: The disclosed computer-implemented method for securing computing devices that are not in users' physical possessions may include (i) taking, at a computing device of a user while the user is in physical possession of the computing device, a first measurement of a biological attribute of the user's body, (ii) taking, at the computing device, a second measurement of the same biological attribute, (iii) analyzing, at the computing device, the second measurement relative to the first measurement to determine that the user is no longer in physical possession of the computing device, and (iv) performing, at the computing device in response to determining that the user is no longer in physical possession of the computing device, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method may include (i) monitoring computing activity, (ii) detecting, during a specific time period, at least one malicious network connection that involves a computing device within a network, (iii) determining that no malicious network connections involving the computing device were detected during another time period, (iv) identifying a feature of the computing activity that (a) occurred during the specific time period and (b) did not occur during the other time period, (v) determining that the feature is likely indicative of malicious network activity due at least in part to the feature having occurred during the specific time period and not having occurred during the other time period, and in response to detecting the feature at a subsequent point in time, (vi) performing a security action on a subsequent network connection attempted around the subsequent point in time. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for restarting computing devices into security-application-configured safe modes may include (1) configuring a security application to recognize a predetermined signal received via a predetermined hardware device that indicates that a user wants to restart the computing device into a security-application-configured safe mode that prevents suspicious applications from loading, (2) detecting the predetermined signal via an instance of the predetermined hardware device that is connected to the computing device, (3) setting, in response to detecting the predetermined signal, a registry key on the computing device that will instruct the computing device to boot into the security-application-configured safe mode during a restart sequence, and (4) restarting the computing device in the security-application-configured safe mode in response to detecting the registry key during the restart sequence. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A virtual identity and context module may generate a virtual identity for a user. Virtual identities for different categories of users may be sourced from disparate identity services. For example, a first authentication of the user provided by a first identity service may be identified. A first virtual attribute field of the virtual identity may be populated or filled based on a first attribute field associated with the first identity service. A second identity service associated with the user may also be identified. A second virtual attribute field of the virtual identity may be populated or filled based on a second attribute field associated with the second identity service. Access to an application may be provided to a user based on the virtual attribute fields of the virtual identity that has been generated for the user.

Abstract: Techniques for providing event driven notifications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing event driven notifications comprising monitoring an electronic media feed for an event associated with a specified criteria, identifying, using at least one computer processor, a plurality of events in the electronic media feed, filtering the plurality of events, identifying an event of the plurality of events matching a specified location, and providing a notification associated with the identified event.

Abstract: A system and method for detecting an invalid packet on a Controller Area Network (CAN) bus having a plurality of CAN nodes coupled thereto is provided. The method may include monitoring a CAN identifier (CAN ID) of each packet sent by each CAN node. The method may also include determining whether to detect the validity using a time threshold, historical data, or an acknowledgement (ACK) bit. For example, when the CAN ID is unknown, the method may include the use of validity detection process based upon the ACK Slot bit. Accordingly, the method may include detecting the validity of each packet using the selected method determined. In addition, the method may include storing the detected validity in a database having a listing for valid packets (white list) and a listing for invalid packets (black list). Moreover, the method may include disabling the invalid packets.

Abstract: A method for defeating wireless signal interference hacks is described. The method may include monitoring operations associated with user input of a user into an application on a mobile computing device. The user input may include physical interaction by the user's fingers with the mobile computing device causing signal interference by the fingers with a wireless signal transmitted by the mobile computing device such that a position of the fingers is detectable by a third party receiving the wireless signal. The method may include detecting an information entry event based on the monitored operations, modifying a wireless signal strength of the wireless signal transmitted by the mobile computing device from a standard signal strength level such that the position of the fingers of the user on the mobile computing device is not detectable by the third party receiving the wireless signal in response to detecting the information entry event.

Abstract: Methods, apparatuses, and systems directed to improving shared file access in wide area network file systems. In a particular implementation, one or more elements of a wide area file system cooperate to keep an original file intact on a remote file server until a new copy of the same file is completely flushed to the remote file server. In a particular implementation, rename operations identifying a source and a target in connection with application-level save operations are executed as two composite operations including creation of the target, and a delayed deletion of the source. The delay after which the source is deleted can be configured to be just large enough so that the application save operation on a local cache can be completed.

Abstract: The disclosed computer-implemented method for detecting malware may include (1) identifying a plurality of programs represented in machine code, (2) deriving a plurality of opcode n-grams from opcode sequences within the plurality of programs, (3) training an autoencoder by using the plurality of opcode n-grams as input, (4) discovering a set of features within the autoencoder after training the autoencoder, each feature within the set of features comprising a linear combination of opcode n-grams from the plurality of opcode n-grams, and (5) classifying a potentially malicious program as malicious by using the set of features discovered within the autoencoder to analyze the potentially malicious program. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A router-level computer security component validates multiple endpoint computer security components on multiple endpoint devices in a local area network, based on whether given endpoints each have a specific anti-malware scanning engine and set of signatures used by the router-level component. To validate a given endpoint, the router-level component transmits a code sample which will trigger scanning by the specific anti-malware scanning engine in conjunction with a specific signature of the set, resulting in a specific detection result. In response to receiving the specific, expected detection result in return, the router-component validates the endpoint.

Abstract: The disclosed computer-implemented method for classifying permissions on mobile devices may include (1) detecting that an application executing on a mobile device is issuing a request for one or more requested permissions to access one or more components of the mobile device, (2) determining an intended use of the application, (3) performing, through a security system distinct from the application and the operating system, an analysis of the request issued by the application at least in part by determining whether the intended use of the application corresponds to an expected use of the requested permission, and (4) providing, via a graphical user interface, a result of the analysis to an end user of the mobile device that indicates a security implication caused by granting the one or more requested permissions to the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for logging processes within containers may include (i) detecting creation of a new container that comprises a lightweight platform-independent filesystem capable of executing at least one process that is isolated from a host computing device that hosts the container, (ii) launching, within the new container, a monitoring process that maintains a log of events associated with a process that will be executing within the new container, (iii) recording to the log, by the monitoring process, data about at least one event associated with the process executing within the container, and (iv) exporting, by the monitoring process, the log to the host computing device that hosts the new container. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for secure communications between devices may include (1) receiving, from a control device that is capable of providing instructions to one or more smart devices, a security certificate that identifies the control device and also contains privilege information that indicates how the control device is allowed to interact with the smart devices, (2) receiving, from the control device, a request to interact with a smart device, (3) analyzing the privilege information in the security certificate to determine whether the requested interaction is allowed by the privilege, and (4) controlling the requested interaction based on whether the privilege information indicates that the requested interaction is allowed. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting potentially malicious files may include (1) detecting an attempt by the computing device to execute a file, (2) prior to execution of the file, determining that a filename of the file contains a combination of characters indicative of a false filename extension included within a middle section of the filename, (3) determining, based at least in part on the false filename extension being included within the middle section of the filename, that the file is potentially malicious, and then in response to determining that the file is potentially malicious, (4) preventing the computing device from executing the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing smart building systems may include (1) detecting a set of smart devices comprising first and second smart devices in a smart building network, (2) maintaining a smart device management repository by, for each smart device, maintaining information indicating capabilities of the smart device and tracking a location of the smart device, (3) detecting a change in a state of the first smart device, (4) using the smart device management repository to evaluate a proximity of the first smart device to the second smart device and determine that a capability of the second smart device is correlated with the change in state of the first smart device, and (5) triggering a management action in the smart building network based on both the proximity of and the correlation between the first and second smart devices. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enabling calls to bypass call-blocking functions may include (1) transmitting, from the computing device that is configured with a call-blocking function, a token to an additional device owned by an individual who is to be allowed to bypass the call-blocking function of the computing device, (2) receiving, by the computing device, a request from an unknown device to initiate a call to the computing device that would be blocked by the call-blocking function, (3) determining that the request to initiate the call includes the token, and (4) enabling the call from the unknown device to the computing device to bypass the call-blocking function in response to determining that the request includes the token. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for verifying that operators are human based on operator gaze may include (1) presenting an image to a user of the computing device via a display element of the computing device, (2) tracking the user's gaze as the image is presented to the user, (3) determining, based on an analysis of the user's gaze, that one or more patterns of the user's gaze are consistent with one or more human gaze patterns, and (4) classifying the user as a human in response to determining that the one or more patterns of the user's gaze are consistent with one or more human gaze patterns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing assistance to users in emergency situations may include (i) detecting that a user of an endpoint device is involved in an emergency situation, (ii) identifying an individual capable of assisting the user in the emergency situation by (a) locating an additional endpoint device that is nearby the endpoint device of the user and (b) determining that the additional endpoint device asserts an attribute of the individual that indicates the individual is qualified to assist the user involved in the emergency situation and is verified by a trusted third party, and (iii) enabling the individual to assist the user involved in the emergency situation by providing information about the emergency situation from the endpoint device of the user to the additional endpoint device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing security actions based on people's actual reactions to interactions may include (i) detecting an interaction (e.g., an interaction with a digital communication) of a monitored person (e.g., a child), (ii) estimating the monitored person's expected reaction to the interaction, (iii) using contemporaneous sensor data to estimate the monitored person's actual reaction to the interaction, and (iv) performing a security action based at least in part on a comparison of the monitored person's expected reaction and the monitored person's actual reaction. Various other methods, systems, and computer-readable media are also disclosed.