Abstract: A method for managing data loss prevention policies for applications may include 1) maintaining, in at least one database, a categorization of at least one application as either a business application or a personal application, 2) assigning, in the database, a data loss prevention policy to the application based on the categorization of the application in the database as either a business application or a personal application, 3) detecting that the application is attempting to access sensitive data, and 4) applying, in response to the detected attempt by the application to access sensitive data, the data loss prevention policy assigned to the application to the detected attempt by the application to access sensitive data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information are stored into the clipboard. A paste operation is evaluated based on the data, and the information is evaluated against a policy to determine whether the paste operation should be blocked.

Abstract: According to one embodiment, a computer-implemented method comprises determining a first threat score and a second threat score respectively corresponding to a first user action and a second user action on one or more computer applications and calculating an aggregate threat score for the determined threat scores. Calculating the aggregate threat score comprises summing together the first threat score and a contribution of the second threat score, wherein the contribution of the second threat score is determined based on the second threat score and a margin corresponding to the difference between a maximum threat score and the first threat score.

Abstract: The disclosed computer-implemented method for registering user accounts with multi-factor authentication schemes used by online services may include (1) determining that a user is associated with an account with an online service that allows the user to register the account with an MFA scheme that requests the user to complete multiple authentication steps before being allowed to access the account, (2) identifying, based on an analysis of the online service, at least a portion of the information that is requested by the online service to register the account with the MFA scheme, and (3) providing the requested information to the online service such that the account is registered with the MFA scheme. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting suspicious microcontroller messages may include (1) observing a typical interval at which messages are sent over a network by a microcontroller, (2) identifying a message sent over the network by the microcontroller, (3) determining that the interval between the message and the previous message sent by the microcontroller does not comprise the typical interval, and (4) categorizing the message as a suspicious message in response to determining that the interval does not comprise the typical interval. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for authenticating whole disk encryption systems may include (i) detecting, by a computing device, an attempt to initiate a boot process on the computing device, (ii) verifying, by the computing device, an initial decryption key, (iii) decrypting, by the computing device, an initial set of software required to boot crucial functions of the computing device using the initial decryption key, (iv) detecting, by the computing device, a secondary device running an authentication application, (v) receiving, by the computing device, a second decryption key from the authentication application on the secondary device, and (vi) completing the boot process on the computing device based on a security policy associated with the second decryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, apparatuses, and systems relating to narrow beam communications and wireless networking are disclosed. Exemplary methods for wireless networking and communications may include identifying a geographic area, receiving topography data related to the geographic area, analyzing the topography data, identifying a first line of sight path related to a first access point location and one or more customer premises device locations based at least in part on the analyzing, and identifying a second line of sight path based at least in part on a predetermined amount.

Abstract: In certain embodiments, a method includes mapping, by a first application, personally identifiable information to an anonymous identification, generating, by the first application, a key, and sending, by a first appliance, the anonymous identification and the key to a second appliance, wherein the first appliance comprises the first application. The method also includes receiving, by the first appliance and from a browser, a token generated by a second application of the second appliance, wherein the token is associated with the key. The method further includes sending, by the first appliance, the personally identifiable information to the browser after receiving the token from the browser.

Abstract: The disclosed computer-implemented method for sending push notifications that include preferred data center routing information may include (1) configuring at least one rule for determining which data center out of a plurality of data centers is preferred to serve one or more download requests, (2) identifying a push notification that is configured to prompt a device to download data from a data center within the plurality of data centers, (3) using the rule to select, from the plurality of data centers, a preferred data center to which to route the device, and (4) embedding information about the preferred data center in the push notification sent to the device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for presenting information on a graphical user interface are disclosed. In one embodiment, the techniques may be realized as a method for presenting information on a graphical user interface including displaying an endpoint interface via the graphical user interface on a display unit, determining whether an event mode for the endpoint interface has been selected, displaying the endpoint interface in the event mode when the event mode has been selected, determining whether an event has been detected, and displaying the detected event on the endpoint interface in the event mode when the event has been detected.

Abstract: Methods, apparatuses and systems facilitating enhanced classification of network traffic based on observed flow-based and/or host-based behaviors.

Abstract: The disclosed computer-implemented method for automatically making selections in user interfaces may include (1) detecting, on a computing device, a user interface that comprises a prompt for a user of the computing device to select between a first option and a second option, (2) identifying a profile for making, on behalf of the user, a predetermined selection of one of the first option and the second option, (3) determining that the predetermined selection indicates that the first option should be selected on behalf of the user, and (4) selecting, from the prompt, the first option on behalf of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.

Abstract: The disclosed computer-implemented method for automatically populating one-time-password input fields may include (1) detecting, at a first computing device of a user, an input field that requires a one-time password that is included in a message that is sent by a one-time-password provider to a second computing device of the user, (2) identifying, at the second computing device, the message that includes the one-time password, (3) transmitting the one-time password from the second computing device to the first computing device, (4) receiving, at the first computing device, the one-time password, and (5) automatically populating, at the first computing device, the input field with the one-time password. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing computing security by classifying organizations may include (1) identifying a request to classify an organization, (2) generating a web page dynamically in response to the request, the web page including content that describes the organization, (3) locating, within the web page, an advertisement that is dynamically generated by an advertisement network based at least in part on the content of the web page, (4) analyzing the advertisement to determine an organizational classification associated with the advertisement, and (5) imputing the organizational classification to the organization based at least in part on the advertisement having been dynamically generated by the advertisement network based at least in part on the content of the web page. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for presenting information on a graphical user interface are disclosed. In one embodiment, the techniques may be realized as a method for presenting information on a graphical user interface including displaying a deployment map via the graphical user interface on a display unit, determining whether an input has been detected with respect to the deployment map, determining a type of input when the input has been detected, generating an updated deployment map based on the determined type of input, and displaying the updated deployment map on the display unit.

Abstract: A system and method for .Net PE files malware detection is provided. The method may include accessing two or more portable executable (PE) files and detecting at least one identical global user identifier (GUID) attribute. In response to finding identical GUID attributes, the method may include clustering a group of files into family clusters each having the same GUID attribute. The method may generate and release a signature for the family cluster. An exoneration criteria level may be set in accordance with matching characteristics associated with an acceptable software standard for the computing system or network, such that when the exoneration criteria level is reached, the PE file is exonerated from being associated with PUA or malware. Until this criterion is met, the PE file will be identified as PUA or malware. Additional GUID attributes may be identified as further proof that the PE file is polymorphic.

Abstract: Methods, computer program products, computer systems, and the like, which protect messages in an electronic messaging system, are disclosed. The methods, computer program products, computer systems, and the like include detecting an occurrence of an event, and, in response to the detecting the occurrence of the event, scanning a message. The occurrence of the event indicates that the message should be scanned. The message includes recipient information, which identifies a recipient of the message, and is stored in a message store. The message has been received at a message destination associated with the recipient. The scanning uses a malware definition. The scanning is performed prior to the message being retrieved from the message store in response to a request by the recipient to retrieve the message from the message store. The event is other than the request by the recipient to retrieve the message from the message store.

Abstract: Detecting a fraudulent subscriber identity module (SIM) swap may be performed by a mobile app executing on a mobile computing device. A network connectivity state is determined for the mobile computing device to a mobile telephony network provided by a mobile network operator. The mobile computing device is associated with a SIM which is associated with the mobile network operator. A signal strength is determined at the mobile computing device of the mobile telephony network provided by the mobile network operator. A likelihood is determined that a SIM swap has taken place involving the SIM based on the signal strength and the network connectivity state. In some embodiments, a probe request is transmitted to a remote server, requesting that the remote server programmatically call the telephone number associated with the SIM to confirm whether the SIM swap has taken place.

Abstract: A system and method for dynamic detection of Command and Control (C&C) malware is provided. The method may include hooking API within an application and analyzing the code of the hooked API using static analysis. The method may further include conducting dynamic analysis; wherein incoming network and file content is collected and data patterns relating to C&C are detected from this content. Using these data patterns, this system may identify C&C URLs and further filter these URLs using C&C behaviors found during the dynamic analysis. For example, the system may detect when the code attempts to communicate with C&C servers or attempts to write to local files, which set up new C&C servers. Filtering of the C&C URLs may include detecting when the CRC URL intercepts an incoming SMS message or transmits a SMS; executes an abortBroadcast; or initiates collection of data leaked through to the network or the SMS.