Abstract: A method and a system for identifying indicators of compromise in a network infrastructure are provided. The method being executable by a computing device communicatively couplable to the network infrastructure, the computing devices being positioned outside a perimeter of the network infrastructure.

Abstract: A method, system and product for determining a characterization of a terminal within a binary code, based on influences of the terminal. Based on the characterization of the terminal, the terminal is determined to be potentially affected by external input that is inputted to a device executing the binary code. A propagation path that indicates a reachability of the terminal within the binary code is determined. A code patch associated with a functionality of at least a portion of the binary code and with the propagation path of the terminal is located in the binary code. The code patch can be executed independently from the binary code. The code patch is extracted from the binary code for testing, and an emulation of the code patch is generated to enable fuzz testing of the emulation, whereby the code patch is tested independently.

Abstract: A method and a system for preventing an activity of a malware application in a computer system are provided. The method comprising: receiving at least one artefact of a sandbox environment to be installed in the computer system for simulating the sandbox environment in the computer system; receiving an indication of at least one interaction of a given application with the at least one artefact; analyzing an activity of the given application to detect at least one of a first type event and a second type event triggered thereby after executing the at least one interaction; in response to the analyzing rendering a positive result: identifying the given application as being the malware application; and using data indicative of a digital footprint of the given application in the computer system for further updating the at least one artefact for further preventing the activity of the malware application.

Abstract: Non-limiting embodiments of the present technology are directed to a system and a method for ensuring cybersecurity, namely, to a method for distributed malware inspection and a system implementing the method. The method comprises receiving input data identifying a potential malware; checking the potential malware based on the input data; adding check parameters and at least one result of the potential malware check into the transaction pool; receiving results of the distributed check of the potential malware from the plurality of networked computer devices; determining a harmfulness parameter based on results of the distributed malware check of the potential malware; in response to the harmfulness parameter of the potential malware exceeds a predetermined threshold value, identifying the potential malware as malware; storing the identified malware and associated data related to the identified malware in the distributed malware register.

Abstract: A computing device for informing about malicious web resources and a method for informing about malicious web resources performed on this computing device are claimed. The claimed method includes performing operations wherein: obtaining references to a plurality of web resources; identifying malicious web resources in a specified set of web resources; establishing web resources associated with each of the identified malicious web resources; detecting malicious web resources in the identified related web resources; identifying at least one authorized entity associated with each of the identified malicious web resources; generating at least one report for at least one of the established authorized entities based on information about the detected malicious web resources associated with this authorized entity; sending each generated report to the appropriate authorized entity on the basis of the contact details of the authorized entity.

Abstract: A method, system and product, configured to perform: during an execution of a program, obtaining boundaries of a stack frame of a function that is currently present in a stack, wherein said obtaining the boundaries comprises: obtaining a return address of the function in the stack; determining a length of the function using a mapping of return addresses of one or more functions in the program and corresponding lengths of the one or more functions; and determining the boundaries of the stack frame of the function based on a value of a stack pointer of the stack and based on the length of the function; based on the boundaries of the stack frame of the function, determining that the stack frame is overflown; and in response to said determining that the stack frame is overflown, performing a responsive action.

Abstract: A computing device for detecting suspicious users in a plurality of messaging systems and a method for detecting suspicious users therein executable the computing device are proposed. The claimed method includes: receiving a plurality of user messages from a plurality of messaging systems; analyzing each of the received user messages to identify at least one message suspiciousness indicator from a predetermined set of message suspiciousness indicators; if at least one message suspiciousness indicator is detected in the analyzed user message, identifying at least one user associated with the analyzed user message in one of the plurality of messaging systems; assigning each of the identified users a user suspiciousness indicator depending on the identified message suspiciousness indicators; classifying users in the one of the plurality of messaging systems as suspicious their reputation score exceeds a predetermined reputation threshold limit.

Abstract: A method of determining associated network resources from a plurality of network resources available on a network, the method executable by a server that is communicatively coupled to the network. The method comprises: scanning, by the server, the network to identify a first network resource and a second network resource of the plurality of network resources; retrieving, by the server, information associated with the first network resource and the second network resource, the information comprising at least one parameter of the first network resource and at least one parameter of the second network resource; in response to a match between the at least one parameter of the first network resource and at least one parameter of the second network resource, determining a connection between the first network resource and the second network resource.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: A method for detecting phishing resources through collection of URL links. The method is executable by a web server and comprises receiving, by the web server, a query for obtaining an object hosted by the web server; extracting, by the web server, from the “Referer” field of the query, a URL link pointing to a query source; generating, by the web server, at least one converted URL link pointing to a different resource located on a same host as the query source, based on the extracted link; and sending the at least one converted URL link for a phishing analysis.

Abstract: A method for detecting a phishing web page. The method, executable at a sever, comprises detecting at least one unique web page attribute that allows to identify a known phishing web page as a phishing web page; analyzing, by the server, the known phishing web page to determine at least one additional unique attribute indicative of the known phishing web page targeting a phishing target web resource; generating, by the server, at least one phishing detection rule that is based on the at least one unique attribute and the at least one additional attribute; storing the at least one phishing detection rule; receiving a new web page to be checked for phishing; applying the at least one phishing detection rule for analyzing the new web page; in response to the analyzing rendering a positive outcome, identifying the new web page as a phishing web page.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: This technical solution relates to systems and methods of cyber attack detection, and more specifically it relates to analysis methods and systems for protocols of interaction of malware and cyber attack detection and control centers (servers). The method comprises: uploading the malware application into at least one virtual environment; collecting, by the server, a plurality of malware requests transmitted by the malware application to the malware control center; analyzing the plurality of malware requests to determine, for each given malware request: at least one malware request parameter contained therein; and an order thereof of the at least one malware request parameter.

Abstract: An RFID token apparatus has a connection module for interfacing with an appliance capable of communicating and interacting with remote servers and networks, a translation module for moving signals between a USB interface and a smart card interface, a processor module which may be capable of operating as a dual-interface (DI) chip; and an input/output module having at least one RF antenna and a modulator. An RFID-contactless interface according to ISO 14443 & ISO 15693 and/or NFC. A wireless interface according to ZIGBEE wireless, BLUETOOTH wireless, WLAN 802.11, UWB, USB wireless and/or any similar interface. An RFID reader apparatus has a housing; a slot for a contact or contactless fob; and a USB stick alternately protruding from the housing and retracted within the housing.

Abstract: A portable RFID reader apparatus having a contactless interface and slots or recesses for insertion of contactless smart card fobs, including ID card, and having a wireless interface for communicating with a token plugged into a computer, provides physical and logical access.

Abstract: A retractable USB stick comprises: an elongate housing having an open end, a USB stick disposed within the elongate housing, and means for causing the USB stick to project out of and retract back into the housing. The means for causing the USB stick to project may be patterned after comparable means in a lipstick dispenser mechanism of U.S. Pat. No. 3,941,489. The means for causing the USB stick to project/retract may comprise an outer holder having an elongate housing with an opening at one end, an intermediate sleeve sized disposed between the USB stick and the holder, and means for imparting reverse motion includes a toothed wheel disposed at a back end of the intermediate sleeve, teeth on an inner surface of the outer holder and teeth on an elongate linear track extending from the back end of the USB stick. Optionally, the USB stick may be releasably locked in the open position, and means may be provided for closing the open end of the housing.

Abstract: An iron based hardfacing alloy with an undiluted (all weld material) alloy composition is substantially balanced in order to achieve an hypo-eutectic primary austenitic with secondary martensitic solidification mode. The alloy enables the deposition of substantially crack-free single layers of hardfacing onto industrial components without any post weld treatment. The hardfacing alloy is capable of withstanding abrasion of silicious earth particles when applied to industrial products, such as tool joints, stabilizers and casing and other tubulars used in oil and gas well drilling, and other industrial products.

Abstract: A pocket-size RFID reader apparatus having a contactless interface and a slot for insertion of a contactless smart card fob, and having a biometric sensor, thereby providing two levels of personalization. The apparatus may have a wireless interface; and a slot for insertion of a wireless SD I/O device. The apparatus may have a slot for insertion of an external memory device. The apparatus may have a mechanical connection (contact) interface. The apparatus may also have an RF interface for reading an electronic immobilizer within the apparatus.

Abstract: An interface conversion reader (ICR) to convert a contact smartcard reader to a contactless smartcard reader. The ICR may have a rectangular card body format for insertion into a slot provided in a conventional contact smartcard reader, with a portion of said card body protruding out of the reader after insertion; wherein the protruding portion of said card body incorporates a contactless interface with an antenna to inductively couple and communicate with a contactless smartcard. The ICR may comprise an ISO 7816 contact interface to communicate with the contact smartcard reader and to draw power from said reader to activate the conversion of ISO 7816 data to ISO 14443 data.

Abstract: A system and method is provided for protecting the exterior surface of drill pipe bodies from abrasion and wear during drilling operations alternatively using a hardbanded pipe collar inserted into a drill pipe body; a hardbanded pipe sleeve slid over a section of the drill pipe body; or a hardbanded circumferential built up section of the drill pipe body.