Abstract: A method, device and non-transitory computer-readable medium for analysing a data package received by a recipient, using a framework. The framework comprises at least one adjuster; and a processing component for processing the received data package using the at least one adjuster. The at least one adjuster is configured to obtain payload data of the received data package and analyse the payload data for recipient-interactive content, wherein the recipient-interactive content provides access to remote content. The recipient-interactive content is substituted with sanitised recipient-interactive content, and recipient interaction with the sanitised recipient-interactive content is detected. A content check is performed when recipient interaction with the sanitised recipient-interactive content is detected. The content check comprises analysing the remote content, and determining, based on the content check whether the data package represents a security threat.

Abstract: Described embodiments provide systems and methods for identifying malicious attempts to detect vulnerabilities in an application. At least one processor may determine a mean and a standard variation of character counts of each of a plurality of characters from a plurality of sets of data. The at least one processor may determine a distance metric for each of the characters in each of the sets of data. For a corresponding set of data, the at least one processor may determine a number of outliers to determine whether the corresponding set of data is anomalous.

Abstract: A detection system 1 includes a control device 10 and a monitoring device 20 communicably connected to the control device 10. An acquisition unit 10A of the control device 10 acquires a target's observation value by a sensor 30. A first-noise-output unit 10B outputs a first-noise-value changing with time and less than a resolution of the sensor 30. An integration unit 10C outputs an integrated value obtained by integrating the first-noise-value and the observation value. A transmission unit 10D transmits the integrated value to the monitoring device 20. A separation unit 20A of the monitoring device 20 separates the integrated value from the control device 10 into the observation value and the first-noise-value. A second-noise-output unit 20B outputs a second-noise-value as the first-noise-value. A detection unit 20C detects whether the integrated value is a replay attack using the spatial distance between the first-noise-value and the second-noise-value.

Abstract: The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. A method is disclosed for a prover proving to a verifier that a statement is true, while keeping a witness (w) to the statement a secret, and a verifier using a reciprocal method to verify the proof. The prover sends, to the verifier, data including a statement represented by an implemented function circuit, individual wire commitments and/or a batched commitment for the function circuit of the statement, a given function circuit output, and a proving key. Based on the sent data, the verifier is able to determine satisfiability of the function circuit, calculate an elliptic curve point, and validate the statement, thus determining that the prover holds the witness to the statement and ensuring the data complies with the statement.

Abstract: A terminal device verification method and an apparatus are provided. The method includes: a first network device receiving a first message from a first terminal device. Then, the first network device verifies a pairing relationship between the first terminal device and a second terminal device. After the verification on the pairing relationship between the first terminal device and the second terminal device succeeds, the first network device sends a second message to the first terminal device, where the second message include first indication information, and the first indication information is used to indicate a pairing result of the first terminal device and the second terminal device. The pairing relationship between the first terminal device and the second terminal device is verified, so that the first terminal device and the second terminal device can be securely paired, to improve use security of the first terminal device and the second terminal device.

Abstract: Two main methods exist today to enforce access control in a network fabric: soft zoning and hard zoning. However, each of these approaches has some significant drawbacks. Accordingly, presented herein are new and improved systems and methods to perform access control enforcement, which is stronger than soft zoning, and does not need to interact with the fabric switches, as required by hard zoning. In one or more embodiments, an authentication verification entity (AVE) is provided with access control or authorization information. In one or more embodiments, the AVE uses this information to cause an authentication verification failure for connections between hosts and subsystems that are not allowed according to configurations (e.g., zoning configurations) of the fabric.

Abstract: A method for information transmission. In a first transaction step, a first data record is generated by the transmission terminal, and the first data record is transferred to a blockchain. In a first verification step, the first data record in the blockchain is verified and stored as a first verified data record. In a second transaction step, a second data record is generated by the receiver terminal, and the second data record is transferred to the blockchain. In a second verification step, the second data record in the blockchain is verified and stored as a second verified data record. In a data encryption step, encrypted data are generated by the transmission terminal. In a transmission step, encrypted data are transmitted to the receiver terminal. In a data decryption step, a piece of electronic information is made accessible to the receiver.

Abstract: A computing system comprising a processing circuit is configured to receive, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user, determine a policy violation based on the user activity data, compare employee-related information associated with the first user to a threshold, determine a baseline level of risk based on the employee-related information exceeding the threshold, determine a user score based on at least one of a threat dimension or an exposure dimension or an impact dimension, determine a probability of an adverse event based on the determined baseline level of risk and the user score, generate a user-interactive electronic notification comprising an indication of the probability of the adverse event, and transmit the user-interactive electronic notification to a second computing device of a second user.

Abstract: A system for detecting and countering malicious code executed on a web application detects a set of configuration parameter values from the web application. The system compares each configuration parameter value with a counterpart from among a set of historical configuration parameter values. The system determines the difference between a configuration parameter with a counterpart historical configuration parameter values. If the system determines that the difference between the configuration parameter and the counterpart historical configuration parameter is more than a threshold rate, the system determines that a malicious code is executed on the web application. In response, the system determines a function associated with the malicious code. The system determines one or more actions to counter the malicious code based on the function of the malicious code. The system executes at least one of the one or more actions.

Abstract: A method and system provide computer system security for a focus computer system (FCS). The method comprises creating a security digital twin (SDT) for the FCS with an associated security ontology for the FCS. A potential threat analyzer receives a potential threat object (PTO), and maps it to an enterprise attack vector pattern. The method further comprises searching, on another computer system (OCS) for a predicted attack pattern having a similar pattern to the enterprise attack vector pattern. Conditioned upon finding the predicted attack pattern, and using a potential threat handler locating an action mitigation plan (AMP) related to the predicted attack pattern in the data fabric associated with the OCS, the method further comprises copying the OCS predicted attack pattern to an FCS predicted attack pattern store, copying the OCS AMP to an FCS AMP store, and defending the FCS from the PTO using the AMP.

Abstract: Techniques to provide visualizations of possible malicious incidents associated with an event on a host device may include causing presentation of graphics of a process or thread in a user interface. Information about detected events may be transmitted to a computing device that generates the visualizations for presentation to an analyst to verify the malicious incidents. Based on patterns and information conveyed in the visualizations, the computer device or host device may take action to protect operation of the host device caused by the event.

Abstract: Embodiments of present disclosure relates to method and remediation system of performing remediation for managing vulnerabilities in application. The remediation system receives data related to source code associated with plurality of vulnerabilities and target code of application from one or more data sources. The remediation system identifies commit-log comprising plurality of code commits by extracting features, code commits and test cases from one or more data sources. The remediation system determines lower bound limit and upper bound limit to identify optimal code commits log from commit-log. Thereafter, the remediation system performs remediation by generating security patches for optimal code commits log. Thus, the present disclosure automatically identifies optimal code commits log for which security patches needs to be generated without any manual intervention.

Abstract: A data control method includes receiving from a user an indication of data for sharing, receiving from the user an indication of one or more recipients with which to share the data, and receiving from the user one or more allowed actions for the data. A multidimensional zone is determined based on the indication of the data for sharing, the indication of the one or more recipients, and the one or more allowed actions for the data. A plurality of application program interfaces (APIs) for a plurality of applications are accessed. Data sharing permissions are set for the user for each of the plurality of applications based on the multidimensional zone via the plurality of APIs.

Abstract: A system and method for detecting effective permissions of a principal in a cloud computing environment, includes detecting a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment; selecting a first principal node from the group of principal nodes; determining a permission between the first principal node and a resource node, wherein the resource node represents a resource deployed in the cloud computing environment; and associating the group of principal nodes with the determined permission.

Abstract: Some embodiments relate to systems and method for secure information sharing using an information sharing engine. The information sharing engine configured to manage data access keys and data access control configuration, store the data access keys and data access control configuration on a distributed ledger network and selectively retrieve the data access keys from the distributed ledger network based on the data access control configuration.

Abstract: The present disclosure relates to a wireless token capable of representing a user network, the token being used to automatically provision an IoT enabled device to connect to the user network. Functions required to achieve this include: authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network; responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and provide the configuration information from the token to the given device using the temporally secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.

Abstract: A URL velocity monitor is integrated with a message-hold decision maker of an electronic mail processing system that processes electronic messages for a protected computer network. The URL velocity monitor receives or obtains a URL, decomposes the URL into URL features based on logical boundaries, and determines features of interest from the URL features for velocity tracking. Examples of URL features can include a randomized URL segment. The velocity of each feature of interest is tracked over a period of time using a counting algorithm that employs a slow counter or a fast counter. The two different counters track two types of velocities which represent different domain behaviors targeting the protected computer network. The URL velocity monitor determines whether the velocity of a feature of interest is accelerating within the time period. If so, the URL is placed in a queue or a sandbox.

Abstract: Aspects of the present disclosure involve a system for hiding conversation elements. The system accesses a conversation interface of a messaging application on a web browser and presents the conversation interface in a window associated with the web browser. The conversation interface comprises a plurality of conversation elements. The system accesses a focus status of the window and, in response to determining that the focus status indicates that the window has lost focus, obscures a first subset of the plurality of conversation elements.

Abstract: A network security computing system includes a steganographic communications analysis engine monitoring incoming and outgoing messages on a secure computing network. The steganographic communications analysis engine identifies a pattern of file transfers between a first computing device on the secure computing network and an internal or external message recipient. When a pattern is identified, the steganographic communications analysis engine quarantines an associated computing device from the secure network. The steganographic communications analysis engine analyzes files transferred between the computing device and the recipient for indications of steganographic information and causes display, based on an identified indication of steganography, an indication that the computing device had been compromised by command and control malware.

Abstract: Adaptive online service access control includes obtaining, by a system access control monitor of a client system, a message from the client system to an external system, prior to transmission of the message, wherein the message is associated with a communication context, in response to obtaining the message, determining, by the system access control monitor, a current access score as a sum of a previous access score associated with the communication context and a modifier value determined for the message, and in response to determining, by the system access control monitor, that the current access score is less than an access threshold value, preventing transmission of the message.