Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.

Abstract: A computer system obtains a request to apply a signed patch to a piece of signed executable code. The computer system determines whether the signed patch is allowed to be applied to the signed executable based on a set of patch policies. If the patch policies allow the patch to be applied, the patch is applied to the signed executable code. The computer system generates a new digital signature for the modified executable code thereby allowing the resulting signed patched executable code to be verified and executed by the computer system.

Abstract: An apparatus and methodology for securing data exchanged between devices in a NarrowBand IoT (NB-IoT) environment is disclosed. The apparatus embodies a cryptoprocessor having a confidentiality block and an integrity block. The confidentiality and integrity blocks are coupled to a bus interface through data channels via a multiplexer/demultiplexer (MUX) and first-in-first-out transmitter and receiver. The confidentiality and integrity blocks are further coupled to a cipher block through data channels via a MUX. The cipher block is operable to implement at least one stream cipher and at least one block cipher.

Abstract: Disclosed is a method, a device, and/or a system of control over data resource utilization through a security node control policy evaluated in the context of an authorization request. In one embodiment, a method includes receiving an authorization request from a device to utilize a protected resource within a datastore. A control policy extracted from a security node defines an authorized context for the device to utilize the protected resource. The control policy includes a control algorithm comprising one or more conditionals comparing context values to control ranges. Context values are retrieved to form a context dataset. Utilization of the protected resource is authorized when it is determined by the control algorithm that the context dataset conforms to the authorized context. The security node may organize data into a domain structure that includes a unique identifier, an identity element, a content element, and a context element.

Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.

Abstract: An access manager determines whether access will be granted to a guarded species or space utilizing a controller including a digital processor with a memory for storing an ID library and a transducer block coupled with the processor for accessing a plurality of different ID types and an actuator block coupled with the processor for unblocking a normally locked portal to the guarded space.

Abstract: Enterprise grade security for integrating multiple computing domains with a public cloud is provided herein. An example system a forwarder that provides one-way data publishing to a public cloud and a data bus that provides domain-to-domain messaging between a plurality of domains. At least one of the plurality of domains includes operational technology infrastructure devices and operational technology virtual machines. The operational technology virtual machines are communicatively coupled to the operational technology infrastructure devices using one or more operational technology switches. The operational technology switches isolates the operational technology infrastructure devices and facilitates one-way communication and prevents bidirectional communication to the operational technology infrastructure devices from the public cloud.

Abstract: Exemplary embodiments may use word embeddings to enhance scanning of programming code scripts for sensitive subject matter, such as confidential subject matter. The scanning may be performed by a neural network in some exemplary embodiments. The neural network initially may be trained on a corpus of programming code scripts to identify keywords relating to sensitive subject matter, such as passwords, tokens or credentials. The neural network may not only identify instances of the keywords but also may identify related terms as well. The output of the scan may be a ranked list of terms in the programming code script that may relate to sensitive subject matter.

Abstract: Log text is encoded into a low dimensional feature vector. A temporal predictive model is constructed based on the low dimensional feature vector. The temporal predictive model is used to calculate probabilities of the occurrence of security incidents based on signature names from the log text encoded in the low dimensional feature vector. A preventative security action is automatically taken in response to the calculated probability of the occurrence of a specific security incident exceeding a given threshold.

Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encrypt ion key, in a memory area of the nerd disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.

Abstract: Localized and global detection and mitigation of network attacks in a distributed platform are provided. The localized detection identifies attacks occurring at individual nodes of the distributed platform based on packet analysis conducted by each individual node. The global detection identifies attacks occurring across the distributed platform based on packet analysis conducted on traffic aggregated from across the distributed platform. Either detection involves inspecting headers of the sampled packets. Each header property is scored based on an amount of deviation from threshold values. The sum of scores identifies the header properties that form an attack signature. Attack protections are implemented against subsequently arriving packets with header properties matching the attack signature.

Abstract: Systems and methods for phishing and brand protection of websites via copycat detection are disclosed herein. An example apparatus includes at least one processor, a display, and memory including instructions that, when executed, cause the at least one processor to determine a first hash of a first image in a webpage and a second hash of a second image in the webpage, the second image different from the first image, the first hash different from the second hash, generate a temporary page profile associated with the webpage based on the first hash and the second hash, fuzzy match the temporary page profile to a baseline page profile, and in response to a determination that the temporary page profile does not match the baseline page profile, generate an alert to be displayed via the display to indicate that fraud has been detected for the webpage.

Abstract: Application-manager software authenticates a user of a client device over a channel. The authentication operation is performed using a directory service. The application-manager software presents a plurality of applications in a GUI displayed by the client device. The plurality of applications depends on the authentication, the client device, and the channel. And the plurality of applications includes a thin application and a software-as-a-service (SaaS) application. The application-manager software receives a selection as to an application from the user. If the selection is for the SaaS application, the application-manager software provisions the SaaS application. The provision includes automatically logging the user onto an account with a provider of the SaaS application using a single sign-on and connecting the user to the account so that the user can interact with the SaaS application. If the selection is for the thin application, the application manager software launches the thin application.

Abstract: Disclosed is a physical unclonable function generator circuit and testing method. In one embodiment, a testing method for physical unclonable function (PUF) generator includes: verifying a functionality of a PUF generator by writing preconfigured logical states to and reading output logical states from a plurality of bit cells in a PUF cell array; and determining whether the PUF generator is a qualified PUF generator based on whether one or more predefine quality criteria is satisfied.

Abstract: A security vulnerability analysis mechanism is provided that ingests content from a plurality of content source computing devices to identify instances of security vulnerability content in the ingested content. The mechanism performs a security trend analysis on the instances of security vulnerability content to identify a relative ranking of security vulnerabilities. The mechanism identifies computing resources of a specified computing infrastructure and a criticality of the computing resources to an operation of the computing infrastructure. The mechanism generates a prioritized listing of security vulnerabilities associated with the computing infrastructure based on the relative ranking of security vulnerabilities and the criticality of the computing resources in the computing infrastructure. The mechanism outputs a notification to a user via a user computing device, indicating the prioritized listing of security vulnerabilities.

Abstract: Systems and methods are described for receiving an input binary file, extracting character string information from the input binary file, defining search parameters to include a software name and associated software version as a name-version pair, applying the search parameters to the extracted character string information to detect instances of the name-version pair, and querying a vulnerability database based on the name-version pair to identify a vulnerability in the input binary file.

Abstract: The present disclosure describes systems and methods for using a template for a simulated phishing campaign, A database includes a plurality of templates for simulated phishing campaigns, each template of the plurality of templates identifying a list of a plurality of types of simulated phishing communications and at least a portion of content for the simulated phishing communications. A campaign controller selects a template from the plurality of templates for a simulated phishing campaign directed to a user of a plurality of users; and communicates, to one or more devices of the user a first type of simulated phishing communication of the plurality of types of simulated phishing communications with at least the portion of content identified by the template.

Abstract: The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.

Abstract: A system and method may be used to recover access to an account. A recovery challenge may be received from a submitter, including an escrow deposit, and the recovery challenge may be broadcast to other users. During a monitoring period, the system may monitor for a recovery response proving ownership of the account. If a recovery response is received then the submitter of the recovery response may maintain ownership of the account and receive a portion of the escrow deposit. If no valid recovery response is received during the monitoring period, then ownership of the account may be transferred to the submitter of the recovery challenge.

Abstract: In one example, a smart contract is generated such that the smart contract includes a schema and at least two counterparties. An updated version of the smart contract is generated. The updated version of the smart contract is stamped with a version stamp. The version stamp is used to prove the validity of the updated version of the smart contract.