Abstract: To facilitate improved email and device security, embodiments of systems and methods include intercepting, by a processor associated with an entity, an internet request, where the internet request is produced by a link received in an email at a first computing device. The processor determines that the link is externally bound relative to an entity network. The processor determines an existence of a sandbox environment instance in a set of existing sandbox environment instances. The processor routes the link through the sandbox environment instance. The processor updates the sandbox log in the database based on the sandbox environment instance and the link. The processor causes to display on a screen of the first computing device a user interface for interacting with the link in the sandbox environment instance, and the processor logs activities associated with interacting with the link in a security log.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.

Abstract: A trust verification system for automatically verify an integrity of an object across multiple operating system (OS) platforms. The trust verification system features package verification logic, catalog verification logic, and component verification logic. The package verification logic recovers, from an incoming package, (i) an object, (ii) a catalog including identifiers associated with software component(s) forming the object and representation(s) associated with each of the software component(s), and (iii) a representation of the catalog. The catalog verification logic is configured to verify an integrity of the catalog while the component verification logic is configured to verify an integrity of software component(s) associated with the object.

Abstract: A secure software system that will allow desktop, web, or mobile applications, or devices that run embedded software to delegate their authentication to a mobile device, and upon authentication, the secure software system allows those applications to delegate to the mobile device other tasks such as sharing files, taking pictures, recording videos or audios, entering text, making calls, sending text messages, getting geographical location of the user, or performing a payment is disclosed. This software system does not store any user credentials or private information. It integrates with the applications and is available on all platforms via an integration code. The users will not need to enter any credentials and can quickly authenticate thus simplifying the workflow.

Abstract: A method of securing, by a managing node, communication in a network of member nodes including a first member node. Communication is secured using a (k, n1) secret sharing scheme during a first phase. The managing node announces a phase shift to a subsequent phase relative to the first phase. The managing node secures communication in the network during the subsequent phase using a (k+x, n2) secret sharing scheme. Each of the member nodes is previously in possession of exactly one corresponding unique share for the second key. The first member node is previously in possession of a first unique share for the second key. The managing node deletes the first member node from the subsequent phase by broadcasting the first unique share for the second key.

Abstract: A request from a user device to register as a secure endpoint device of a secure local area network (LAN) is received by a wireless carrier network. A device type of the user device is identified by the network based on device identification information provided by the user device. A data protection policy that corresponds to the device type of the user device is sent to a secure endpoint application on the user device following a registration of the user device as a secure endpoint device by the network, in which the data protection policy includes an Access Point Name (APN). The user device allocated a network slice of the wireless carrier network that corresponds to the APN to the user device. Subsequently, a data file is transported from the user device to an additional secure endpoint device via the network slice that is allocated to the user device.

Abstract: Systems and methods for transforming an API authorization to a UX session are provided. An authorization server receives, from a third-party application developed by a third-party, a request to access a user experience (UX) session on behalf of a user. The request comprises an access token previously granted by the authorization server to the third-party application in response to consent, by the user, to allow the third-party application to perform actions on behalf of the user. In one embodiment, this previous authorization comprises an Open Authorization (OAuth). In response to receiving the request the authorization server transforms the access token into a single sign on (SSO) link with a session token. The authorization server then returns the SSO link that includes the session token the third-party application hosted by the third-party. The SSO link causes the third-party application to redirect the user to the UX session corresponding to the SSO link.

Abstract: A kernel-based proactive engine can be configured to evaluate system call functions that are invoked when user-mode objects make system calls. As part of evaluating a system call function, the kernel-based proactive engine can generate a feature vector for the system call function. The kernel-based proactive engine can then analyze the feature vector using a multidimensional anomaly detection algorithm that has been trained using feature vectors of system call functions that are known to be safe. When the evaluation indicates that the feature vector is anomalous, the kernel-based proactive engine can block the system call.

Abstract: Analyzing and mitigating privacy issues on a computing device using cookie generation flows. The method includes initiating a headless web browser, monitoring a request made of a website accessed by the headless web browser, monitoring scripts created on the website, instrumenting a function used to create a cookie on the computing device, tracing an initial generation of a call used to create the cookie on the computing device, obtaining a cookie generation flow related to the creation of the cookie, and initiating a security action based on obtaining the cookie generation flow.

Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.

Abstract: Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a virtual sandbox appliance. The file is caused to exhibit a first set of behaviors by running the file within a virtualization application based environment of the virtual sandbox appliance. The virtualization application based environment acts as an intermediary between executable code, an operating system (OS) application programming interface (API), and an instruction set of a particular computer architecture. The file is further caused to exhibit a second set of behaviors by running the file within a container based environment of the virtual sandbox appliance. Differences, if any, between the first set of behaviors and the second set of behaviors are determined. Finally, the file is classified as malicious when the differences are greater than a predefined or configurable threshold.

Abstract: Method, device, and system of detecting a lie of a user who inputs data. A method includes monitoring input-unit gestures and interactions of a user that inputs data through an electronic device; and based on analysis of the input-unit gestures and interactions, determining that the user has inputted false data through the electronic device. A particular fillable field, or a particular question, are identified as having untrue input from the user. Optionally, spatial orientation data of the electronic device is taken into account in the determination process. Optionally, contextual analysis is utilized, to determine that the input-unit gestures and interactions reflect an attempt of the user to perform a beautifying modification of a data-item to his benefit.

Abstract: A method for securing communication may include: (1) receiving, at the authorization platform and from a hybrid browser component of a computer application, an encrypted payload comprising an authentication code, a bundle identifier, and an application unique identifier; (2) registering, by the authorization platform, a username for a user; (3) receiving, at the authentication framework and from the computer application, the username and the encrypted payload; (4) receiving, at the authentication framework, user login credentials from the user; (5) validating, by the authentication framework, the user login credentials; (6) passing, by the authentication framework to the authorization platform, the encrypted payload; (6) comparing, by the authorization platform the encrypted payload received from the computer application to the encrypted payload received from the authentication framework; and (8) accepting, by the authentication framework, the encrypted payload and tying the process to the computer applicatio

Abstract: The present invention analyzes the text of a received file to determine if the file likely is a forensic artifact of a ransomware attack on a computer system. If the computer system concludes that the file is likely an artifact of a ransomware attack, the system terminates or ignores all related processes, thereby minimizing the harm caused to the computer system.

Abstract: System and methods are provided for determining whether a media file in a private network has been suspiciously modified. In embodiments, a server controlled by a service provider, for example, can generate a digital provenance for a media file from a trusted device and immutably store a hash value representing the digital provenance of the media file. Subsequent instances of the media file that are detected within the private network, in embodiments, are evaluated by the server using the digital provenance of the media file in order to identify changes to the content of the media file. In further embodiments, the server can modify the content of a suspiciously modified media file to include a marker that disclaims the content and/or otherwise indicates that the media file has been modified.

Abstract: Techniques for sending encrypted data includes establishing a plurality of different links between a first node and a different second node. The different links are different physical layer links or different virtual private network (VPN) links or some combination. The method also includes encrypting plaintext using a first value for an encryption parameter to produce ciphertext. Further, the method includes sending a first plurality of messages that indicate the ciphertext using at least one link of the plurality of different links. Still further, the method includes sending a different second plurality of messages that indicate the first value for the encryption parameter using at least one different link of the plurality of different links without introducing a random bit error.

Abstract: In response to receiving a primary wireless LAN connection request from a computing device, a wireless access point (WAP) establishes a temporary wireless LAN associated with a temporary service set identifier (SSID) of a computing device. WAP stores a computing device identifier of the computing device in association with the temporary SSID. WAP communicates to the computing device, a CAPTCHA challenge-response test requesting connection to the temporary wireless LAN. WAP awaits, for a timeout period, a temporary wireless LAN connection request by the computing device to communicate over the temporary wireless LAN. In response to receiving or failing to receive the temporary wireless LAN connection request from the computing device within a timeout period, WAP classifies the computing device as a human or machine user. WAP applies network policies to communications of the pending computing device over the primary wireless LAN based on the machine or human user classification.

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

Abstract: Methods and apparatus for a secure time service are disclosed. A time server including a time source, a cryptographic key and a cryptographic engine is instantiated within a provider network. A time service endpoint receives a timestamp request from a client. The endpoint transmits a representation of the request to the time server, and receives, from the time server, an encryption of at least a timestamp generated using the time source. A response comprising the encryption of at least the timestamp is transmitted to the requesting client.