Abstract: A known-deployed file metadata repository (KDFMR) and analysis engine enumerates reference lists of files stored on a software delivery point (SDP) and compares the enumerated list of files and associated metadata to previously stored values in the KDFMR. If newly stored or modified files are identified, the analysis engine acquires the files from the SDP. Each file is analyzed to determine whether the file is an atomic file or a container file and metadata is generated or extracted. Each file stored in a container file is recursively extracted and analyzed, where metadata is generated for each extracted file and each container file. The KDFMR periodically analyzes the files stored on the SDP for differences to maintain the currency of the KDFMR data with respect to files stored on the SDP. Storage or modification of files on the SDP triggers analysis of the associated file. KDFMR data is updated with metadata determined based on sandbox detonation of files and/or identified artifacts of known-deployed files.

Abstract: Systems and methods for role-based access control for a storage system are described. An illustrative method includes an access control system identifying, based on a role of a user requesting access to the storage system, a permission of the role to access a resource type; determining, based on the resource type and on a mapping of resources of different secured endpoints of the storage system to resource types, a set of resources of the storage system that the role has permission to access; identifying a subset of the set of resources of the storage system that the user is authorized to access; and granting the user role-based access to the subset of the set of resources of the storage system.

Abstract: A fraud detection system may obtain a number of known fraudulent end-user profiles and/or otherwise undesirable end-user profiles. Using statistical analysis techniques that include clustering the end-user profiles by attributes and attribute values and/or combinations of attributes and attribute values, the fraud detection system identifies on a continuous, periodic, or aperiodic basis those attribute values and/or attribute value combinations that appear in fraudulent or otherwise undesirable end-user profiles. Using this data, the fraud detection system generates one or more queries to identify those end-user profiles having attribute values or combinations of attribute values that likely indicate a fraudulent or otherwise undesirable end-user profile.

Abstract: In an aspect, the present application may describe a method that comprises monitoring a risk parameter associated with a third party server to detect a change in the risk parameter, and responsive to detecting the change in the risk parameter, sending, to a remote computing device and via the communications module, a notification that includes a first selectable option to modify data sharing associated with the third party server and a second selectable option to replace the third party server with an alternative third party server.

Abstract: A known-deployed file metadata repository (KDFMR) and analysis engine enumerates reference lists of files stored on a software delivery point (SDP) and compares the enumerated list of files and associated metadata to previously stored values in the KDFMR. If newly stored or modified files are identified, the analysis engine acquires the files from the SDP. Each file is analyzed to determine whether the file is an atomic file or a container file and metadata is generated or extracted. Each file stored in a container file is recursively extracted and analyzed, where metadata is generated for each extracted file and each container file. The KDFMR periodically analyzes the files stored on the SDP for differences to maintain the currency of the KDFMR data with respect to files stored on the SDP. Storage or modification of files on the SDP triggers analysis of the associated file. KDFMR data is updated with metadata determined based on sandbox detonation of files and/or identified artifacts of known-deployed files.

Abstract: An example of a method for detecting hacking activities includes categorizing a plurality of web pages of a web site providing bank services using a trained semantic model. The trained semantic model uses at least one resource identifier of a web page as an input and generates a web page category as an output. One or more attributes of an interaction between a user and bank services are identified. The one or more identified attributes are analyzed by comparing the one or more identified attributes with attributes known to belong to hacking interactions based on a corresponding web page category. Hacking activity is identified based on the results of the analysis.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: A method may include detecting a keylogger based at least in part on an increase in power drawn by an input device, detecting the keylogger based at least in part on a driver of the input device, detecting the keylogger based at least in part on a duration of time that a signal generated by the input device takes to transmit to a computing device, or any combination thereof. The method may also include, in response to detecting the keylogger, generating an alert to indicate a presence of the keylogger.

Abstract: Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.

Abstract: A method to implement traceability and provability on a particular project in software development based on blockchain-recorded transactions of assigned developer time, the method comprising of the following steps: setting up a blockchain network comprised of a distributed, redundant, and tamper-resistant ledger; issuing each user an attestable pre-fabricated and signed virtualized environment on approved hardware that comes with functionality required for the user's role implemented as one of a set of virtual machine templates fashioned from a signed and approved pre-fabricated image; and verifying that assigned developer time is valid, and if so, record each development action on the ledger to enable extensive tracking and auditing of end-to-end software development process.

Abstract: Techniques are provided for hardware device integrity validation using platform configuration values. One method comprises obtaining platform configuration values associated with software of a hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a platform configuration table; and performing one or more automated remedial actions (e.g., initiating a reboot of the hardware device) based on a result of the comparison. The platform configuration values for the hardware device may be obtained from a local platform configuration value table of the hardware device.

Abstract: A system includes calling to a first function, determination, in response to the call, of whether to execute a first version of the first function or a second version of the first function, execution of the first version of the first function if it is determined to execute the first version of the first function, and execution of the second version of the second function if it is determined to execute the second version of the first function, wherein the second version of the first function comprises a security-related features and the first version of the first function does not comprise the security-related feature.

Abstract: Embodiments of the invention are directed to techniques that include receiving a query intended for a targeted database and determining that the query is from an unauthorized user. A response is returned to the unauthorized user generated by a model, the response being dynamically generated to fulfill the query. The model is configured to generate responses consistent with any previous responses returned to the unauthorized user.

Abstract: An automated method executed by circuitry is provided for monitoring a software platform including multiple pods that manage, deploy, and execute micro services. The method uses monitoring pods at locations of interest in the software platform to label transactions that pass through the monitoring pods. The labels applied to the transactions are sent to a security program for review.

Abstract: Systems and methods are provided for managing personal identifying information (PII). An exemplary method includes receiving, from a requestor, a request to remove PII for at least one individual from multiple service providers. In response, a computing device authenticates the requestor, determines whether a restriction on the PII or the individual applies to the request, and broadcasts the request to the service providers. The computing device receives a response to the request from each of the service providers indicating removal of the PII and compiles a reply to the request, based on each response, where the reply includes a confirmation of removal of the PII. The computing device then transmits the reply to the requestor and logs the request from the requestor and the response from each of the services providers in an audit data structure, thereby permitting compliance with PII controls to be demonstrated.

Abstract: Protecting against a tracking parameter in a web link. In one embodiment, a method may include receiving an input URL during a browser navigation session on a user device, the input URL including parameters, determining that the parameters include a tracking parameter, pausing the browser navigation session on the user device, launching the input URL in a headless browser that operates in an isolated environment that simulates one or more features of the user device, landing on a destination web page in the isolated environment, identifying a URL of the destination web page as a destination URL, and resuming the browser navigation session on the user device by replacing the input URL, which includes the tracking parameter, with the destination URL, which does not include the tracking parameter, in order to protect the user device from the tracking parameter.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data, a set of data attributes about the data, and a risk profile data structure indicative of a vulnerability of the data in a PQC data environment. The example method further includes retrieving PQC cryptographic performance information associated with a set of PQC cryptographic techniques. The PQC cryptographic performance information may comprise a set of PQC cryptographic performance attributes for each PQC cryptographic technique in the set of PQC cryptographic techniques. The example method further includes generating a set of PQC encryption attributes for encrypting the data based on the set of data attributes, the risk profile data structure, and the PQC cryptographic performance information. Subsequently, the example method includes encrypting the data based on the set of PQC encryption attributes.

Abstract: A method of storing data on target data processing devices, the method comprising: for each target data processing device, using a security data processing device on which first data has been stored to: obtain a device cryptographic certificate from the target data processing device, the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity; verify the device cryptographic certificate as having been generated by the trusted entity; generate second data using the first data; and store the second data on the target data processing device.

Abstract: Embodiments are described for a method and system of applying data protection software mechanisms to network equipment devices to auto-discover the networking equipment, save changes from memory (TCAM) to local storage, backup changes to protection storage, provide auditing and tracking history of changes, and provide the ability to deploy test/development copies of changes using software defined networking techniques.

Abstract: A system is described for authenticating a user on a client device using the user's mobile device and utilizing the audio channel. An authentication server receives a request from the client to initiate a session for the user, creates the session, and sends a session token back to the client along with a request for authentication. The client broadcasts an audio transmission containing the token to the mobile device over an audio channel using data-over-sound transmission. The mobile device receives the transmission via a microphone, obtains the token and the server identity from the transmission, and sends user credentials that are stored on the mobile device along with the token identifying the session directly to the authentication server. The server verifies the received credentials, confirms the token, and logs the user into the session.