Abstract: In response to a UE in a wireless network leaving a multicast group to which the user equipment belonged or switching between multiple access nodes belonging to the multicast group, sending by an access node a rekeying token for UE(s) in the multicast group to use to access data for the multicast group. The access node generates key(s) based at least on the rekeying token. The access node multicasts traffic to the UE(s) in the multicast group using the key(s). In response to an other UE in a wireless network leaving a multicast group to which a UE belongs or switching by the UE between multiple access nodes belonging to the multicast group, receiving, at the UE from an access node, a rekeying token to use. The UE generates key(s) based at least on the rekeying token and receives multicast traffic using the key(s).

Abstract: Systems and methods for blocking spoofed traffic within communications networks include obtaining, at a computing system, routing information for an autonomous system of a communications network, the routing information identifying Internet Protocol (IP) addresses associated with the autonomous system. In response to receiving the routing information, the computing system generates a prefix list based on the routing information, the prefix list including one or more prefixes encompassing the IP addresses identified by the routing information. The computing system then transmits instructions to a network device of the communications network configured to cause the network device to update a filter function of the network device based on the prefix list such that the network device permits network traffic that originates from IP addresses within the prefixes of the prefix list.

Abstract: A system and method for applying a unified security policy across a technology stack, includes detecting a cloud object in a first cloud computing environment, the cloud object including a plurality of attributes, each attribute having a corresponding value; detecting a node in a security graph having a data field value which matches an attribute value of the cloud object, wherein the security graph includes a representation of a cloud environment; applying a policy based on the data field value to the detected cloud object; and applying the policy to another cloud object in a second cloud computing environment, in response to determining that a node representing the cloud object in the security graph is connected to a node representing the another cloud object.

Abstract: A method and system for use of obfuscation coding. An example method includes a computing system receiving an image that depicts a human face. The method then includes the computing system generating a modified image based on the received image, with the generating of the modified image involving inserting into the received image an obfuscation marker that (i) obfuscates the human face in a manner that prevents a person observing the modified image from identifying the human face and (ii) includes predefined symbology that is interpretable by a machine to identify the obfuscated human face. Further, the method includes using the predefined symbology in the modified image as a basis to take action based on an identity of the human face.

Abstract: In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.

Abstract: One example method includes defining an airgap control policy that specifies a threshold data value, generating a value for a set of data, determining whether the value that has been generated for the data meets or exceeds the threshold data value, and opening the air gap when the value that has been generated for the data meets or exceeds the threshold data value. The airgap is closed automatically when the value that has been generated for the data meets or exceeds the threshold data value.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for mitigating threats using artificial intelligence. An example method includes: obtaining, via communications hardware of a threat manager, a piece of data; determining, by a threat identification engine of the threat manager, that the piece of data is a threat; and causing, by a remediation engine of the threat manager and in response to the determination, execution of a threat remediation action. The threat remediation action comprises at least one of: publishing an emergency remediation statement addressing the threat, transmitting a takedown request to remove the threat from a threat source, or ignoring the threat.

Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.

Abstract: Example implementations relate to storing data in a storage system. An example includes accessing a first portion of a data stream to be stored in a storage system; selecting sample data blocks included in the first portion; determining entropy values based on the sample data blocks; selecting, based on the sample data blocks, a entropy threshold from multiple precalculated entropy thresholds; determining whether the generated set of entropy values matches the selected entropy threshold within a probability level; and in response to a determination that the generated set of entropy values matches the selected entropy threshold within the probability level, identifying the first portion of the data stream as potentially including encrypted data affected by a ransomware attack.

Abstract: Systems, methods, and computer-readable storage devices that enable secured data access from a mobile device executing a native mobile application and a headless browser. One aspect of the technology includes interactions between one or more APIs, a secure connection, a headless browser, that utilize one or more of website data, fingerprint data file locations and additional web page data.

Abstract: A system and method for correlating network event anomalies to identify attack information, that identifies anomalous events within the network, identifies correlations between anomalies and other network events and resources, generates a behavior graph describing an attack pathway derived from the correlations, and determines an attack point of origin using the behavior graph.

Abstract: One or more services are identified for a user's network-connected smart device by generating a smart device fingerprint for the network-connected smart device, electronically communicating the smart device fingerprint for the network-connected smart device to a processor, and analyzing the data in the smart device fingerprint for the network-connected smart device in the processor and identifying one or more services based on the data in the smart device fingerprint for the network-connected smart device. The smart device fingerprint including at least device metadata of the network-connected smart device, a vulnerability profile of the network-connected smart device, and anomaly and/or behavior metadata of the network-connected smart device.

Abstract: Automatically computing and managing a cybersecurity risk score. The cybersecurity risk score and cyber-physical graph for a network are retrieved and analyzed to identify potential improvements that can be made to network topography and device configurations, changes are applied automatically and an updated cyber-physical graph reflecting the applied changes is produced, and the updated cyber-physical graph is reassessed to determine the effect of the changes that were applied.

Abstract: A system and method for correlating network event anomalies to identify attack information, that identifies anomalous events within the network, identifies correlations between anomalies and other network events and resources, generates a behavior graph describing an attack pathway derived from the correlations, and determines an attack point of origin using the behavior graph.

Abstract: A method includes a client device receiving a verification request comprising an interaction identifier. The client device can then query a full node for a random sampling of block headers from the full node. The client device can receive the random sampling of block headers from the full node, and verify the random sampling of block headers. The client device can then determine that the blockchain maintained by the full node is valid after verifying the random sampling of block headers.

Abstract: Disclosed is a system and a method of threat detection in a computer network, the method including detecting by a first node a security threat, e.g. relating to anomalous or malicious behavior, digital object and/or context, at the first node, collecting context information at the first node relating to the detected security threat, reporting at least one detected security threat and the collected context information to at least a second node, analyzing at the second node the received information relating to the security threat and collecting context information relating to the analysis at the second node, and sending the threat related information with added analysis and context information collected from the second node to at least one further node or backend.

Abstract: A reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: Systems and methods for automated blockchain-based recommendation generation, advertising and promotion in accordance with various embodiments of the invention are described. A user device in accordance with an embodiment of the invention includes: a network interface; memory; and a processor. In addition, the processor is configured to implement an execution environment that enables: initiation of transactions via an immutable ledger; recordation of events; updating a user profile, where the user profile comprises at least one characterization associated with the user profile; encrypting the updated user profile and securely storing the encrypted user profile; receiving a request to access the encrypted user profile from a process; determining access permissions of the process; and when the process has sufficient access permissions, decrypting the user profile and providing user profile data to the process.

Abstract: The present disclosure relates to an information processing device, an information processing method, a program, and an information processing system each capable of achieving flexible use of a storage region of a secure element. When a trigger is acquired by an external trigger device from the outside, an applet is installed or deleted into and from the secure element according to the type of the acquired trigger. The information processing device and the like of the present disclosure are applicable to an electronic apparatus including a secure element.

Abstract: A removable cache code intended to be assembled to an electronic payment terminal in a reversible manner, thanks to first and second reversible attachment means located on the outer face of at least one of the lateral walls of the cache code.