Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: An enterprise-level security policy management tool receives, via a graphical user interface (GUI), inputs defining a security policy configured to be deployed within an enterprise that operates one or more operational technology (OT) networks, generates the security policy based on the inputs, and transmits the security policy to one or more computing devices running respective other instantiations of the enterprise-level security policy management tool, wherein the respective other instantiations of the enterprise-level security policy management tool are configured to facilitate enforcement of the security policy within the one or more OT networks operated by the enterprise.

Abstract: A validation software obtains a session datum from a request initiating at a device. The validation software hashes the session datum to obtain a hashed session datum. The validation software transmits a validation request that includes a portion of the hashed session datum to a validation server. The portion of the hashed session datum may have a length that is less than a length of the hashed session datum. The validation software determines, and based on a response received from the validation server, that the session datum is likely compromised. In response to determining that the session datum is likely compromised, a notification is output at the device.

Abstract: Systems and methods are provided for vulnerability proofing updates to an IHS (Information Handling System). An update system receives a notification of an update including updated configurations for hardware components of the IHS. The update system queries the IHS for vulnerability proofing requirements for updates that modify configurations of hardware components of the IHS. In response to the query, vulnerability proofing requirements are retrieved from a persistent data storage of the IHS and transmitted to the update system, where the vulnerability proofing requirements specify catalogs of known vulnerabilities of hardware components. The update system determines whether the updated configurations are identified as vulnerable in the one or more of catalogs. If the updated configurations are not identified in the catalogs, the update is transmitted to the IHS. If configurations from the update are identified in the catalogs, the update is terminated and the IHS is notified.

Abstract: Methods and systems described herein improve blockchain storage operations in a variety of environments. A blockchain compression system may determine that a blockchain compression condition associated with a blockchain having a first plurality of blocks has been satisfied. In response, the system compresses the first plurality of blocks using a first hash tree into a first root hash value and stores the first plurality of blocks in a first database. The blockchain compression system generates a first new era genesis block that includes the first root hash value and a first database address of the first database at which the first plurality of blocks are stored. The blockchain compression system stores the blockchain at one or more nodes in a blockchain network. The blockchain includes the first new era genesis block and any previous new era genesis blocks. This may effectively reduce storage requirements for the blockchain, in various embodiments.

Abstract: A system, method, and computer-readable medium are disclosed for performing entity interaction risk analysis operation. The entity interaction risk analysis operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; identifying an interaction between the entity and another entity based upon the monitoring; analyzing the interaction between the entity and the another entity; and, performing a security operation in response to the analyzing the interaction.

Abstract: A system, method, and computer-readable medium are disclosed for performing entity interaction risk analysis operation. The entity interaction risk analysis operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; identifying an interaction between the entity and another entity based upon the monitoring; analyzing the interaction between the entity and the another entity; determining whether the interaction between the entity and the another entity is non-sanctioned; and, performing a security operation in response to the analyzing the interaction and the determining whether the interaction is non-sanctioned.

Abstract: An output of a GenAI model responsive to a prompt is received. The GenAI model is configured using one or more system prompts including one or more Easter eggs. The output is scanned to confirm whether an Easter egg is present. In cases in which at least one Easter egg is present, one or more remediation actions can be initiated to thwart an information leak by the GenAI model. Related apparatus, systems, techniques and articles are also described.

Abstract: Systems and methods are provided for vulnerability proofing the installation of new hardware components in an IHS (Information Handling System). The coupling of a new hardware component to the IHS is detected. A profile is identified that is to be used in provisioning the new hardware component that has been coupled to the IHS. The profile may include various configurations for the coupled hardware component. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Configurations from the profile for the coupled hardware component are used to identify any configuration that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the configuration for the new hardware component, further use of the new hardware component by the IHS is disabled until the profile is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: Systems and methods provide vulnerability proofing procedures for booting of an IHS (Information Handling System). A request to boot the IHS is detected. One or more boot configurations are determined that include configurations for operation of one or more of the hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. The boot configurations are used to identify any hardware component configurations that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the boot configuration, further booting of the IHS may be disabled until the boot configuration is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: A first device may provide a request to establish a secure communication with a second device, and may hide public keys based on a commutative legacy compatible encryption process sharing a modulus and based on quasi-Carmichael numbers larger than the modulus with quadratic residuals. The first device may utilize variable extendable-output function hashing, based on the modulus, with bloom filtering to generate an output that prevents creation of classical rainbow tables, and may utilize a key derivation function to generate a symmetric key based on the output. The first device may establish the secure communication with the second device based on the symmetric key.

Abstract: Example techniques described herein involve authorization management in a media playback system. Within examples, a client, such as a control device, may authenticate with a playback device using a token. The playback device may resolve a role corresponding to the token using a token-to-role mapping hosted at an authentication service. After resolving the role, the playback device may resolve a permissions set corresponding to the role using a role-to-permissions mapping similarly hosted at the authentication service. Within examples, such mappings may be cached locally at the edge (e.g., on a playback device).

Abstract: Methods and systems are provided for facilitating efficient intrusion detection via hierarchical signatures, in accordance with embodiments described herein. In particular, embodiments described herein include obtaining an intrusion signature that includes an intrusion attribute value(s) indicating a malicious attack on a computer network or system. Based on the intrusion signature, a hierarchical signature is generated by including the intrusion attribute value(s) of the intrusion signature in one of a corresponding data structure of hierarchical data structures. Thereafter, a network packet, having a data attribute(s) is obtained. The network packet is determined as suspect of being malicious based on the data attribute(s) of the network packet matching the at intrusion attribute value(s) of the hierarchical signature. The indication of the suspect network packet can be provided, for example for notification of such a suspect network packet.

Abstract: The present disclosure describes techniques for managing secret information. A material set may be created. The material set may correspond to a material set name (MSN). The material set may be configured to contain secret information and information for identifying destinations that are authorized to access the secret information. The secret information may be managed by using the MSN to identify and track the secret information and without exposing the secret information.

Abstract: Systems and methods include a random number pool where one or more sets of key data elements of the random number pool are transmitted and added or replaced with another set of key data elements.

Abstract: Systems and methods are provided for vulnerability proofing updates to an IHS. An update package is detected that includes configurations for one or more of the hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. The updated configurations of the hardware component that are included in the update package are used to identify any hardware component configurations that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the updated configurations, further booting of the IHS may be disabled until the update package is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: Mechanisms for authenticating a connection between a user device and a streaming media content device comprising: identifying a collection of candidate streaming media content devices based on beacon(s) detected by a user device; receiving an indication that one of the content devices is to be selected for connection to the user device; transmitting instructions to the content devices to broadcast a signal, wherein the signal broadcast by each of the content devices contains a value that indicates an identity of the content device; receiving, from the user device, an audio signal that includes a detected signal; processing the audio signal to extract the value indicating the identity of a particular content device associated with the detected signal contained in the received audio signal; identifying the particular content device based on the determined value; and transmitting an indication that the user device and the particular content device are authenticated to communicate.

Abstract: Systems and methods are provided for vulnerability proofing an IHS (Information Handling System) while being administered using a bootable image. Launching of a bootable image by the one or more CPUs is detected and one or more IHS configurations to be made using the bootable image are identified. One or more catalogs specifying known vulnerabilities of hardware components are accessed and used to determine whether any of the IHS configurations to be made using the bootable image are identified as vulnerable in one or more of the catalogs. Configuration of the IHS using the bootable image is blocked until the configurations to be made using the bootable image are modified to include no configurations with vulnerabilities identified in the plurality of catalogs.

Abstract: Systems and methods provided vulnerability proofing of an IHS (Information Handling System) while it is being provisioned for deployment, such as upon receipt at a datacenter. An initial provisioning of the IHS is detected, where no provisioning of the IHS has been conducted other than the factory provisioning of the IHS. A profile is identified that is to be used in provisioning the IHS, where the profile includes configurations for one or more hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. For each of the hardware configurations in the profile, configurations that are vulnerable are identified based on the catalogs of known vulnerabilities. If vulnerabilities are identified, further provisioning of the IHS is blocked until the profile is modified to include no hardware configurations with vulnerabilities identified in the catalogs.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums which utilize authentication tokens recorded to a blockchain to identify and/or authenticate participants of a network-based communication session such as a network-based meeting. When joining the meeting, the participant may provide a token recorded on a blockchain to the communication service from the blockchain. The communication service may then identify and/or authenticate the user based upon the provided token. Various user-specific customizations and settings may then be applied and the user may be admitted to the meeting without having to enter a waiting room and be explicitly let in.