Abstract: This disclosure relates to method and system for certificate-less security management of interconnected hybrid resources. The method includes selecting at least one hybrid resource from a plurality of hybrid resources in network to install pre-calculated security configuration. The method further includes receiving a One Time Password (OTP) valid for pre-configured time period, in response to an identity generation request for a hybrid resource; installing security data payload including the OTP and the pre-calculated security configuration, in the hybrid resource; receiving an identity issuance request from the hybrid resource through a secure channel upon installation of security data payload in the hybrid resource; assigning unique identity to the hybrid resource upon successful validation of the OTP received in identity issuance request; and generating, upon assignment, metadata corresponding to the hybrid resource for a security association map (SAM) associated with the hybrid resource.

Abstract: Systems and methods for enhanced OTP messaging, comprising: receiving a request from an application executing on a computing device of a user; generating the supplemental information based on the request; segmenting the supplemental information into a first part of the supplemental information and a second part of the supplemental information; transmitting the first part of the supplemental information to the computing device of the user via a first communication channel to another app executing on the computing device of the user; instructing the another app to allow the user to utilize one or more graphical user interface (GUI) elements of a GUI of the another app to transfer the first part of the supplemental information to the app; and transmitting the second part of the supplemental information to the computing device of the user via a second communication channel so as to provide the supplemental information to the app.

Abstract: A first access key, which is provided by a key server for decrypting a file and the encrypted file is published on a public network by a first user. Every time the secured file is accessed by a second user, the first access key is provided by the key server to decipher the file. The first user can control access to the file by deleting the first access key on the key server, thus denying the second user access to the access key preventing de-encryption of the secured file.

Abstract: Provided is a process that includes: obtaining, with one or more processors, a set of user-authentication credentials of a plurality of users; accessing, with one or more processors, a repository of breached credentials and determining, with one or more processors, an amount of the obtained set of user-authentication credentials in the repository of breached credentials, wherein the repository includes credentials from a plurality of entities obtained after the entities suffered a breach; and determining, with one or more processors, a score based on the amount of the set of user-authentication credentials in the repository of breached credentials, wherein the score is indicative of effectiveness of cybersecurity practices of the entity and the users associated with the entity.

Abstract: Disclosed herein are methods, systems, and non-transitory computer-readable storage media for scoring network segmentation policies in order to determine their effectiveness before, during and after enforcement. In one aspect, a method includes identifying one or more applications within an enterprise network; identifying at least one network security policy in association with the one or more applications within the enterprise network; determining a score of the network security policy based on information corresponding to exposure of each of the one or more applications within the enterprise network; and executing the network security policy based on the score.

Abstract: The present disclosure generally relates to systems and methods that intelligently generate reassignment value conditions for reassigning access rights. The systems and methods include executing a trained contextual machine-learning model to generate predictions of value components of the reassignment value condition, which once satisfied, enables an access-right requestor to have an assigned access right reassigned to the access-right requestor.

Abstract: A method of computer security for a host computer system in communication with remote computer systems, including generating an attack map as a directed graph data structure modelling individual events leading to an exploitation of the host computer system and collecting a log of each of a plurality of attack events occurring at the host including network packets involved in each attack event, the attack map being generated in a training phase of the host computer system in which the host is subjected to attacks by one or more attacking remote computer systems, using stacked autoencoders to extract features from the log event in each attack; generating a directed graph representation based on each of the extracted features, using the attack map to identify a sequence of events indicative of an attack, and responsive to the identification, deploying one or more security facilities to mitigate the attack.

Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a rusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for an orchestrator device associated with a scrubbing environment of a telecommunications network that receives one or more announced routing protocol advertisements from a customer device under an attack. In response to receiving the announcement, the orchestrator may configure one or more scrubbing devices of the network to begin providing the scrubbing service to packets matching the received routing announcement. A scrubbing service state for the customer may also be obtained or determined by the orchestrator. With the received route announcement and the customer profile and state information, the orchestrator may provide instructions to configure the scrubbing devices of the network based on the received information to dynamically automate scrubbing techniques without the need for a network administrator to manually configure the scrubbing environment or devices.

Abstract: Example embodiments of systems and methods for data transmission between a contactless card, a client device, and one or more servers are provided. The contactless card may include one or more processors and memory, which may include one or more applets. The client device may include one or more processors and memory. The client device may be in data communication with the contactless card. One or more servers may be in data communication with the client device. A first set of information may be transmitted from the contactless card to the client device. The first set of information may include one or more links to activate the contactless card via a designated email program. Upon validation of the first set of information by the one or more servers, the contactless card may be activated.

Abstract: An example computing device includes a communication device, an input device, a storage device, firmware stored in the storage device, and a processor. The processor is to: in response to receiving a set of credentials, transmit a request to a server via the communication device, where the request includes the set of credentials and identification information of the computing device; receive a temporary password and expiration information of the temporary password from the server via the communication device; replace a password of the firmware with the temporary password; in response to receiving the temporary password via the input device, determine if the temporary password is valid based on the expiration information; and in response to a determination that the temporary password is valid, provide access to the firmware.

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

Abstract: Embodiments are provided for integrating feedback into alert managing processes having defined alert policies. These policies define conditions that, when satisfied by certain detected activities, triggers an alert to be sent to a client. A determination is made that a current detected activity does satisfy the condition(s). Subsequent to determining that the set of conditions is satisfied and prior to actually generating the alert, the current detected activity is determined to share a relationship with previously received feedback that caused the alert policy to be modified. After being modified, the alert policy specified whether the alert is to be sent to the client, modified and then sent, suspended, or disabled. The alert is then either generated or refrained from being generated based on the alert policy.

Abstract: The disclosure relates to a method (100) for assessing user authorization, the method comprising: receiving (110), via a data communication network (330), a request from a user device (300) for an access; generating (120), based on data associated with the request, a risk score indicating a risk that the request was sent by a non-authorized user, wherein the risk score indicates a high risk, a medium risk, or a low risk that the user (400) is a non-authorized user; and signaling (130), via the data communication network (330), the user device (300) a need for further information to enable a decision about the authorization of the user (400), if the risk score indicates medium risk. A further aspect relates to a method (200) for user authorization and to an electronic device (300).

Abstract: In order to analyze, efficiently and with high precision, the similarity in operation between software that is being examined and a known malware, this malware analysis device 40 is equipped with: an abstraction unit 41 for generating first abstraction information 410 obtained by abstracting first operation information 440 which indicates the result of an operation of sample software; an abstraction information storage unit 45 for storing second abstraction information 450 obtained by abstracting second operation information which indicates one or more operation results obtained for each piece of software that has been compared with the sample; a calculation unit 42 for calculating the similarity between the first abstraction information 410 and the second abstraction information 450; and a specifying unit 43 for specifying the compared software for which the similarity satisfies a criteria.

Abstract: An example method facilitates dynamic runtime execution of computer code that is selectively injected into messages in accordance with predetermined configuration rules for automatic execution at a message destination. The injection of code into messages, such as messages exchanged during an authenticated computing session, by a policy enforcement system, can be used to efficiently effectuate enhance computing environment security and computing resource use. For example, in a specific embodiment, code for detecting a browser-close event and then terminating a computing session can be automatically executed client side via a browser extension or plugin, thereby helping to eliminate the accumulation of stale computing sessions; thereby mitigating associated security risks and computing resource consumption of stale computing sessions. In another example embodiment, injected code encrypts session cookies, such as via a Time based One Time Password (TOTP).

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a risk score or vulnerable for a user of a security awareness system, or for a group of users of a security awareness system. The server may create a frequency score for a user, which predicts the frequency at which the user is to be hit with a malicious attack. The frequency score may be based on at least a job score, which may be represented by a value that is based on the type of job the user has, and a breach score that may be represented by a value that is based on the user's level of exposure to email.

Abstract: A bridge component is interposed between a content targeting portion of a computerized content management system and a security portion of the system. the content targeting portion has a plurality of targeting segments defined therein. The bridge component creates a plurality of corresponding security groups for at least a subset of the plurality of targeting segments for which pre-existing security groups have not been created. For the targeting segments, accessing, with the bridge component, underlying logic used by the content targeting portion to create the targeting segments, and use the logic to determine whether each potential group member matches the logic. Add at least those of the potential group members that match the logic, and are not already present, to an appropriate one of the corresponding security groups; remove those that do not match. Apply security to the resulting updated security groups with the security portion, and distribute content accordingly.

Abstract: A method for administering a physical access control system is provided. One example of the disclosed method includes receiving sensor data from one or more sensors deployed in a facility, the sensor data including information describing a user's activity within a zone of the facility or a user's movement between zones of the facility. The method also includes comparing the sensor data to one or more user models that describe a normal or expected user activity within the zone of the facility or user movement between the zones of the facility and based on the comparison of the sensor data to the one or more user models, determining that the user's activity does not fall within the normal or expected user activity within the zone of the facility or user movement between the zones of the facility.

Abstract: Methods, media, and systems for a changing a private channel in a channel-based communication system from an “invited-members” mode to a “whitelisted groups” mode. When in a whitelisted-groups mode, the channel administrator can whitelist one or more groups for channel membership. The whitelisted groups may be external groups managed by an identity provider. Based on the whitelisted groups, users cannot be added to the private channel without being a member of one of the whitelisted groups. Users are also automatically removed from the channel if they are no longer in one of the whitelisted groups for any reason.