Abstract: The technology disclosed relates to a transparent inline secure forwarder for policy enforcement on IoT devices. In particular, the technology disclosed provides a system. The system comprises a plurality of special-purpose devices on a network segment of a network. The system further comprises a default gateway of the network segment configured to receive outbound network traffic from special-purpose devices in the plurality of special-purpose devices. The system further comprises an inline secure forwarder configured to share an Internet Protocol (IP) address with the default gateway in a transparent mode to intercept the outbound network traffic prior to the default gateway receiving the outbound network traffic, and route the intercepted outbound network traffic to a policy enforcement point for policy enforcement.

Abstract: Embodiments described herein are directed to managing device compliance for devices that are connected to an enterprise network. For example, a mobile device manager may provide configuration settings to a computing device, which implements the settings in order to be compliant with an enterprise's data and/or security policy. The mobile device manager also maintains a local reference of each device's configuration settings implemented thereby. When the mobile device manager subsequently performs a determination as to whether the computing device is still in compliance, the mobile device manager simply needs to refer to the local reference to determine the computing device's settings instead of explicitly querying the computing device for its settings.

Abstract: A method and intrusion manager (200) for handling intrusion to an electronic equipment (202). When a sensor (204) detects (2:2) an intrusion to the electronic equipment, an intrusion entry indicating the detected intrusion is stored (2:3), and an associated sign-off message which identifies the stored intrusion entry is also stored (2:5). The sign-off message comprises a signature that validates the detected intrusion, which signature may be received (2:4) as input from an authorised person. Thereby, any stored intrusion entry can be checked by searching for an associated sign-off message, and a stored intrusion entry having no matching sign-off message with a valid signature can be determined to be unauthorised.

Abstract: A system that communicates information is described. This system includes: a network interface, a proxy device coupled to the network interface, and an interface node coupled to the proxy device and configured to couple to a channel. Note that the network interface is configured to transmit outbound messages from the system to a location and to receive inbound messages to the system from the location, and the channel is configured to convey the outbound messages and the inbound messages. Moreover, the proxy device is configured to inspect a given message inbound or outbound based on a pre-determined profile of the location and pre-defined communication rules. Then, the proxy device is configured to restrict the given message based on a result of the inspection, where the restriction occurs after the system begins a communication session with the location and is performed for the duration of the communication session.

Abstract: A device configured to obtain group information from a database, to identify a first set of clusters based on the group information, and to determine a first cluster quantity that identifies a number of clusters within the first set of clusters. The device is further configured to obtain user interaction data for user devices, to input the user interaction data into a machine learning model, to receive a second set of clusters from the machine learning model based on the user interaction data, and to determine a second cluster quantity that identifies a number of clusters within the second set of clusters. The device is further configured to determine the second cluster quantity is greater than the first cluster quantity, to identify a cluster that is not present in the first set of clusters, and to modify settings on a user device from within the cluster.

Abstract: A Domain Name System (“DNS”) package, a non-transitory computer-readable medium, and a method for providing domain name resolution services are disclosed. The system can include one or more built-in DNS hierarchy databases configured for deployment within a network, wherein the one or more built-in DNS hierarchy databases stores DNS records. The system can also include a recursive name server, wherein the recursive name server is configured to query the one or more built-in DNS hierarchy databases during domain name resolution, the recursive name server configured to select the one or more built-in DNS hierarchy databases based on a policy indicating a preference for the one or more built-in DNS hierarchy databases over a domain name server located outside of the network. Furthermore, the system can include a recursive name server database configured to store DNS records for the recursive name server.

Abstract: Disclosed herein are systems and method for protecting core files in a content management system (CMS). In one aspect, a method includes detecting execution of a script on a computing device. In response to determining that the script is located in the core folder and is not included in an exclude list that includes paths of scripts and files that are marked as not malicious, the method includes blocking the execution of the script. If the script is not in the core folder, the method includes determining whether the script will upload, to the core folder, a file that is not in the exclude list. In response to determining that the script will upload the file to the core folder, the method includes blocking write functions in the script during the execution.

Abstract: Systems and methods include obtaining file identifiers associated with files in production data; obtaining lab data from one or more public repositories of malware samples based on the file identifiers for the production data; and utilizing the lab data for training a machine learning process for classifying malware in the production data. The obtaining file identifiers can be based on monitoring of users associated with the files, and only the file identifiers are maintained based on the monitoring. The lab data can include samples from the one or more public repositories matching the corresponding file identifiers for the production data. The lab data can include samples from the one or more public repositories that have features closely related to features of the production data.

Abstract: The embodiment of the disclosure provides an unlocking control method and related products, applied to an electronic device with a foldable and flexible display. The method includes: determining a current page to be unlocked; determining N target biometric recognition devices corresponding to the current page to be unlocked, N being a positive integer; acquiring a current multi-biometric recognition mode, wherein the current multi-biometric recognition mode comprises at least two recognition operations, each recognition operation corresponds to one kind of biometric recognition device; and adjusting the current multi-biometric recognition mode according to the N target biometric recognition devices. So, the current multi-biometric recognition mode is adjustable according to the biometric recognition devices corresponding to the page to be unlocked. Therefore, the problem that a foldable and flexible display is inconvenient to be unlocked in a folded state, can be solved.

Abstract: A method and device for handling an anomaly at a unit. The device is integrated into the unit. A variable is detected for handling attacks on the unit that defines an operation of the unit. A piece of information is determined depending on the variable that characterizes surroundings in which the unit is operated. It is checked depending on a comparison of the piece of information about the surroundings to a piece information about the setpoint surroundings for the operation of the unit, whether or not an anomaly is present in the operation of the unit. The unit is operated in a first operating mode having a first functional range, if no anomaly is detected. The unit is operated in a second operating mode having a second functional range, which is reduced or changed with regard to the first functional range, if an anomaly is detected.

Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the users biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: This controller system includes: a program acquisition unit that acquires, by turning on the controller system, a control program from a server in which the control program is stored; a main storage device that stores the control program acquired by the program acquisition unit while electric power is supplied to the controller system; and a program execution unit that executes the control program stored in the main storage device.

Abstract: There is provided mechanisms for obtaining a VC certificate from a server. A method is performed by network equipment. The method comprises performing, by an enclave of the network equipment, measurements on at least one property of the network equipment. The method comprises providing, by the enclave, a request for the VC certificate from the server upon having attested the measurements. The method comprises receiving, from the server, the VC certificate in response to the request and storing the VC certificate in the network equipment.

Abstract: Many areas of investigation require searching through data that may be of interest. In a first method step, a digital content element is provided. The digital content element may have any suitable format or data structure of interest to a searching entity. The digital content element may be a particular data file that is of interest to a searching entity. In a second step, the digital content element is compared with a first set of data provided by a combination of a second set of data and a third set of data. The first set of data is a collection of known digital content elements that are of interest to a searching entity, for example contraband digital content elements or digital content elements owned by or represented by the searching entity. In a third method step, the digital content element is identified as known if the digital content element is detected within the first set of data.

Abstract: A computer-based system and method for classifying data in real-time for data streaming may include: capturing a plurality of data packets flowing between a data source machine and a data client; searching at least one of the data packets for tokens associated with sensitive information; if tokens associated with sensitive information are not found in a data packet: allowing the data packet to flow between the data source machine and the data client; and sending the data packet to a comprehensive security analysis; and if tokens associated with sensitive information are found in the data packet: preventing the data packet form flowing between the data source machine and the data client; and sending the data packet to a comprehensive security analysis.

Abstract: A computer-based system and method for performing an offline login to a local device, including: generating a pair of an auxiliary (AUX) public key and an AUX private key; receiving a password at the local device; reconstructing a symmetric key from a first value stored on the local device and a second value stored on an authenticator; encrypting the password with the AUX public key to obtain a locally encrypted password; encrypting the AUX private key with the symmetric key to obtain an encrypted AUX private key; and deleting the symmetric key, and when performing the offline login: reconstructing the symmetric key; decrypting the encrypted AUX private key with the symmetric key to obtain the AUX private key; decrypting the locally encrypted password with the AUX private key to obtain the password; and using the password to perform the offline login.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: The system and method may look for bots using statistics. At a high level, bots communicate back and forth to a command and control computer. The communications are at somewhat random times by design to not be obvious. Using expected probability of a normal distribution rather than simply analyzing time of communications may result in better bot recognition.

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

Abstract: Methods, systems, and apparatus, including computer-readable media, for predictively providing access to resources. In some implementations, a method includes receiving movement data indicating movement of a mobile device associated with a user while the mobile device approaches a resource is received. A credential of the user authorizes access to the resource. Based on the movement data, the movement of the mobile device is classified as corresponding to an attempt to access the resource. The mobile device is determined to be in proximity to the resource. Before the user interacts with the resource, the resource is caused to be unlocked or opened in response to determining that the credential of the user authorizes access to the resource, classifying the movement of the mobile device as corresponding to an attempt to access the resource, and determining that the mobile device is in proximity to the resource.