Abstract: Various embodiments include systems and methods to implement a security posture recommender system. The security posture recommender system may improve the security posture of a deployment of assets by generating recommendation data indicating how to modify the deployment of assets. A deployment may be described by deployment data. The recommendation data may be based on similarities and/or differences between deployment data for a particular user and deployment data associated with users that are within a cluster of users similar to the particular user.

Abstract: Apparatus, methods, and articles of manufacture or disclosed for implementing risk scoring systems used for vulnerability mitigation in a distributed computing environment. In one disclosed example, a computer-implemented method of mitigating vulnerabilities within a computing environment includes producing a risk score indicating at least one of: a vulnerability component, a security configuration component, or a file integrity component for an object within the computing environment, producing a signal score indicating a factor that contributes to risk for the object, and combining the risk score and the signal score to produce a combined risk score indicating a risk level associated with at least one vulnerability of the computing system object. In some examples, the method further includes mitigating the at least one vulnerability by changing a state of a computing object using the combined risk score.

Abstract: A system and method for cybersecurity inspection of private software registries is presented. The method includes: deploying an inspection broker in a computing environment, the inspection broker configured to communicate with a private registry of the computing environment; configuring the inspection broker to access the private registry for a list of objects stored in the private registry; selecting an object from the private registry for cybersecurity inspection; inspecting the object for a cybersecurity object in the computing environment; generating an inspection result based on detection of the cybersecurity object; sending the inspection result to an inspection environment, the inspection environment including a representation of the computing environment; and initiating a mitigation action based on the inspection result, the mitigation action generated in response to an instruction from the inspection environment.

Abstract: A method includes emulating a browser in cooperation with a browser controller for providing a controlled environment to safely execute a web program, loading a web page into the browser, injecting, by executing the browser controller, a first program into the loaded web page, capturing a first visual representation of a HTML element of the web page at a first time after the loading, executing the web page in the browser, logging, via the first program, an execution of a second program embedded in the web page, capturing a second visual representation of the HTML element at a second time later than the first time after the execution of the second program, comparing the first and second visual representation to detect a visual change, identifying the execution of the second program as a cause of the visual change, and performing a remedial action related to the web page in response.

Abstract: A hybrid cloud-based security service apparatus for securing confidential data includes a cloud service module assigning an analysis identifier to data input by a user of a network connected to a cloud and receiving a request for delivery of encrypted data from the user, a key generation service unit located in an on-premise connected to the cloud and generating an encryption key based on the analysis ID, an encryption processing unit encrypting the data using the encryption key and a predetermined encryption algorithm, a logical operation unit performing a logical operation on the encryption key used to encrypt the data to invert predetermined bits of the encryption key, and a decryption service module receiving the encrypted data and the encryption key from the on-premise, restoring the encryption key by performing a logical operation, and decrypting the encrypted data using the restored encryption key and a decryption algorithm.

Abstract: An onboard computer (100) to which data is input from outside a vehicle via a communication interface (10), the onboard computer (100) comprising: a risk evaluation unit (21) configured to evaluate, based on data information of the input data, a risk when an abnormality occurs due to the data; a security strength adjustment unit (22) configured to adjust a security strength for the data based on the risk evaluated by the risk evaluation unit (21); and a security setting unit (23) configured to set security for the data with the security strength adjusted by the security strength adjustment unit (22).

Abstract: Method for confirming ownership of digital assets based on hash algorithm and method for tracing to a source of digital assets based on hash algorithm are provided. Entities involved in confirming the ownership of digital assets include an original user, a CA authentication center and a digital asset authentication center. The process of confirming the ownership includes generating a one-time CA certificate by the original user, authenticating the digital assets by the digital asset authorization center and the original user, generating an ownership confirming document by the original user, creating a quantum digital signature by a three-party, and the like. The method for tracing includes generating subsidiary documents in real time, constructing a unique identity for a digital asset at an accessing moment, traceability analysis, and so on.

Abstract: An ecosystem of devices that autonomously interact with one another by a blockchain is provided, to create a security-protected data processing of sensor data or measurement data for an object by a blockchain infrastructure. Fields of application include supply-chain scenarios or industrial control applications of blockchains.

Abstract: A method includes receiving, from a pre-processor, an output file, the output file having been created by the pre-processor in response to input of an electronic file to the pre-processor, the electronic file being an attachment to an electronic mail message that is in-transit to a recipient computer on a network, the electronic file being a spreadsheet file, the output file containing features that are created by the pre-processor; receiving, from a machine learning-based classifier, malware classification data, the malware classification data being output by the machine learning-based classifier in response to the machine learning-based classifier determining whether the features are indicators of obfuscation, the data used to create the machine learning-based classifier including output files previously created by the pre-processor; in response to the malware classification data matching a criterion, causing the network to modify, delay, or block transmission of the electronic file to the recipient compute

Abstract: Attack path information includes information about an attack path including at least one attack step including an attack source, an attack destination, and an attack method. Vulnerability specification means refers to the attack path information and thereby specifies vulnerabilities exploitable by an attack on the attack destination in the attack step. In the vulnerability information DB, vulnerabilities and presence/absence of exploit codes for the vulnerabilities are stored and associated with each other. Diagnosis evaluation generation means refers to the vulnerability information DB, and thereby examines whether or not there is an exploit code for the specified vulnerability and generates, for the attack step, a risk diagnosis evaluation including the number of specified vulnerabilities and the presence/absence of the exploit codes therefor. Output means outputs the attack step and the risk diagnosis evaluation while associating them with each other.

Abstract: Technologies for memory and I/O efficient operations on homomorphically encrypted data are disclosed. In the illustrative embodiment, a cloud compute device is to perform operations on homomorphically encrypted data. In order to reduce memory storage space and network and I/O bandwidth, ciphertext blocks can be manipulated as data structures, allowing operands for operations on a compute engine to be created on the fly as the compute engine is performing other operations, using orders of magnitude less storage space and bandwidth.

Abstract: A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token.

Abstract: In a method of facilitating encrypted communications between a transmitting system having a unique identifier and a receiving system, a key generation system generates at least one encryption master key for use with the unique identifier and an encryption algorithm to produce a transmitting system-unique encryption key. The key generation system also generates a shared secret master key for use with the unique identifier and a second encryption algorithm to produce a shared secret value. The at least one encryption master key and the shared secret master key are then stored in an encryption information database. The key generation system transmits the at least one encryption master key and shared secret information to the transmitting system and transmits the at least one encryption master key, the shared secret master key and the unique identifier to the receiving data processing system.

Abstract: A system to perform operations that include: minting a Non-Fungible Token (NFT) that comprises a media object and mutable metadata; allocating the NFT to a user of a client device; granting the user of the client device a permission to change the mutable metadata of the NFT based on the allocating the NFT to the user of the client device; generating an open-edition of the NFT, the open-edition of the NFT comprising a reference to the mutable metadata; receiving a change to the mutable metadata from the user of the client device; and updating the open-edition of the NFT based on the change.

Abstract: The present description relates to systems and techniques for allowing a third party verifier to verify aspects of secured data, or successful communication thereof. For example, a message or other data may be associated with a shared manifest that describes aspects of some data but does not reveal or expose the data. As a result, the data may be kept private while selective privacy and verification with respect to the data is achieved by the inclusion of only selected aspects of said data in the shared manifest.

Abstract: A method, system and computer program product are configured to access data, the data including a plurality of attributes, classify each of the attributes into one of a plurality of classifications, receive a privacy objective and a utility objective, determine a data transformation to achieve the privacy objective and the utility objective, apply the data transformation to the data, wherein the data transformation is applied to at least one of the attributes of the data based on the classifications to produce selectively modified data, iteratively refine data transformations through adjustment of utility objectives, and present the data for disclosure.

Abstract: Exemplary embodiments may use word embeddings to enhance scanning of programming code scripts for sensitive subject matter, such as confidential subject matter. The scanning may be performed by a neural network in some exemplary embodiments. The neural network initially may be trained on a corpus of programming code scripts to identify keywords relating to sensitive subject matter, such as passwords, tokens or credentials. The neural network may not only identify instances of the keywords but also may identify related terms as well. The output of the scan may be a ranked list of terms in the programming code script that may relate to sensitive subject matter.

Abstract: A system and method to analyze security across digital environments is provided. The system includes a report generation module to generate reports stating vulnerabilities in a software delivery pipeline. A recommendation engine is configured to perform a comprehensive analysis of the reports, verifies by cross-referencing with a CVE database to provide a rationalized and comprehensive view of the vulnerabilities. Further, the recommendation engine is configured to conduct an impact analysis using a ML model to determine the consequence of fixing the vulnerabilities and generates a score matrix based on a predefined threshold limit. Recommendations are provided to resolve the vulnerabilities based on the score matrix generated and impact analysis. The system includes a vulnerability remediation module to utilize the threshold limit to initiate automated vulnerability remediation thereby ensuring a secure and reliable development process.

Abstract: A specific container is spawned by a docker module responsive to Kebernetes control instruction. Network connectivity is provided for the specific container to a data communication network through a networking bridge and a security policy is configured. After configuration, inbound or outbound data packets concerning the specific container are received and forwarded to a security policy KVM for scanning against security policies. Those that pass security scanning are forwarded to containers and external destinations.

Abstract: Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving computation of a universal polynomial hash function, such as GHASH function. An example method may comprise: receiving an input data block, an iteration result value, and a mask value; performing a non-linear operation to produce a masked result value, wherein a first operand of the non-linear operation is represented by a combination of the iteration result value and the input data block, and the second operand of the non-linear operation is represented by a secret hash value, and wherein one of the first operand or the second operand is masked using a mask value; determining, based on the mask value, a mask correction value; and producing a new iteration result value by applying the mask correction value to the masked result value.