Abstract: Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.

Abstract: A method and information handling system (IHS) for identifying communication threats in an IHS. The method includes triggering a board management controller (BMC) to transmit a plurality of memory addresses identifying where a plurality of network packets received by the IHS are stored. A field programmable gate array (FPGA) within a processor receives the memory addresses of the network packets and retrieves the network packets. The network packets are analyzed by comparing at least one threat signature that is associated with undesired network behavior with the contents of the network packets. In response to the at least one threat signature matching the contents of at least one of the network packets, an intrusion alert is transmitted to the BMC.

Abstract: Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.

Abstract: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.

Abstract: Disclosed are a system and a method for one-time password (OTP)-based authentication. The system for OTP-based authentication includes a transceiver module configured to receive an authentication request from a client and transmit a result of the authentication according to the authentication request to the client, an authentication accumulation management module configured to provide statistical information about authentication success of the client for each time interval within a predetermined effective range of time, an OTP generation module configured to generate a server-side OTP using previously stored authentication information and time information that is acquired from the statistical information about authentication success, and an authentication module configured to authenticate the client by comparing a client-side OTP included in the authentication request with the server-side OTP.

Abstract: Techniques of detecting malicious events involve generating a relational graph of event data describing events that occur within a specified, limited time window. Along these lines, a malicious event detection computer receives event data describing interactions between entities such as users, devices, and network domains from various servers that occur within a specified time window. In response, the malicious event detection computer generates a relational graph that has graph structures (e.g., nodes and edges) representing these interactions. Analysis of patterns within the resulting relational graph indicates whether there is a malicious event occurring.

Abstract: Technology for improving and monitoring data communication security is presented herein. The technology monitors a plurality of sources of risky activities, crawls on computer networks to scan the risky activities, visualizes the risky activities, and detects and prevents risky activities.

Abstract: Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component.

Abstract: Carrier-side security services for fielded devices is disclosed. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into devices associated with a carrier network. A device associated with the carrier network can authenticate field components to service components without first establishing a communications pathway to a back-end service provider. Further, the device can provide for secured communications with an authenticated field component and are not readable by carrier devices. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into a device associated with the carrier network. In a further aspect, the device can host a security services platform for back-end service providers.

Abstract: Methods, apparatuses, and computer program products are herein provided for hiding access to information in an image. A method may include receiving user input indicating a desire of a user to magnify a region within an image to a level of magnification. The method may further include causing the region to be magnified to the level of magnification. The method may further include determining whether the region is associated with at least one of an application or information and determining whether the level of magnification satisfies a level of magnification threshold. The method may further include causing the at least one application to be launched or information to be opened in an instance in which the region is associated with the at least one of an application or information and the level of magnification satisfies the level of magnification threshold. Corresponding apparatuses and computer program products are also provided.

Abstract: A response to a cyber attack on a carrier network is provided. The response can be based on inspection of traffic flowing through a carrier network. The response can automatically adapt the traffic flow in response to a perceived threat. Traffic can be adapted by dynamically updating permission variables related to allowing access for user equipment (UE) to a carrier network, withdrawing or denying access to the carrier network for selected UEs. In other embodiments, signaling can be initiated at the carrier network to cause selected UEs to disable transmission of traffic contributing to the traffic flow. Determining a cyber attack condition can be based on predetermined rules associated with the traffic flow. Further, the determination can be performed at a front end of the carrier network to limit exposure of the carrier network to a detected cyber attack.

Abstract: A computing system record security architecture comprises, in one example, a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.

Abstract: A device to process information is provided. According to an embodiment, a display unit is configured to display computer-generated objects. A processor is configured to receive selection input effective to select a particular computer-generated object from amongst the computer-generated objects. Manipulation input corresponding to detected motions is received. The particular computer-generated object is moved and rotated in its entirety in response to the manipulation input and in accordance with the detected motions. Each of the detected motions has a corresponding time period. A password is generated using the detected motions and the time periods. A user is authenticated by use of the generated password and an identified unrevealed authentication. The authentication of the user includes an indication of an authentication failure when the detected motions are different from an expected input and any of the corresponding time periods are outside of an allowable time range.

Abstract: A user equipment (UE). The UE comprises a memory module, wherein the memory module is one of a subscriber identity module (SIM), a universal integrated circuit card (UICC), a universal subscriber identity module (USIM), or a removable user identity module (R-UIM), wherein clock signals from a second clock component are input to the memory module. The memory module comprises an application stored in a trusted security zone in the second non-transitory memory, that when executed by the second processor in the trusted security zone, wherein the second operating system accesses the second processor to implement instructions for applications in the second operating system, wherein the trusted security zone provides hardware assisted trust, compares a first mobile equipment identifier (MEID) stored in the first non-transitory memory with a second MEID stored in the memory module.

Abstract: A system includes a sensor to determine a user is proximate to the system and a logon module to receive information from the sensor that a user is proximate to the system, receive logon information from the user and identification information associated with the user, authenticate the user to use the system based on the logon information, store the identification information, receive second information from the sensor that the user is not proximate to the system, suspend an operating system session, receive information from the sensor that the user is again proximate to the system, receive second identification information associated with the user, determine that the first and second identification information matches, and resume the OS session in response to determining that the first and second identification information matches.

Abstract: A computer-implemented method for evaluating network security may include (1) receiving, by a security server, a request to report a network risk score for an organization based on telemetry data describing file downloads at computers managed by the organization over a specified period of time, (2) identifying the telemetry data describing file downloads at the computers managed by the organization over the specified period of time, (3) searching the telemetry data to match file downloads over the specified period of time to at least one file that was previously categorized, prior to the request, as a hacking tool, (4) calculating the network risk score based on the telemetry data, and (5) reporting, automatically by the security server in response to the request, the calculated network risk score. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Differential access to data for a user of a processor-based system is disclosed wherein the user may select one secret from among a plurality of secrets that allows and/or enables access to potentially different sets of data, different resources for accessing the data and/or different tasks for the user to interact with the system. The selection of any particular secret may arise as to the user's feeling as to how secure the environment is for accessing the data. For example, if the user is in a very secure environment, the user may select a secret that allows substantially broad access to data, resources and tasks. If the environment is not secure, or if the user is under duress, the user may select a secret that provides limited access, or a decoy set of data and/or may provide the user with access to defensive measures to protect the data.

Abstract: Flux domain is generally an active threat vector, and flux domain behaviors are continually changing in an attempt to evade existing detection measures. Accordingly, new and improved techniques are disclosed for flux domain detection. In some embodiments, an online platform implementing an analytics framework for DNS security is provided for facilitating flux domain detection. For example, the online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis, disclosed herein with respect to various embodiments.

Abstract: Embodiments of the present disclosure disclose a method and a device for evaluating security assessment of an application. The method comprises receiving application entry data associated with a plurality of entry points of the application. Also, the method comprises identifying at least one security threat entry point based on the application entry data. Further, the method comprises computing a coverage index value based on the application entry data and the at least one security threat entry point and generating a recommendation report indicating security coverage of the application based on the coverage index value.

Abstract: As provided herein, a user of a client device may navigate to a webpage using a browser. A browser window, populated with a verification image and/or details about the webpage, is generated and presented to the user. The verification image and/or details about the webpage differentiate a browser window generated by the browser, from the webpage, from a browser window generated by a malicious user. The browser window comprises a login box into which credentials for logging into the user account may be entered. Responsive to the user entering correct credentials into the login box and selecting a submit option based upon recognition of the verification image, the browser window may be submitted to a server and the user may be presented with a window comprising access to the user account.