Abstract: Techniques for probing for Cobalt Strike TeamServer detection are disclosed. In some embodiments, a system/process/computer program product for probing for Cobalt Strike TeamServer detection includes monitoring HyperText Transfer Protocol (HTTP), HTTPS, and/or Domain Name System (DNS) network traffic at a firewall; prefiltering the monitored HTTP, HTTPS, and/or DNS network traffic at the firewall to select a subset of the HTTP, HTTPS, and/or DNS network traffic to forward to a cloud security service; performing HTTP, HTTPS, and/or DNS probing of a target to detect whether the target is a Cobalt Strike TeamServer; and performing an action in response to detecting that the target is the Cobalt Strike TeamServer.

Abstract: Methods and systems for managing operation of a data pipeline are disclosed. To manage operation of a data pipeline when a portion of data is inaccessible may require generating synthetic portion of data to generalize the inaccessible portion of data. Prior to the generation of the synthetic portion of data, an analysis of an intended use of the inaccessible portion of data may be performed. The analysis may reduce the likelihood of generation and use of synthetic portion of data that is unreliable. Once obtained, the synthetic portion of data may be analyzed to determine a likelihood that the synthetic portion of the data may successfully generalize the inaccessible portion of data. When the synthetic portion of data is determined to meet or exceed quality criteria, the synthetic portion of data may be utilized by the data pipeline.

Abstract: An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

Abstract: DNS request obfuscation includes generating decoy domain name system (DNS) requests for obfuscating DNS request activity being handled by a private DNS server for an organization, and sending the decoy DNS requests to external DNS server(s) for resolution, receiving a DNS request seeking a DNS lookup for a client device, obfuscating the DNS request by sending, to an external DNS server of the external DNS server(s), the DNS request interspersed with at least some of the generated decoy DNS requests sent to the external DNS server, receiving, from the external DNS server, a DNS response to the sent DNS request, and providing the DNS response to a source of the DNS request.

Abstract: In at least one example, a method includes establishing, by a sniffer provisioning server (SPS) of a first wireless device, a trusted relationship between the first wireless device and a sniffer tool using a public key of the sniffer tool. An out-of-band (OOB) key exchange provisions the public key of the sniffer tool to the wireless device. The method further includes obtaining, by the SPS, key material uniquely related to a communication session established between the first wireless device and a second wireless device using a shared password. The key material excludes the shared password and a session key uniquely related to the communication session. The method further includes publishing, by the SPS, the key material over a channel to the sniffer tool based on the trusted relationship. The channel is secured using the public key of the sniffer tool.

Abstract: A data encryption or decryption method includes obtaining a data processing request carrying to-be-processed data; selecting one of a first processing manner and a second processing manner as a processing manner for the to-be-processed data. In the first processing manner, processing is performed by an encryption/decryption chip. In the second processing manner, processing is performed by a software program running on a central processing unit.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: The present disclosure relates to a system and method of automatically updating the set of security controls in the production environment using AI based on historical data generated in the test management system TMS during the system's testing in the testing environment including information about its elements, their properties, testing environment, its characteristics, and security controls with their settings. Once the AI has sufficient historical data from a testing environment, every time a change is detected to the system in the production environment, its elements, their properties, or at least one characteristic of the production environment, the AI system makes a recommendation to update the set of security controls in the production environment.

Abstract: Systems and methods are provided for sending a combined read and reaction message. The systems and methods perform operations comprising: accessing, by a messaging application, a conversation session comprising a plurality of messages exchanged between a plurality of client devices, the messaging application being associated with a first client device of the plurality of client devices; generating, by the messaging application, metadata associated with one or more of the plurality of messages; encrypting, by the messaging application, the metadata in accordance with an end-to-end encryption process to enable a second client device of the plurality of client devices to read the metadata and prevent the second client device from modifying the metadata; and transmitting, to a server, a packet comprising an encrypted message slot and a first metadata slot, the first metadata slot comprising the encrypted metadata.

Abstract: The present disclosure relates to techniques for automated and adaptive cloud security management. Embodiments provide for, at an electronic device configured to interface with a cloud computing environment, initiating one or more transactions in the cloud computing environment using a first identifier to cause a first service of the cloud computing environment to generate a first set of data including the first identifier and a second identifier, and a second service of the cloud computing environment to generate a second set of data including a third identifier and a fourth identifier. Embodiments also provide for automatically determining whether the first identifier corresponds to the third identifier, and, in accordance with a determination that the first identifier corresponds to the third identifier, associating the second identifier and the fourth identifier to generate a linkage between the first and second services.

Abstract: A system is provided for generation of substitutable configuration of secure distributed register tokens. In particular, the system may generate, on a distributed register, a secure token with a built-in source code function for triggering a substitution of the secure token with one or more substitute tokens upon the occurrence of a specific condition. The function may pull one or more values associated with the secure token (e.g., from an oracle) and generate the one or more substitute tokens based on the one or more values. Once the substitute tokens are generated, the substitute tokens may be used to replace the secure token on the distributed register.

Abstract: Disclosed is a neural network enabled interface server and blockchain interface establishing a blockchain network implementing event detection, tracking and management for rule based compliance, with significant implications for anomaly detection, resolution and safety and compliance reporting.

Abstract: A system, method, and computer-readable medium are disclosed for providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.

Abstract: An approach for increasing security of biometric templates is described. An improved system is adapted to split a full set of features or representations of a trained model into a first partial template and a second partial template, the second partial template being stored on a secure enclave accessible only through zero-knowledge proof based interfaces. During verification using the template, a new full set of features is received for comparison, and a model is loaded based on the available portions of the model. Comparison utilizing the second partial template requires the computation of zero-knowledge proofs as direct access to the underlying second partial template is prohibited by the secure enclave.

Abstract: Securely acquiring and managing electronic-based signatures by a content management system. A content management system exposes content objects to a plurality of collaborators. Executable modules of the content management system implement an Internet-based interface that is configured to acquire electronic-based signatures from a user device. A particular user device is configured to access particular content objects over the Internet-based interface and to acquire an electronic-based signature corresponding to one or more of the particular content objects. When one or more conditions are detected that would at least potentially influence how the acquisition of the electronic-based signature is carried out, then one or more remediation actions are invoked. Various security-specific remediation actions address corresponding security vulnerabilities. Various document-specific remediation actions are determined based on the document conditions that had been detected.

Abstract: A method for authenticating a user performed by an identity server computer is disclosed. The method comprises receiving, by a server, a user device identifier from an access device. The server transmits a challenge to a mobile device operated by a user, and the mobile device signs the challenge. The server receives and verifies the signed challenge and then provides the signed challenge or a portion thereof to an access device, which processes the transaction with the signed challenge.

Abstract: A data processing method, a detection device administration server, a user terminal, a network server, and a data processing system are provided. The data processing method is applicable to a detection device administration server and includes: communicating with a first detection device; sending, in response to a user terminal of a user binding the first detection device through first identification information of the first detection device, a first detection request to the first detection device; and receiving, after the user completes the first detection, first detection data sent by the first detection device.

Abstract: A system and method for train control system intrusion detection that uses Machine Learning (ML) to detect attacks on traction and braking operations performed by a TCMS. Control message history, which includes previously generated operational commands and control messages sent to each train and mobility information for each train at predetermined time intervals, is received. The received input data is checked for misbehavior and detect attacks.

Abstract: A system for managing an access to an asset is provided. A digital key to the asset is generated and synchronized between a first user device of a first user and an access control device that controls the access to the asset. A key-sharing request is initiated by the first user device to grant a second user the access to the asset. Based on the key-sharing request, an application server communicates the digital key to a second user device of the second user. When the second user device is within a detection range of the access control device, the access control device receives the digital key from the second user device, validates the digital key, and grants the second user the access to the asset for an access duration defined in the key-sharing request.

Abstract: Methods and systems disclosed herein describe a universal access layer that allows a plurality of applications to obtain data and/or information from a plurality of heterogeneous data stores. The universal access layer may include one or more application data objects to validate requests, transform a format of the request, determine which data stores comprise the requested data and/or information, encrypt the request, combine responses into a single response, and retransform the response prior to sending it to the requesting application. By using the universal access layer, applications may improve the speed with which they access data and/or information from the plurality of heterogeneous data stores.