Abstract: Computer systems and methods are provided for training a machine learning system to determine an authentication decision and explanation information corresponding to the authentication decision. First authentication information for a first authentication request including a first image is received. First validation information corresponding to the first image and including a first authentication decision and first explanation information is received. Data storage of a machine learning system stores the first image and the first validation information. The machine learning system updates an authentication model based on the stored first image and first validation information. Second authentication information for a second authentication request is received. The machine learning system determines second validation information, including second explanation information, based on the updated authentication model. The second explanation information is provided for display to a user device.

Abstract: Embodiments of the present disclosure describe systems, methods, and computer program products for redacting sensitive data within a database. An example method can include receiving a masking policy for a column of a database, the masking policy identifying a category of sensitive data, examining a column of a database to identify a category of sensitive data in a first location of the column, and, in response to a data query accessing the column, the first location of the column exceeding a threshold probability of comprising sensitive data, executing a redaction operation to redact the category of sensitive data from the first location of the column to generate redacted data for a response to the data query.

Abstract: A solution is proposed for performing authentications. A corresponding method comprises storing a verification string corresponding to applying a one-way function iteratively starting from a secret string. An authentication request is received in association with an authentication string (or more) being generated by applying the one-way function iteratively starting from the secret string for a lower number of times. A result of the authentication request is determined by comparing the verification string with a comparison string being generated by applying the one-way function to the authentication string (or a few times iteratively). Corresponding computer programs and a computer program products for performing the method are also proposed. Moreover, corresponding systems for implementing the method are proposed.

Abstract: A predetermined credential system for remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software. When executed, the administrative access to the OS is activated before completing the administrative activities. The admin credential is encrypted in a wrapped program. A payload program and administrative credentials are extracted from a wrapped program. The payload program adds functionality or affects policies and/or change update settings and configuration selected for an end user computer or a group of end user computers.

Abstract: Disclosed is a method and apparatus for securely copying and pasting data between computer applications. The method includes generating alternative data from copied data from a first computer application. The method further includes adding the alternative data to a copy-paste clipboard and detecting an attempt by a user device to paste the copied data into a user interface. In response to the user interface being associated with a computer application from a predefined list of computer applications, the method further includes pasting, by a processing device, the copied data into the user interface. In response to the user interface being not associated with the computer application from the predefined list of computer applications, the method further includes pasting, by the processing device, the alternative data from the copy-paste clipboard into the user interface.

Abstract: Described herein are example implementations for handling of phishing attempts. A system receives a request to perform an electronic transaction, with the request including information regarding a user account. The system generates one or more probabilities of the request being valid based on the request and processing of a plurality of electronic transactions associated with one or more user accounts, identifies whether the request is valid based on the one or more probabilities, and in response to identifying that the request is not valid, provides an indication that the request is not valid.

Abstract: Disclosed herein is a time-based leaderboard that ranks users based on a length of time each user has controlled or possessed a given digital object. The leaderboard includes customization options for purposes of user identification and identity connected to social network objects. The leaderboard further uses a staking feature where users provide their digital objects to universal wallets to hold for a predetermined period based on smart contract limitations. Staking improves leaderboard position. The leaderboard further enables expression and displayed of staked digital objects despite the user no longer having actual possession of the digital object. A digital object generator builds unique digital objects based on the user specific input. The unique digital objects are part of a graphic presentation to users.

Abstract: Disclosed herein are methods, devices, and systems for provide a new two-factor or user authentication procedure. In a scenario in which a user is enrolled in the verification system, a method can include receiving, at a network-based server, a unique identifier associated with a user that desires to access a service from an application or a website, identifying a typing profile associated with the unique identifier and presenting a reference text on a user device of the user. The method can include receiving a typing pattern of the user and determining whether there is a match between the typing pattern and one or more previously recorded typing patterns for the user. When the determination indicates that the user is verified, the method includes presenting a one-time password on a display of the user device. The user enters the one-time password into an input field and validating, via the network-based server, the one-time password.

Abstract: Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a first series of actions performed by the malware and based on the first series of actions generates a remediation script specifying a second series of actions that are configured to restore the endpoint device to a pre-infected state. The network security platform causes the endpoint device to be returned to the pre-infected state by causing the endpoint security solution to execute the remediation script on the endpoint device.

Abstract: Techniques for identity resolution and data enrichment include configuring, during an onboarding process at an account of a data provider, at least one parameter associated with access to identity resolution functions by an account of a data consumer. A first shared data object is generated at the account of the data provider. The first shared data object corresponds to a second shared data object at the account of the data consumer. The second shared data object at the account of the data consumer is enabled for sharing of log data associated with an application executing at the account of the data consumer. The application is enabled for an identity resolution process based on the detecting of the second shared data object. Source data associated with the identity resolution functions is encoded for communication to the application at the account of the data consumer based on the enabling.

Abstract: A computer-implemented method for building socket transferring between containers in cloud-native environments by using kernel tracing techniques is provided including probing a connection-relevant system call event by using an eBPF to collect and filter data at a router, creating a mirror call at a host namespace with a dummy server and dummy client by creating the dummy server with mirror listening parameters, sending a server host address mapping to overlay the server host address to the client coordinator in an overlay process, and creating and connecting the dummy client to return a client host address to the server coordinator. The method further includes transferring mirror connections to the overlay process via a forwarder by temporary namespaces entering and injecting socket system calls and probing a transfer call event to map an overlay socket with a transferred dummy socket to activate duplication when the overlay socket is not locked.

Abstract: The technology disclosed relates to analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a system and method that detects a triggering criterion and, in response to the triggering criterion, automatically discovers a plurality of databases in the cloud environment. An orchestration engine is configured to deploy a plurality of log analyzer microservices on the plurality of databases, each log analyzer microservice, of the plurality of log analyzer microservices, being configured to scan a respective database log that represents database activities on a respective database of the plurality of databases. Analysis results are received from the plurality of log analyzer microservices, the analysis results represent detection of at least one of a performance criterion or a security criterion in one or more databases of the plurality of databases. An action signal representing the analysis results is generated.

Abstract: Disclosed herein are systems and methods for detecting potentially malicious changes in an application. In one aspect, an exemplary method comprises, selecting a first file to be analyzed and at least one second file similar to the first file, for each of the at least one second file, calculating at least one set of features, identifying a set of distinguishing features of the first file by finding, for each of the at least one second file, a difference between a set of features of the first file and the calculated at least one set of features of the second file, and detecting a presence of potentially malicious changes in the identified set of distinguishing features of the first file.

Abstract: Various embodiments include a mobile storage device control system. The system may include an independently operating scanning apparatus configured to: detect insertion of a mobile storage device, scan the mobile storage device to determine whether the mobile storage device poses a security threat, perform a specific operation on the mobile storage device so the specific operation is recorded in a file system log of the mobile storage device, and the record of the specific operation is used to mark whether the mobile storage device has been modified after being scanned. The system may include a control apparatus configured to: detect insertion of the mobile storage device, check whether the last record in the file system log in the mobile storage device is the record of the specific operation, if so, permit a user to access the mobile storage device and otherwise prohibit the user from accessing the mobile storage device.

Abstract: Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.

Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.

Abstract: A secure programming system can receive a job control package having a security kernel and a target payload of content for programming into a pre-defined set of trusted devices. A device programmer can install a security kernel on the trusted devices and reboot the trusted devices using the security kernel to validate the proper operation of the security kernel. The target payload can then be securely installed on the trusted devices and validated.

Abstract: Techniques for identity resolution and data enrichment include configuring, at an account of a data consumer, an outbound share. The outbound share is designating a share at an account of a data provider as a receiving share. An identity resolution application is instantiated at the account of the data consumer. An instruction originating from the account of the data provider is decoded at the account of the data consumer. The instruction is generated based on the configuring of the outbound share. The instruction enables the identity resolution application for an identity resolution process. Source data is retrieved from the account of the data provider at the account of the data consumer. The source data is associated with the identity resolution process.

Abstract: A media playback system for presenting to a user a composition of a plurality of media streams. It has a media selection component configured to receive a scenario dataset, to receive user input for selecting viewing times defining segments of media and composition selections, and to output a list of segments of media from the scenario dataset that are authorized to be viewed by the user. The system has a playback control component configured to retrieve from media storage at least the segments of media from the output list of segments, to decode the segments of media, and to compile composition instructions. The system has a media playback component configured to receive the rendered media and the composition instructions.

Abstract: Methods, apparatus, systems, and articles of manufacture to provide and monitor efficacy of artificial intelligence models are disclosed. An example apparatus includes a model trainer to train an artificial intelligence (AI) model to classify malware using first training data; an interface to deploy the AI model to a processing device; a model implementor to locally apply second training data to the AI model to generate output classifications, the second training data generated after generation of the first training data; and a report generator to generate a report including an efficacy of the AI model based on the output classifications.