Abstract: Described are techniques for application hardening. The techniques include generating application traces using fuzzing for an application with a known security vulnerability, where the application traces include good traces that do not result in exploitation of the known security vulnerability and bad traces that result in exploitation of the known security vulnerability. The techniques further include identifying code segments that are executed by the bad traces and not executed by the good traces. The techniques further include modifying the identified code segments using binary rewriting.

Abstract: A method for authorizing a blockchain data access on a blockchain platform includes: obtaining from a third-party institution a data access request containing a user ID of data access, a data scope, and a random number of a signature, which is generated by the third-party institution after receiving a random number sent by a client terminal and signing on the received random number; performing a verification on the random number of the signature and the data scope; and after the verification is passed, sending data ciphertext corresponding to the user ID to the third-party institution, such that the third-party institution decrypts the data ciphertext using a data secret key sent by the client terminal.

Abstract: Disclosed is a cloud-based security system implemented in a forward proxy that provides generative artificial intelligence (GenAI) traffic inspection to protect against security and privacy concerns related to GenAI use for protected endpoints. The security system intercepts requests and determines whether those requests are directed to a GenAI application. The security system includes a GenAI request classifier trained to classify prompts submitted to GenAI applications as one of benign, prompt injection attack, or uploaded files. The security system further includes a GenAI response classifier trained to classify responses from GenAI applications as one of normal, leaked system prompt, leaked user uploaded files, or leaked training data.

Abstract: Methods for exchanging a predecessor domain registrar for the authentication and configuration of digital certificates of IoT devices with a new registrar. The predecessor registrar and the devices are stored using a blockchain. The method may include: determining by the predecessor the number of nearby attestations needed; entering the new registrar into the blockchain; gathering the attestations of the devices using the new registrar; checking whether the new registrar fulfills the defined number; accepting the technical installation with the new registrar as authentication and configuration entity for the devices; sending voucher requests to the new registrar; forwarding the voucher requests to an authorization authority; checking whether the respective device belongs to the new registrar; and if so, issuing a voucher for the corresponding device using the authorization authority and sending the voucher to the corresponding device.

Abstract: A method including analyzing affected data known to include harmful content, and clean data known to be free of the harmful content; determining, based on analyzing the affected data and the clean data, harmful traits that appear in the affected data with a frequency that satisfies a threshold frequency, and clean traits that appear in the clean data with the frequency that satisfies the threshold frequency; mixing the harmful traits and the clean traits to determine a mixed set; analyzing the affected data based on utilizing the mixed set to determine a harmful pattern that indicates characteristics associated with the harmful traits and the clean traits; and transmitting pattern information indicating the harmful pattern to enable the user device to determine whether given data includes the harmful content is disclosed. Various other aspects are contemplated.

Abstract: According to examples, an apparatus includes a processor that is to obtain a plurality of codes contained in a machine-readable item and send a request for authentication of a user of the machine-readable item to a server. The server is to select a certain code of a plurality of certain codes and return a request for the selected certain code. The processor is to receive the request for the selected certain code from the server and to identify a code in the plurality of codes that corresponds to the selected certain code. The processor is also to send the identified code to the server for the server to authenticate the user based at least on the identified code. In addition, the processor is to receive an indication as to whether the authentication request of the user is successful from the server.

Abstract: A cryptocurrency miner includes compute modules and a controller. Each compute module includes a stats store, a manager, and compute engines. The controller is coupled to the compute modules via a serial bus and distributes one or more jobs to the compute modules via the serial bus. Each manager distributes jobs received by its respective compute module among the compute engines of its respective compute module. Each compute engine processes a job and reports a candidate hit found by processing the job. Each manager validates a candidate hit reported by one of the compute engines of its respective compute module, reports the validated candidate hit to the controller; and updates statistical information in the stats store of its respective compute module based on validation of the candidate hit.

Abstract: Techniques for code-free automated machine learning (ML) are described. Users can train high-quality ML models and pipelines without necessarily needing to write code by providing a training dataset to a code-free machine learning service. The service may deploy an ML orchestration function and a storage location on behalf of a user. When a modification is made to the storage bucket, such as by the user providing a training dataset, the orchestration function is invoked and can automatically initiate an AutoML process using at least the training data to train multiple ML model variants. The resultant ML model(s) and associated metrics can be provided to the user, deployed behind an endpoint, and/or used to generate inferences.

Abstract: In some embodiments, a network node for securing physical assets may be provided. The network node may include a processor and a memory storing instructions. The network may be configured to: receive, from a first entity, a cryptographic data structure configured to identify a physical item stored in a secured location; in response to receiving the cryptographic data structure, generate and transmit to the first entity a plurality of fungible cryptographic items; secure the cryptographic data structure on a public data structure, such that the cryptographic data structure cannot be released unless the plurality of fungible cryptographic items are received; receive, from a second entity, the plurality of fungible cryptographic items; and in response to receiving the plurality of fungible cryptographic items, transmit to the second entity the cryptographic data structure.

Abstract: Disclosed techniques include integrated cybersecurity state change buffer service. A plurality of network-connected cybersecurity threat protection applications is accessed. A background synchronization service is initiated. The background synchronization service receives status from at least one of the plurality of cybersecurity threat protection applications. The status comprises high-volume incoming status data. The status is monitored, using the background synchronization service. A real-time state change in the status is identified, based on the monitoring. The identifying a real-time state change includes quantifying incoming data associated with the status. An actionable response is triggered, based on the state change that was identified. The actionable response enables self-healing of a connected security orchestration, automation, and response (SOAR) application system. The status is processed, using the background synchronization service, to provide the actionable response.

Abstract: Systems and methods are provided for enhanced machine learning refinement and alert generation. An example method includes accessing datasets storing customer information reflecting transactions of customers. Individual risk scores are generated for the customers based on the customer information. Generating the risk score includes providing identified occurrences of scenario definitions and customer information as input to one or more machine learning models, the scenario definitions identifying occurrences of specific information reflected in the datasets, with the machine learning models assign respective risk scores to the customers. An interactive user interface is presented.

Abstract: Systems and methods for configuring industrial devices through a secured wireless side channel may include a compute device. The compute device may have primary communication circuitry configured to communicate through a network and side channel communication circuitry configured to communicate through a wireless side channel that is different from the network. The compute device may additionally include circuitry configured to obtain, via the wireless side channel, configuration data indicative of a configuration for one or more operations of an industrial device of an industrial process plant. Additionally the circuitry may be configured to configure, in response to obtaining the configuration data, the one or more operations of the industrial device.

Abstract: A user equipment (UE) is configured to perform a prewarming process, wherein the prewarming process includes concurrently performing a face detection process and an unlock process independent of face detection, determine whether a face detection operation indicates the presence of a face within a field of view of a camera of the UE and disable prewarming for a predetermined time period when the face detection operation is not satisfied.

Abstract: Systems and methods related to flush plus reload cache side-channel attack mitigation are described. An example method for mitigating a side-channel timing attack in a system including a processor having at least one cache is described. The method includes receiving a first instruction, where the first instruction, when executed by the processor, is configured to flush at least one cache line from the at least one cache associated with the processor. The method further includes, prior to execution of the first instruction by the processor, automatically mapping the first instruction to a second instruction such that the at least one cache line is not flushed from the at least one cache even in response to receiving the first instruction.

Abstract: A comparison means compares a first risk analysis result with a second risk analysis result. The first risk analysis result includes a first risk evaluation value. The second risk analysis result includes a second risk evaluation value. Based on the result of the comparison, a display means displays the first risk evaluation value in such a manner that a first risk evaluation value for which there is a second risk evaluation value, in the second risk analysis result, for an attack step of which an attack destination coincides with an asset included in the first risk analysis result and an attack method coincides with an attack method included in the first risk analysis result can be distinguished from a first risk evaluation value for which there is no such second risk evaluation value.

Abstract: Methods, apparatus, and software for efficient encryption in virtual private network (VPN) sessions. A VPN link and an auxiliary link (and associated sessions) are established between computing platforms to support end-to-end communication between respective application running on the platforms. The VPN link may employ a conventional VPN protocol such as TLS or IPsec, while the auxiliary link comprises a NULL encryption VPN tunnel. To transfer data, a determination is made to whether the data are encrypted or non-encrypted. Encrypted data are transferred over the auxiliary link to avoid re-encryption of the data. Non-encrypted are transferred over the VPN link. TLS and IPsec VPN agents may be used to assist in setting up the VPN and auxiliary sessions. The techniques avoid double encryption of VPN traffic, while ensuring that various types of traffic transferred between platforms is encrypted.

Abstract: An example system includes a processor to generate regular expressions representing textual pattern facets of sub-formats of a composite format, and a regular expression representing a composite textual pattern of the composite format based on sub-format and composition type. The processor can search the data using generated regular expression representing composite textual patterns to detect occurrences of candidate matches. The processor can recursively match and validate the detected occurrences with the composite format and hierarchically match and validate sub-formats in the detected occurrence. The processor can mask in place the detected occurrence of the composite format in the data using ranking-based integer format preserving masking.

Abstract: Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom.

Abstract: The disclosed computer-implemented method for enforcing strict network connectivity and storage access during online payments may include (i) determining that a webpage in a tab of a browser application executing on the computing device includes a payment page for an e-commerce website, (ii) based on determining that the webpage includes a payment page, providing formjacking attack protection by monitoring network connectivity and storage access by the browser tab, (iii) based on the formjacking attack protection, identifying a potentially malicious attempt to hijack information entered into at least one web form included in the payment page, and (iv) in response to identifying the potentially malicious attempt, preventing the potentially malicious attempt from hijacking the information entered into the at least one web form included in the payment page. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of securing operating instructions for a driver assistance system of a motor vehicle. The method including: a) implementing a distributed blockchain including a plurality of blocks, a copy of the blockchain being stored on each of a plurality of nodes. Wherein, each block includes a different version of the operating instructions, b) performing a verification routine including checking that the copies of the blockchain are identical. And, where a fault copy of the blockchain is not identical, flagging the fault copy as insecure. And preventing use of the fault copy, thus preventing installation of the operating instructions comprised in the blocks of the fault copy.