Abstract: In some aspects, a method for mediation of a screenshot capture by a client application based on policy includes identifying, by a client application on a client device, a policy for mediating one or more screenshots of content displayed via the client application. An embedded browser within the client application accesses a network application of one or more servers. The method further includes intercepting, by the client application, a request to capture a screenshot of at least a portion of the network application being displayed, determining, by the client application, one or more mediation actions to perform on the screenshot responsive to the policy, performing, by the client application, the one or more mediation actions on the screenshot, and providing, by the client responsive to the request, the screenshot resulting from the one or more mediation actions.

Abstract: A method for improving memory utilization of a Narrowband Internet of Things device (UE) is provided. The method includes: switching the modem to a provisioning mode and allocating a portion of the dedicated memory of the modem during provisioning of the iSIM on the modem chip of the UE; reusing, by the iSIM, the portion of the dedicated memory of the modem for processing provisioning data; securely cleaning up the allocated portion of the dedicated memory of the modem by a protection hardware block after leaving the provisioning mode; and allocating the portion of the dedicated memory of the modem shared with the iSIM back to the modem.

Abstract: Techniques for data lifecycle discovery and management are presented. Data lifecycle discovery platform (DLDP) can identify data of users, data type, and language of data stored in data stores (DSs) of entities based on scanning of data from databases. DLDP determines compliance of DLDP and DSs with obligations relating to data protection arising out of jurisdictional laws or agreements. DLDP generates rules to facilitate complying with and enforcing laws and agreements. DLDP can determine, and present to authorized users, risk scores relating to levels of compliance of the DLDP, associated platforms, or entities, risk indicator metrics, or a privacy health index of the organization associated with DLDP. DLDP can manage user rights regarding data, and access to data in DSs and information relating thereto stored in secure data store of DLDP. DLDP can remediate issues involving anomalies indicating non-compliance. DLDP can utilize machine learning to enhance various functions of DLDP.

Abstract: Centralized systems execute one or more applications for monitoring and operating a plurality of network enabled medical devices. An indication to start a selected application at the centralized system or at a network enabled medical device is received at the centralized system/network enabled medical device. The selected application may require a license to operate and, at the time the indication is received, may have a first license available. Instead of using the first license, the centralized system/network enabled medical device may determine to inherit at least a portion of a second license to operate the selected application. The centralized system/network enabled medical device may inherit at least the portion of the second license to form an inherited license, where the inherited license enables features of the selected application. Using the inherited license, the selected application is started with the enabled features. Related apparatus, systems, techniques and articles are also described.

Abstract: A system and method for generating a digital cybersecurity artifact includes selectively executing an automated cybersecurity investigation workflow based on a probable cybersecurity threat type of a cybersecurity event, wherein an output of the automated cybersecurity investigation workflow includes one or more corpora of investigation findings data in response to executing the automated cybersecurity investigation workflow; selectively instantiating a digital cybersecurity artifact of a plurality of digital cybersecurity artifacts based on the probable cybersecurity threat type of the cybersecurity event, wherein the digital cybersecurity artifact includes a plurality of distinct regions electronically mapped to one or more threat type-specific content automations that, when executed, install investigation findings data into the plurality of distinct regions of the plurality of distinct regions of the digital cybersecurity artifact with selective subsets of investigation findings data of the one or more cor

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). In accordance with an aspect of the present disclosure, a method of transmitting data in a device to device communication system is provided. The method includes determining whether a security feature is applied to one or more packet data convergence protocol (PDCP) data units, configuring the one or more PDCP data units based on the determined result, and transmitting the one or more PDCP data units to one or more receiving user equipments (UEs).

Abstract: A method for controlling an operation of a virtual machine on a cloud by a server is provided. The method includes: (a) receiving, from a terminal device of a user having only a usage authority for a specific virtual machine resource among a plurality of virtual machine resources, a request for allocating or deallocating at least some of the plurality of virtual machine resources to the terminal device; and (b) based on a control condition of the user for the at least some of the plurality of virtual machine resources being recognized, supporting to perform allocation or deallocation of the virtual machine resource by generating a process corresponding to the at least some of the plurality of virtual machine resources and loading the process on a memory or deleting the process from the memory according to the request.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating digital marks. One of the methods includes: obtaining entity information of an entity; transmitting the entity information to one or more nodes of a blockchain for storage in the blockchain; obtaining a transaction identification associated with storing the entity information in the blockchain; and generating a digital mark for the entity based at least on the transaction identification.

Abstract: Improved tools and techniques for generating stateful rules for behavior-based threat detection enable threat analysts, who do not have advanced computer programming skills, to quickly and easily generate high-level representations of stateful behavioral rules, which are then compiled into a format suitable for execution by a stateful rule processing engine. In some examples, the high-level representations of stateful rules are coded in a high-level, domain specific language (DSL). The DSL may provide high-level primitives suitable for (1) expressing sequences of attack behaviors, (2) tagging computational entities (e.g., threads, processes, applications, systems, users, etc.) with states (e.g., user-defined states), and/or (3) performing operations on endpoint nodes (e.g., reporting activity, blocking activity, terminating processes, etc.).

Abstract: Techniques for generating actionable indicators of compromise (IOCs) are disclosed. A set of potential sources for IOCs are received. One or more candidate IOCs are extracted from at least one source included in the set of potential sources. An actionable IOC is automatically identified from the one or more candidate IOCs. The actionable IOC is provided to a security enforcement service.

Abstract: A document is received. The document is analyzed to discover text and structures of content included in the document. A result of the analysis is used to determine intermediate text representations of segments of the content included in the document, wherein at least one of the intermediate text representations includes an added text encoding the discovered structure of the corresponding content segment within a structural layout of the document. The intermediate text representations are used as an input to a machine learning model to extract information of interest in the document. One or more structured records of the extracted information of interest are created.

Abstract: According to one embodiment, a method performed by a first communication device for generating a symmetric session key for encrypted communication with a second communication device is described comprising generating a blinding value for each of a first and a second private key component, generating a blinded public key from the first private key component, the second private key component, and the blinding values using a public key generation function, transmitting the blinded public key to the second communication device for encryption of a shared secret, receiving the shared secret, generating a session key for encrypted communication with the second communication device from the shared secret, encrypting, using the session key, an information from which the blinding values are derivable and transmitting the encrypted information to the second communication device.

Abstract: This disclosure provides systems, methods and apparatuses for classifying traffic flow using a plurality of learning machines arranged in multiple hierarchical levels. A first learning machine may classify a first portion of the input stream as malicious based on a match with first classification rules, and a second learning machine may classify at least part of the first portion of the input stream as malicious based on a match with second classification rules. The at least part of the first portion of the input stream may be classified as malicious based on the matches in the first and second learning machines.

Abstract: Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to the first incident or the first type a recommended sequence of actions is generated based on the machine-learning model for use by an analyst in connection with responding to the second incident. In response to rejection of the recommended sequence by the analyst, revising the recommended sequence based on input provided by the analyst and storing the revised recommendation sequence in a form of a revised playbook for response to subsequent incidents that are similar to the second incident.

Abstract: One embodiment is a first computing system configured to control a second computing system, a software module configured to attempt to interact with the second computing system once the second computing system is brought to a first state by the first computing system, and an admittance mechanism configured to determine if the interaction is allowed to occur.

Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with an authorized code to determine that the code is authorized, the information being stored within the security device. In response to determining that the code is authorized, the security device enables to access data stored within the security device and generate a property of a message based on the data.

Abstract: A system and computerized method for generating an improved cyber-security rule ordering for cyber-security threat detection or post-processing activities conducted by a rules-based cyber-security engine deployed within a network device is described. Herein, historical metadata associated with analytics conducted on incoming data by a rule-based cyber-security engine and in accordance with a plurality of rules is described. These rules are arranged in a first ordered rule sequence. The historical metadata is analyzed to determine one or more salient rules from the plurality of rules. The plurality of rules are reprioritized by at least rearranging an order to a second ordered rule sequence with the one or more salient rules being positioned toward a start of the second ordered rule sequence. Thereafter, the rule-based cyber-security engine operates in accordance with the reprioritized rule set that is arranged in the second ordered rule sequence to achieve improved performance.

Abstract: Systems and methods for user training. The systems and methods involve deploying at least one static file on a computing resource controlled by an operator, transmitting a URL to a target user, receiving a request for the URL from the target user, transmitting the at least one static file to the target user for execution in a web browser of the user, and receiving data regarding the execution of the at least one static file.

Abstract: An abnormal traffic analysis apparatus includes receiving means for receiving traffic from a device via any of a plurality of communication paths in which different communication methods are used, multiple communication management means for identifying a communication path through which the traffic is transmitted, analysis method determination means for determining an analysis algorithm for detecting abnormality of the traffic according to the communication path identified by the multiple communication management means, analysis means for analyzing whether or not the traffic is abnormal traffic by using the analysis algorithm determined by the analysis method determination means, and analysis result recording means for recording a result of analysis performed by the analysis means.