Abstract: Embodiments protect computer applications from code injection attacks. An example embodiment includes a runtime memory protection (RMP) user endpoint agent and an RMP kernel driver component. The RMP user endpoint agent receives, from the RMP kernel driver component, representations of events occurring with respect to memory locations associated with a computer application and processes the received representations to determine if a given event includes at least one of a memory permissions change request, a memory write request, and a thread create request. If the given event is determined to include at least one of a memory permissions change request, a memory write request, and a thread create request, the RMP user endpoint agent declares a code injection attack and sends an alarm indication to the RMP kernel driver component. In response to receiving the alarm indication, the RMP kernel driver component implements a protection action.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the unmanaged profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: One embodiment of the described invention is directed to a computerized method for improving detection of cybersecurity threats initiated by a script. Herein, the method is configured to analyze the script provided as part of a script object by at least (i) determining whether any functional code blocks forming the script include a critical code statement, (ii) determining whether any of the functional code blocks include an evasive code statement, (iii) modifying the script to control processing of a subset of the functional code blocks by avoiding an execution code path including the evasive code statement and processing functional code blocks forming a code path including the critical code statement, and (iv) executing of the modified script and monitoring behaviors of a virtual environment. Thereafter, the method is configured to determine whether the script including cybersecurity threats based on the monitored behaviors.

Abstract: A computer-implemented method includes receiving training data that includes a plurality of API requests from a plurality of client devices. The method includes generating a plurality of permissible API sessions based on the training data. Each of the permissible API sessions is associated with a corresponding client device of the plurality of client devices and includes a sequence of API requests originating from the corresponding client device. The method includes applying a sequence embedding technique to the plurality of permissible API sessions to generate a plurality of embeddings and applying a dimensionality reduction technique to the plurality of embedding to generate a plurality of compact embeddings. The method includes storing each of the compact embeddings in a space partitioning data structure at storage locations within the space partitioning data structure that are determined based on similarities between the compact embeddings.

Abstract: Malware can be automatically detected and countermeasures automatically generated. A virtual machine (VM) is run with an operating system configured with a monitoring subsystem. The monitoring subsystem is configured to generate event data based on events occurring on the virtual machine. The monitoring subsystem can run within the operating system kernel. Kernel drivers can register to receive specific events. The events are therefore sent to the drivers, which can send them to a classifier. The classifier can detect malware based on the events. When a sample is run on the VM, the classifier can detect malware in the sample. While running the sample, event data is collected. A countermeasure compiler can generate a countermeasure to the malware, the countermeasure based on the event data.

Abstract: Disclosed herein are methods, systems, and processes to detect rogue wireless access points and determine their approximate location in a geospatial location. Wireless access point data collected from wireless access points by fixed sensor nodes and agent-based sensor nodes in a geospatial location is received. A wireless site survey is performed at the geospatial location based on the wireless access point data. Based on the wireless site survey, an approximate location of a rogue wireless access point at the geospatial location is determined.

Abstract: This application provides a network access control method. Before a second device accesses a target to-be-accessed device in an internal network, authentication is first performed on the second device by using a local domain name carried in a domain name request packet. Only when the local domain name is authenticated, an IP address of the second device and an IP address of the target device to be accessed by the second device are recorded in forwarding information. Therefore, when a data request packet is received, it may be determined, based on a source IP address, a destination IP address, and the forwarding information that are carried in the data request packet, whether to forward the data request packet.

Abstract: The present disclosure generally relates to systems and methods that provide a network environment that enables reassignment platforms to provide authentic access rights for reassignment to user devices. More specifically, the present disclosure relates to systems and methods in which a reassignment platform can execute a protocol implemented using code (e.g., an Application Programming Interface (API)) to validate the authenticity of access rights made available for reassignment, and once reassigned, reissue the access rights to a new user and transmit those access rights to user devices natively in a mobile application.

Abstract: Disclosed is an electronic device configured to perform a secure boot. The electronic device according to an embodiment disclosed herein may include: a first memory area for storing a firmware signed with a private key; a second memory area for storing a boot loader configured to verify integrity of the firmware and executing the firmware of which integrity has been verified; and a third memory area for storing a first public key paired with the private key, wherein the second memory area may store a second public key paired with the private key. The boot loader may verify the integrity of the firmware with the first public key when there is the first public key in the third memory area and verify the integrity of the firmware with the second public key when there is no first public key is in the third memory area.

Abstract: An approach for monitoring a data transmission system that uses a data transmission means such as a vehicle bus or a vehicle network of a motor vehicle. This system includes a monitoring device that transmits a request message to a transmitting device and to a receiving device. The transmitting device generates a particular transmitter response on the basis of the request message, where the transmitter response is transmitted to the monitoring device. The receiving device generates a particular receiver response on the basis of the request message, where the receiver response is transmitted to the monitoring device. The monitoring device receives the transmitter response and the receiver response and checks compliance with a trigger condition which depends on the transmitter response and the receiver response, the compliance of which indicates an event relevant to monitoring.

Abstract: An ROP attack protection apparatus constituted of: a first region of memory having stored therein a protection function, the first region of memory set as executable; and a second region of memory having stored thereon a plurality of operation functions, the second region of memory set as non-executable, wherein the protection function is arranged to: responsive to a call to one of the plurality of operation functions and further responsive to at least one predetermined rule, allow execution of the called operation function; and after receiving a return from the executed operation function, set the executed operation function as non-executable.

Abstract: A method of communicating using a wireless gateway. The method comprises receiving a first message in a first radio spectrum band by a first radio transceiver of a wireless gateway, determining by a first processor of the wireless gateway that the first message is a trusted message transmitted by a first source device, transmitting the first message by the first radio transceiver in the first radio spectrum, receiving a second message in a second radio spectrum band by a second radio transceiver of the wireless gateway, determining by the first processor that the second message is a trusted message transmitted by a second source device, and transmitting a third message by the second radio transceiver in the second radio spectrum band to the second source device, wherein the third message directs the second source device to transmit the second message to the wireless gateway in the first radio spectrum band.

Abstract: Exemplary embodiments relate to techniques for transmitting ephemeral content messages. A sending client may establish an end-to-end encrypted session with possible recipients of the message, using a first decryption key during initial session setup. The client may send an ephemeral content message, including encrypted content and a second key, to the recipients through a server. The server may be unable to retrieve the encrypted content due to a lack of the second key. The server may filter a list of intended recipients, and may forward the ephemeral content message to the recipients on the filtered list. The recipients may retrieve the second key from the message, and use the first and second keys to decrypt the encrypted content. The sending client may change the second key each time the recipient list changes from the perspective of the sending client, as determined at the time the ephemeral content message is transmitted.

Abstract: Aspects of the disclosure relate to providing secure shortened URLs in character-limited messages. A computing platform may receive one or more character-limited messages sent to a user device. The computing platform may detect a URL within the one or more character-limited messages for replacement and generate a shortened URL corresponding to the detected URL, wherein a domain of the shortened URL is hosted by the message security system. The computing platform may then modify the one or more character-limited messages by replacing the URL with the shortened URL, and then cause transmission of the modified one or more character-limited messages to the user device. Next, the computing platform may receive, from the user device, a request to access the shortened URL, and redirect the user device to the detected URL corresponding to the shortened URL.

Abstract: A memory device includes an address generator which generates a first physical address and a second physical address different from the first physical address. A first nonvolatile memory includes the first physical address, and a second nonvolatile memory includes the second physical address. An attack detecting circuit detects whether the first and second nonvolatile memories are attacked. The attack detecting circuit receives first data from the first nonvolatile memory and receives second data from the second nonvolatile memory, compares the first data and the second data with each other, and determines whether the first and second nonvolatile memories are attacked on the basis of a comparison result of the first data and the second data.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: Systems and methods are described herein for providing a telecommunications network, such as a wireless network, LTE (Long Term Evolution) network, and so on, with blockchain nodes, agents, or sub-nodes. The blockchain nodes enable network components to access and maintain a blockchain for the network, such as a distributed ledger that tracks actions, activities, or other transaction associated with the telecommunications network.

Abstract: A method for creating a secure channel for updating a digital currency hardware wallet application: upon receiving a security operation execution instruction, obtaining a public key and a certificate number of a host computer from within the security operation execution instruction, obtaining a corresponding certificate of the host computer according to the certificate number, and verifying the certificate of the host computer using the public key of the host computer; when receiving a verification instruction, obtaining the public key of the host computer according to a key version number and a key ID in the verification instruction, generating a receipt according to a temporary public key of the host computer, the public key of the host computer and a generated session key which are in the verification instruction, and sending the receipt to the upper computer; upon receiving the application update instruction, using the session key to decrypt application data ciphertext in the application update instructio

Abstract: Provided in the present disclosure are an electronic device and a control method therefor. An electronic device of the present disclosure comprises a memory in which a kernel and at least one application are stored, and a processor, which generates a first rule for determining a time at which the application calls a system in order to execute a process, determines, on the basis of the first rule, whether the application corresponds to an application for which security is verified, and generates a second rule for skipping an audit on the basis of a plurality of pre-defined rules, if the application corresponds to the application for which security is verified.

Abstract: Systems, computer-readable media, and methods for improving data privacy/anonymity and data value, wherein data related to a data subject can be used and stored, while minimizing re-identification risk by unauthorized parties and enabling data related to the data subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time period, place, and/or other criterion via the obfuscation of specific data values. The techniques described herein maintain this level of privacy/anonymity, while still empowering Data Subjects, e.g., consumers or customers of such authorized parties, by enabling them to request or specify their desired level of engagement with various business entities. Data Subjects may then receive privacy-respectful, trusted communication, e.g.