Abstract: The technology disclosed prevents phishing attacks where a malicious attacker creates a malicious file in a cloud-based store and shares it with endpoint users. A user, opening the shared document, is redirected to a malicious website where a corporation's critical data may be compromised. The cloud-based method applies a set of rules and policies to allow the shared document or block the shared document from the network, based on identifying the ownership or originator of the shared document. Documents from blacklisted websites are blocked. Documents from trusted sources are allowed access to the network. Unknown documents are blocked and threat-scanned to determine if they contain malicious content. If analysis proves a blocked document to be safe, it may be released into the network along with subsequent documents having the same ownership or originator.

Abstract: An information collection device including a processor and a communication unit that communicates with a control device installed at a vehicle. The processor is configured to send a message in a specific way to the control device that is in a test mode, receive from the control device a determination result about a state of the control device which has been determined based on the message sent in the specific way, send another message in a usual way to the control device in a case in which the determination result indicates that the state of the control device is normal, and receive, from the control device, anomaly information relating to communication in the control device, in response to the other message sent in the usual way.

Abstract: A software agent executing on a computing device receives a request from a client to provide data associated with neighboring devices to the computing device. The client includes a scan engine to perform a network scan of a network that includes the computing device. The software agent accesses device data in a cache of an operating system command, determines, based on the device data, an identifier associated with each device that is neighboring the computing device, converts the device data into a standardized format to create neighboring device data, and sends the neighboring device data to the client.

Abstract: Methods, systems, articles of manufacture and apparatus to privatize consumer data are disclosed. A disclosed example apparatus includes a consumer data acquirer to collect original data corresponding to (a) confidential information associated with consumers and (b) behavior information associated with the consumers, and a data obfuscator. The data obfuscator is to determine a degree to which the original data is to be obfuscated and a type of obfuscation to be applied to the original data based on the original data, generate obfuscation adjustments of the original data based on the degree and the type, and generate an obfuscation model based on the obfuscation adjustments.

Abstract: A method of operating a network node of a communication network includes establishing a PDU session with a UE, configuring a first UP security policy for the PDU session that applies to radio bearers set up between the UE and a first RAN, and configuring a second UP security policy for the PDU session that applies to radio bearers set up between the UE and a second RAN. A method of operating a UE includes establishing a PDU session with a UPF in a core network, via a first RAN, configuring a first UP security policy for the PDU session that applies to radio bearers set up between the UE and the first RAN, and configuring a second UP security policy for the PDU session that applies to radio bearers set up between the UE and a second RAN. Related network nodes and UEs are disclosed.

Abstract: A server interacts with a bot detection service to provide bot detection as a requesting client interacts with the server. In an asynchronous mode, the server injects into a page a data collection script configured to record interactions at the requesting client, to collect sensor data about the interactions, and to send the collected sensor data to the server. After the client receives the page, the sensor data is collected and forwarded to the server through a series of posts. The server forwards the posts to the detection service. During this data collection, the server also may receive a request from the client for a protected endpoint. When this occurs, and in a synchronous mode, the server issues a query to the detection service to obtain a threat score based in part on the collected sensor data that has been received and forwarded by the server. Based on the threat score returned, the server then determines whether the request for the endpoint should be forwarded onward for handling.

Abstract: A contextual authentication method includes receiving a request to launch a web service and causing the web service to be launched on a remote browser. When a security event is detected, a security key obtained, based on a context of a client computing system, from a near-field communication (NFC) device connected to a mobile device. The security key is requested and received from the NFC device via the mobile device. The security key is delivered to the web service via the remote browser.

Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

Abstract: Various embodiments include systems and methods to implement network scanner timeouts based at least in part on historical network conditions. The implementing comprises initiating, using one or more network scanners and according to a first set of timeout parameters, a first security assessment of one or more scan targets in a network, wherein the first set of timeout parameters comprises a first initial round trip time (RTT)-timeout parameter value to which a dynamic RTT-timeout value is initially set. The implementing comprises determining a first set of RTT statistics for the first security assessment. The implementing comprises determining, based at least in part on the first set of RTT statistics, a second set of timeout parameters for a second security assessment of the one or more scan targets. The implementing comprises initiating, according to the second set of timeout parameters, the second security assessment of the one or more scan targets.

Abstract: Dynamic encryption and decryption method among lock control system modules comprise the following steps: step 1. filling hardware ID data, an unlocking communication protocol and a mask variable into an array according to a predefined variable space, and encrypting the array based on the mask variable to obtain an encrypted array; step 2. decrypting the encrypted array based on the mask variable to obtain a decrypted array, executing data division on the decrypted array according to the predefined variable space, matching the divided data with data recorded in advance one by one, and if the divided data are consistent with the data recorded in advance, executing related operations according to the decrypted unlocking communication protocol content; otherwise, executing no operation.

Abstract: A method for protection from cyber attacks in a communication network of a vehicle comprising: the steps of building sets of dominant voltage measurements for each message identifier associated to a message that is passing; extracting statistical features; supplying the statistical features for each message identifier that are available at each instant at input to a neural network of a pattern-recognition type; carrying out an operation of classification, or pattern recognition, supplying a prediction of a membership class corresponding to a given node on the basis of the statistical features supplied at input; evaluating whether the prediction supplied by the neural network corresponds to a given node that allows as admissible message identifier the message identifier at input and, if it does not, signalling an anomaly for the message identifier; and evaluating whether a number of anomalies signalled for said message identifier exceeds a given threshold.

Abstract: A method for the initial setup of a machine data communication network including a network unit provided with a first hardware component having a digital identity. For the digital identity, a signature of the network unit is generated based on a first private key for a communication partner in the machine data communication network. The first private key is stored in a first hardware security module of the first hardware component, and a first public key corresponding to the first private key and the signature is disclosed to the communication partner in order to verify the identity of the network unit. A separate identification device is arranged in the network unit, and the first public key is transferred from the first hardware security module to the identification device. The first public key of the identification device is saved in the identification device by an intelligent contract and is transmitted by distributed ledger technology to the communication partner.

Abstract: Various aspects related to methods, systems, and computer readable media for automatic fuzz testing. An example method of automatic software fuzz testing can include, receiving a description of a target software application, determining, based on the description, a type of fuzzing, identifying one or more fuzzers based on the type of fuzzing, executing the one or more fuzzers on the target software application, extracting prioritized results of the executing of the one or more fuzzers, and, presenting the prioritized results.

Abstract: Technology described herein can globally perform management of security tokens of plural nodes of a multi-node system. In an embodiment, a system can comprise an interconnected group of server nodes, and an administrator node communicatively connected to the interconnected group of server nodes and comprising a processor, and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations. The operations can comprise selecting a server node of the interconnected group of server nodes as a leader server node, resulting in a selection of the leader server node, in response, receiving, by the administrator node from the leader server node, a request for a new security token, and sending, to the leader server node, the new security token, and broadcasting, by the leader server node across a link layer discovery (LLDP) network, the new security token to additional nodes of the interconnected group of nodes.

Abstract: A method for detecting unauthorized and/or malicious hands-on-keyboard activity in an information handling system derived from the telemetry from one or more client systems, tokenizing a plurality of partial values/idiosyncrasies detected in the telemetry to form a plurality of tokens, aggregating the plurality of tokens or features over a selected time window to at least partially develop an aggregate feature vector, submitting the aggregate feature vector to one or more machine learning subsystems, and applying an ensemble model to one or more outputs from the one or more machine learning subsystems to generate an overall behavioral threat score of the potentially malicious hands-on-keyboard activity.

Abstract: Methods and systems for secure, encrypted and distributed ownership and usage of big data are provided. According to one example, a server maintains a local key management data store, a data blockchain copy, an audit blockchain copy, and a metadata blockchain copy. A data operation from a user electronic device is received. The server verifies that the user electronic device has access against the local key management data store, runs the data operation and records metadata about the data operation, and writes data blocks to the data blockchain copy, the audit blockchain copy, and the metadata blockchain copy. The server broadcasts the updated blockchain copies to the peer-to-peer network for replication.

Abstract: A method comprises extracting, by an authentication application of an identity and access management system, an Internet Protocol address of a carrier hotspot device from a data packet received from an access device, wherein the access device is connected to the carrier network using the carrier hotspot device, wherein the Internet Protocol address is assigned to the carrier hotspot device when the carrier hotspot device attaches to the carrier network, transmitting, by the authentication application to an identification application in a core network of the carrier network, the Internet Protocol address of the carrier hotspot device, and receiving, by the authentication application from the identification application, an identifier of the carrier hotspot device associated with the Internet Protocol address.

Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A warning apparatus (2000) acquires first detected event information (10) representing, at a first abstraction level, an event set being a set of events having occurred in a target system. The warning apparatus (2000) generates second detected event information (20) from the first detected event information (10). The second detected event information (20) represents, at a second abstraction level, the event set represented by the first detected event information (10). The warning apparatus (2000) determines, from among a plurality of pieces of threat information (30) each representing a threat activity, the threat information (30) having a high degree of relevance to at least either of the first detected event information (10) and the second detected event information (20).