Abstract: A system for computer security of a remote device having a processor includes a way to determine an operating mode of the remote device and a way to validate a resource (e.g., program, script, web address). When an attempt is made to access a resource, the operating mode of the remote device is determined and when the operating mode of the remote device is a corporate operating mode, then the resource is evaluated using a corporate protection file. Otherwise, when the operating mode of the remote device is determined to be a personal operating mode, then the resource is evaluated using a personal protection file. When the resource validation determines that the resource is approved, access to the resource is provided; otherwise, access to the resource is prevented.

Abstract: A system for managing web traffic comprising a meta control operating on a first processor having a first control interface and configured to generate a request for content and to transmit the request for content over a digital data network to a meta control server. The meta control server operating on a second processor and configured to receive the request for content and to select data for one or more second control interfaces as a function of data associated with the first control interface and to transmit the data for the one or more second control interfaces over the digital data network to the first control interface. The first control interface displays the data for the one or more second control interfaces and monitors user activity associated with the data.

Abstract: Disclosed are techniques for associating users of a network infrastructure to network or endpoint events within the network infrastructure. A method can include receiving, by a network security system that monitors and protects the network infrastructure, a packet for a network event, the packet including (i) information identifying a user device from which the network event originates and (ii) a payload, determining whether the packet triggers at least one association rule in a group of association rules, determining candidate users to be associated with the network event based on the rule triggered by the packet, determining confidence values for the candidate users to be associated with the network event based on the rule triggered by the packet, and returning the candidate users to associate with the network event and the corresponding confidence values.

Abstract: An apparatus and method for providing access to reliable boot firmware. In various implementations, a computing system includes an integrated circuit with a security processor. Prior to performing any steps of a bootup operation using one of multiple copies of boot firmware, the security processor determines whether multiple signatures exist where the signatures are based on the multiple copies of boot firmware. Each of the multiple copies of boot firmware is a copy of a particular version of boot firmware. If the multiple signatures do not yet exist, then the security processor generates the signatures using the multiple copies of boot firmware. During a bootup operation, when the security processor determines that the multiple signatures already exist, the security processor uses these signatures to validate one or more of the multiple copies of boot firmware. The security processor continues with the bootup operation using the validated copy of boot firmware.

Abstract: A communal media system includes a synchronization system to retrieve the multimedia content for delivery to participating user devices and receive a request from a user device for multimedia content being displayed on participating user devices. The multimedia content being displayed on a first participating device is different from the multimedia content being displayed on a second participating device. The synchronization system receives social media content generated by user devices, adjusts simultaneous deliveries of the multimedia content being displayed on the first and second participating user devices and the social media content to the user devices, and transmits, to user devices in the communal session, multiple screens including the multimedia content being displayed on the first and second participating user devices at the same time. A display system causes the user devices in the communal session to simultaneously display multiple screens at the same time.

Abstract: A system and method for diagnosing connection and communication in an industrial machine. The electronic processing system includes a CAN bus, an ethernet network, and a plurality of devices connected to the CAN bus and the ethernet network. The plurality of devices includes at least one controller programmed to run one or more software applications. A connectivity check is performed to obtain CAN connection status data and ethernet connection status data for the plurality of devices. The CAN connection status data and the ethernet connection status data is analyzed to determine a likely cause of a device connection issue. A solution to the device connection issue is output to a user based on the analyzed data.

Abstract: A method for providing an enterprise distribution platform to facilitate software distribution over a public computer network is disclosed. The method includes receiving, via a network interface, a request from the public computer network, the request relating to a solicitation for a software package; determining, by using a network security system, whether the request is forwarded from the public computer network to a private computer network based on a predetermined security rule; authenticating, via a web proxy, the request based on a result of the determining; identifying, based on a result of the authentication, the software package corresponding to the request; retrieving, from a memory, the identified software package; and transmitting, via the network interface, the retrieved software package in response to the request.

Abstract: Systems and processes for managing authorizations for multiple vendors at an enterprise service are provided. Responsive to a request to onboard an authorization for access to data resources of a targeted vendor, a central management server may receive, from an authorization server for the targeted vendor, authorization information. The authorization information may be received indirectly, via a security token service. An authorization reference object may be generated to store the authorization information, and the authorization reference object may be stored in a database. Subsequent requests for access to the data resources of the targeted vendor may be serviced using the authorization reference object stored in the database.

Abstract: This document relates to a process for supporting the management of a variety of types of deployed devices. Administrators utilizing enterprise services can provide generic configuration data using configuration templates, which can be provided to a management server. The management server can then precompute device-specific configuration settings and resolve any conflicts that may arise based on the configuration templates. The configuration templates can also include placeholders for secret values, and once a managed device checks in to the management server, the secret values can be retrieved from an applicable enterprise service and provided to the managed device at the time of applying the configuration template.

Abstract: An information security testing method and an information security testing system of an open radio access network (O-RAN) base station are provided. The information security testing method includes at least the following steps: configuring a processing device to execute a radio resource control (RRC) signaling integrity test process to determine whether or not an RRC signaling sent by a central unit (CU) is integrity protected; and in response to determining that the RRC signaling sent by the CU is integrity protected, configuring the processing device to execute an RRC signaling security test process.

Abstract: Method, systems, and devices for transparent relocatable application instance deployment are described. A method performed by a Wireless Transmit/Receive Unit may comprise transmitting, to a Multi-access Edge Computing (MEC) system, a first message including a request to deploy the relocatable application instance at a target. The method may comprise receiving a second message including an indication to establish communication with the application instance and a Transparent Instance Relocation Session Identifier (TIRSI) and establishing, based on the second message, communication with the relocatable application instance at the target. The method may comprise transmitting a third message including a request for relocation of the application instance to another target.

Abstract: An online collaboration recording system for recording an online collaboration session, includes a computing arrangement in communication with a plurality of devices, wherein each device is accessible by a user during the online collaborating session, wherein in operation the computing arrangement executes instructions to synchronize a digital project in the online collaborating session amongst the plurality of devices, by: establishing, via communication module, the online collaboration session for performing collaborative work on digital project, the digital project comprising at least one object; receiving, via the communication module or an input interface, a first user input and based thereon modifying one or more properties of at least one object to form at least one modified object; recording temporally, via a recorder, at least one state of at least one modified object to compile a temporal record; and synchronizing, via the communication module, temporal record amongst the plurality of devices.

Abstract: A system for verifying delivery of a graphical object to a device receives a session initiation protocol (SIP) request including a rich call data (RCD) extension with a URL to a graphical object stored at a content delivery network (CDN). The graphical object indicates the originating source of the SIP request and is to be presented on a display of the device upon receiving the SIP request. The system modifies the URL to include a unique identifier and sends the SIP request message with the modified URL to the device. The system receives a delivery confirmation message including a copy of the unique identifier from the CDN indicating that the graphical object was delivered to the device. The system verifies delivery of the graphical object to the device based on the copy of the unique identifier in the delivery confirmation message.

Abstract: A system may include a communication device that may enable a user to complete a digital form via a first communication session. The system may include a processor that may determine that the user has not completed the digital form, determine one or more issues associated with the user not completing the digital form based on a progress point associated with the digital form, determine a communication channel to use to follow up with the user regarding the digital form based on a data profile associated with the user, the one or more issues, or both, and establish a second communication session with the user via the communication channel to present the digital form at the progress point, such that the user can continue to complete the digital form using the second communication session.

Abstract: A method is provided for rate limiting in a network. The method comprises receiving a traffic flow from the network. In a supervised learning phase, and determining if the traffic flow matches a pretrained network flow model. If so, the method comprises designating the traffic flow as a classified traffic flow according to the pretrained network flow model. The method further comprises advancing to a grouping phase, conditioned upon the traffic flow not matching pretrained network flow models. In the unsupervised learning phase, the method comprises designating the traffic flow as a classified traffic flow. In the grouping phase that follows the supervised learning phase and the unsupervised learning phase, the method comprises using side information about the traffic flows to assign related traffic flows into traffic flow groups, identifying a particular traffic flow group from the traffic flow groups as being an offending traffic flow group.

Abstract: Arrangements for comprehensive threat mitigation are provided. In some aspects, an indication of threat or potential threat may be received from an external entity. In some examples, the threat may include a cybersecurity threat. In response to receiving the indication of threat, identifying data associated with the external entity may be extracted from the indication and used to retrieve pre-stored customizations associated with the desired mitigating actions of the external entity. The one or more mitigating actions may be identified and instructions to execute the one or more mitigating actions may be generated and transmitted to one or more computing devices for execution.

Abstract: An electronic device may include a communication module, a memory, and a processor operatively connected to the communication module and the memory, wherein the processor is configured to: transmit device information of the electronic device to an external server using the communication module; receive, from the external server, first recommendation information including a list of at least one external device which can be connected to the electronic device through edge computing; request transmission of operation state information from the at least one external device included in the first recommendation information; acquire the operation state information of the at least one external device; and, based on the operation state information of the at least one external device, acquire second recommendation information including a list of at least one external device to be connected through edge computing.

Abstract: A communication network for a vehicle includes a control device, a network switch and at least one sensor. The control device transmits at least one service provision message for configuring a sensor to a control interface of the network switch. The network switch outputs the service provision message at a sensor interface of the network switch that is associated with the service provision message. The sensor transmits at least one service search query to the sensor interface of the network switch, receives the service provision message from the sensor interface, and teaches a configuration by using the service provision message.

Abstract: A vulnerability management method acquires, during an OS runtime of an information handling system, vulnerability information indicating potentially vulnerable resources of the system. Disclosed methods calculate a vulnerability determination code (VDC) based on the vulnerability information. The VDC may indicate a scan zone that includes one or more scan zone components. Each component may correspond to a region of a potentially vulnerable resource. After a system reset, disclosed methods may perform a vulnerability aware (VA) boot sequence. The VA boot sequence may include, prior to booting a runtime operating system, determining, in accordance with the vulnerability information, whether to perform a comprehensive vulnerability detection (CVD) boot. A CVD boot refers to a boot sequence configured to boot a distinct operating system dedicated to performing a targeted vulnerability assessment that includes scanning the scan zone components indicated by the VDC.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.