Abstract: A method for phishing detection using uniform resource locators is discussed. The method includes accessing data from one or more of a monitored portion of website data and a monitored portion of emails, the data indicating a suspect Uniform Resource Locator (URL). The method includes assigning a rule score based on partial rule scores of each portion of the suspect URL, the rule score indicating a phishing potential based on URL rules. The method includes determining a uniqueness score of the suspect URL, the uniqueness score indicating a degree of uniqueness of the suspect URL from a plurality of known phishing URLs. The method also includes determining a URL phishing score based, at least in part, on the rules scores and the uniqueness score for the suspect URL.

Abstract: Systems and methods for federated privacy management are disclosed. In one embodiment, a method for federated privacy management may include: (1) receiving, at a user management node, and from a client application executing on an electronic device, a device identifier; (2) receiving, by the user management node, and from a second layer node in a multi-layer federated privacy management network, data comprising at least one of browsing data and application data from a web host or a server, wherein the data is in response to an internet protocol request from the client application via a first layer node and the second layer node to the web host or the server, and the data is associated with the device identifier; (3) receiving, at the user management node, a request for the data from the client application using the device identifier; and (4) communicating the data to the client application.

Abstract: Various embodiments of apparatuses and methods for malware infection detection for edge devices, such as IoT (“Internet of Things”) devices, are described. In some embodiments, a malware infection detection service receives data from a plurality of edge devices of a remote network. It can identify a variety of different detection mechanisms to detect whether an edge device is potentially infected with malware, and determine confidence levels for the different detection mechanisms. Using the detection mechanisms with the received data, it can determine one or more findings that an edge device is potentially infected with malware. It can then determine a confidence level for each finding. It can then determine an accumulated confidence, based on the confidence levels of the detection mechanisms and the findings. The malware infection detection service might then identify one or more of the edge devices as potentially being infected by malware based on the accumulated confidence.

Abstract: Apparatuses, systems, and methods for a wireless device to perform methods for improvements to security checks in a fifth generation (5G) New Radio (NR) network, including mechanisms to avoid redundant access stratum (AS) security checks. The wireless device may determine that an on-demand system information block (SIB) request is pending transmission and may buffer the on-demand SIB in response to determining that a connection establishment procedure will be initiated within a specified time period. The wireless device may then perform a unified security procedure for the on-demand SIB request and the connection establishment procedure, including confirming connection security. Further, in response to confirming connection security, the wireless device may use an on-demand SIB received from the network without confirming a corresponding on-demand SIB signature.

Abstract: Provided is a method for assigning a time-to-live (“TTL”) value for a domain name system (“DNS”) record at a recursive DNS server. The method comprises obtaining, from a client, the TTL value for the DNS record; and storing, in a memory of the recursive DNS server, the TLL value, an identifier of the client, and the DNS record.

Abstract: A server in a blockchain distribution network includes a processor and a transceiver operatively coupled to the processor. The transceiver is configured to receive bytes of a transaction from a first peer node. The transceiver is also configured to propagate the bytes of the transaction to one or more additional peer nodes and to one or more additional servers in the blockchain distribution network. The transceiver is also configured to receive bytes of a blockchain from a second peer node. The blockchain includes information regarding a plurality of transactions, and the plurality of transactions includes the transaction. The transceiver is further configured to propagate the bytes of the blockchain to the one or more additional peer nodes and to the one or more additional servers in the blockchain distribution network.

Abstract: An operating system with automatic login mechanism and an automatic login method are provided. The operating system includes a first electronic device, a second electronic device and a server device. The second electronic device includes a biometric sensor. When a login event of the first electronic is triggered, the first electronic device sends a login request to the second electronic device directly or via the server device, so that the second electronic device performs a biometric verification by the biometric sensor according to the login request. When the biometric verification is passed, the second electronic device sends a first login credential to the first electronic device directly or via the server device, so that the first electronic device performs an automatic login operation of the first electronic device according to the first login credential.

Abstract: Methods, devices, systems and computer program products enable monitoring and responding to cyber security attacks. One such system relates to a consortium of monitoring companies and an infrastructure including one or more central monitoring stations or local handling stations for a monitoring company are provided. A central monitoring station of a monitoring company detects a cyberattack that has been launched against a client computer system, and requests a local station to respond to the cyberattack via onsite visits or requests additional resources from other monitoring companies through the consortium system. The central monitoring station also sends to the consortium system updates on a cyberattack that is detected or mitigated by a central monitoring station or local handling station of the monitoring company. The monitoring consortium enables stronger capabilities than any individual monitoring company can offer by the combination and coordination of the efforts and resources of the members.

Abstract: A system for preventing attacks on at least one computer via its USB port, the system comprising at least one processor configured to monitor at least one aspect of a connection between a peripheral and a computer's USB port, to identify aspects which match pre-configured criteria and responsively, to take action.

Abstract: The disclosure herein describes a method and a system for providing data privacy based on customized cookie consent. The proposed customized cookie consent system enables user's data privacy by facilitating the user to customize a plurality of features for each individual cookie, wherein a cookie is customized for multiple features that includes a consent and expiry customization, a drill down at individual cookie, an online masking unmasking cookie data—an offline masking-unmasking cookie data, a consent lineage and a data subject rights for cookie data that further include data access, data portability, right to erasure based on machine learning techniques. Further the customized cookie consent system also provides recommendation for data privacy and obscured cookies using machine learning techniques.

Abstract: Embodiments validate the secure assembly and delivery of IHSs (Information Handling Systems) that are installed in a shared chassis, such as two 1RU (rack unit) servers installed in a shared 2RU chassis. An inventory certificate is retrieved that was uploaded to a first IHS of the IHSs installed in the shared chassis during factory provisioning of the first IHS. The inventory certificate specifies factory installed hardware components installed in each of the IHSs of the shared chassis. A validation process of the first IHS collects an inventory of hardware components detected by each of the IHSs of the shared chassis. The validation process compares the collected inventory of detected hardware components of the IHSs against the factory installed hardware components specified in the inventory certificate in order to validate the detected hardware components as the same hardware components installed during factory assembly of each of the IHSs.

Abstract: Systems and methods for enhanced hash transforms are disclosed. In particular embodiments, biometric data is concatenated with non-biometric data for generating a fixed-sized vector, and furthermore performing various permutations and projections on the vector. The resulting vector may be stored in a registry, and a corresponding key may be generated and provided to the user associated with the biometric data. The hash transformation may be a lossy process, such that the resulting hash includes less bytes than the initial biometric data, and a hash reversal fails to generate an exact copy of the original biometric data.

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes enabling, by a secure interface control of a computer system, a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear. The secure interface control can verify that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page. The secure interface control can provide a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page.

Abstract: Methods, systems, and apparatuses for secure communications in a communications system through a secure database (SDB) using random numbers including, one-time use random number cipher keys.

Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

Abstract: A computer-implemented method (100) and system (1) for determining a metadata M for securing a controlled digital resource such as computer software using a distributed hash table (13) and a peer-to-peer distributed ledger (14). This is a blockchain such as the Bitcoin blockchain. The method includes determining (110) a data associated with the computer software and determining (120) a first hash value based on the computer software. A second hash value based on the data and the computer software may be determined (130). The method further includes sending 140, over a communications network (5), the data, the first hash value and the second hash value to an entry for storage in a distributed hash table (13). The second hash value may be a key of a key-value pair. The data and the first hash value may be a value in the key-value pair. A metadata (M) that is based on the second hash value may be determined (150) for storage on the peer-to-peer distributed ledger (14).

Abstract: A method of operating a privacy management system for managing personal data includes receiving a first input indicative of a first user activity in accessing personal data stored within a memory element. The method also includes creating an activity model based on the first input. The activity model is indicative of typical activity in accessing personal data stored in the memory element. The method further includes receiving a second input indicative of a second user activity in accessing personal data stored within the memory element. Also, the method includes recognizing, according to the activity model, the second user activity as being anomalous to the typical activity in accessing personal data stored in the memory element. Moreover, the method includes generating, as a result of recognizing the second user activity as being anomalous, a command that causes at least one of the client devices to perform an anomaly corrective action.

Abstract: Techniques for managing customer license agreements are described. In one embodiment, a user-specified resource metric of a license model and a user-specified limit of the user-specified resource metric are obtained. A request for permission to launch a new compute resource at a computing device of the provider network is obtained from a service within a provider network. The new compute resource having a property that is an amount of the user-specified metric. A determination is made that a launch of the new compute resource would cause the user-specified limit to be exceeded, and the request the request to launch the new compute resource is denied.

Abstract: Embodiments of a data transmission network device and methods of operating the same are disclosed. In one embodiment, the data transmission network device includes an encryption module and an RF transceiver. The encryption module is configured to receive data and encrypt the data so as to generate first encrypted data. The encryption module then encrypts the first encrypted data so as to generate second encrypted data. The RF transceiver is configured to generate an RF signal such that the second encrypted data is modulated onto the RF signal. By providing the double encryption in a single device, the data transmission network device has greater spectral efficiency and is a much more cost-effective solution than what is currently provided in the market. Furthermore, the encryption module can be disabled so that unsecure data can also be transmitted via the data transmission network device.