Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: Provided are systems and methods for verifying user credentials for performing a search. Verifying user credentials include receiving a search request at a search server, determining, at the search server, whether a set of user credentials of a user has been updated within a threshold period of time. The set of user credentials are received from an identity provider server and cached at the search server. Responsive to determining that the cached set of user credentials have not been updated within the threshold period of time, the identity provider server is queried for a current set of user credentials associated with the user. The current set of user credentials from the identity provider server, and used to determine that the user is authorized to perform the search. The search of the datastore is launched responsive to determining that the user is authorized.

Abstract: A blockchain based numerical value ranking method includes: using, by a first participant, a public key of the first participant to encrypt a private value of the first participant to obtain an encrypted text of the first participant; obtaining encrypted texts of other participants, and generating a challenge value having a preset bit length; based on the challenge value and the private value of the first participant, and the encrypted texts and public keys of the other participants, determining mixed results of the first participant with respect to the other participants; and determining a numerical value ranking result between the first participant and a second participant based on the mixed result of the second participant with respect to the first participant.

Abstract: Disclosed are various examples for enrolling a client device and synchronizing user attributes for the client device across multiple directory services. A search request for user attributes can be sent to a first directory service with an identifier for a user account. The first directory service can query for the identifier and send back user attributes. If a global identifier is included in the attributes, another search request for user attributes can be sent to a second directory service with the global identifier. The second directory service can query for the global identifier and send back user attributes.

Abstract: This application provides an unmanned aerial vehicle authentication method and an apparatus. The method includes: sending, by a communications device after determining that a type of a terminal is a UAV, authentication information of the terminal to an authentication server, so that the authentication server can perform authentication on the terminal based on the authentication information of the terminal, and therefore, the authentication server completes authentication on the terminal. In addition, the unmanned aerial vehicle is allowed to fly only after authentication on the terminal succeeds. Therefore, flight security of the unmanned aerial vehicle can be improved.

Abstract: Techniques for cellular Internet of Things (IoT) battery drain prevention in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for cellular IoT battery drain prevention in mobile networks includes monitoring network traffic on a service provider network at a security platform to identify a misbehaving application based on a security policy, wherein the service provider network includes a 4G network or a 5G network; extracting subscription identifier information for network traffic associated with the misbehaving application at the security platform; and enforcing the security policy at the security platform to rate limit paging messages sent to an endpoint device using the subscription identifier information and based on the security policy.

Abstract: Technology for risk-based access to secrets utilizes risk metadata tailored to secrets. Secrets include passwords, security tokens, digital certificates, and other items used for identity authentication, authorization, signing, validation, and other cybersecurity processes. A secret's risk metadata may indicate which controls protect the secret, the deployment scope of the secret or the asset it secures, known exposures of the secret, whether the secret secures other secrets, the impact if the secret is misused, the secret's strength, characteristics of the asset the secret secures, the secret's risk history, and other characteristics of secrets that set them apart. Unlike secrets, typical user-generated digital assets like web pages, documents, image files, and so on have value on their own. An enhanced system distinguishes between secrets and non-secrets when modulating access, making it possible to automatically provide consistent, efficient, and effective risk-based control over access to secrets.

Abstract: The technology includes a method performed by a security system of a 5G network. The system can instantiate an agent that monitors and control incoming network traffic at a perimeter of the 5G network in accordance with a security model. The agent can process the incoming network traffic with the security model to output a vulnerability-risk-threat (VRT) score that characterizes the incoming network traffic in relation to a vulnerability parameter, a risk parameter, and a threat parameter. The agent compares the VRT score with a threshold value to determine a likelihood that the incoming network traffic includes VRT traffic. The agent communicates at least an indication of the VRT score and incoming network traffic to a central component, which collects VRT information from multiple agents to generate an update for the security model.

Abstract: A support service application may process a request that contains a hyperlink. The hyperlink may be examined to determine a level of risk associated with accessing a resource referred to by the hyperlink. An execution environment for processing the hyperlink may be identified. The execution environment may comprise a virtual machine drawn from a pool of virtual machines. The resource may be retrieved by a browser process operating within the context of the virtual machine, and a safe version of the resource may be rendered and made available to customer support personnel using the support service application.

Abstract: The following relates to a hardware security module for usage with manufacturing devices and a method for operating the same is provided. The security module includes: a secure element, which is adapted to detect an operating mode of the hardware security module; a first interface which is adapted to receive commands for controlling the hardware security module; a central processing unit for processing application program code in a secure environment; a second interface which is adapted for receiving configuration data, wherein the second interface is activated and deactivated in dependence of the detected operating mode.

Abstract: A system can include a processor having a secure mode and a non-secure mode, and a secure module configured to respond to tokens posted by the processor in the secure mode. Each token can identify a secure asset, and source and destination addresses within secure and public address spaces. The secure module can include a memory storing secure assets identifiable by the tokens and a memory access circuit to read data from source addresses and write processed data to destination addresses. The system can further include a cryptography engine configured to process the read data using identified secure assets. The secure module can respond to tokens posted in the non-secure mode. The memory can store, with each secure asset, a respective rule defining the address spaces where the memory access circuit may read and write data. The secure module can ignore tokens that do not satisfy respective rules.

Abstract: The technology includes a method performed by a system of a telecommunications network to manage network traffic of a 5G network. The system can instantiate a security system to sort incoming or outgoing network traffic at a perimeter of the 5G network into multiple groups that are each uniquely associated with multiple traffic types and multiple security levels. The system can inspect segments of data included in the incoming network traffic and sort multiple portions of the network traffic into the groups based in part on the inspection of the segments of the data. The system can dynamically adjust an available bandwidth of the 5G network based on each load of each of the groups and dispatch the portions of the network traffic in accordance with a traffic type and a security level of each of the groups.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes generating encrypted data. The example method further includes monitoring a set of data environments comprising the encrypted data, wherein a data environment associated with the set of data environments comprises one or more quantum computing techniques. The example method further includes generating quantum computing (QC) detection data comprising one or more instances of the one or more quantum computing techniques decrypting the encrypted data. The example method further includes, subsequent to the generation of the QC detection data, encrypting data based on the QC detection data, wherein the data is encrypted based on a set of PQC encryption attributes absent from the QC detection data.

Abstract: A computing system and method to implement a three-dimensional virtual reality world having user created virtual objects. A platonic object identifies a list of objects as different versions of the platonic object. Each respective object has: a blueprint identifying resource objects that are used to construct the respective object in the virtual reality world; and a provenance node identifying the platonic object of the respective object, a creator of the respective object, and a set of access control parameters of the respective object. A server computer hosting the virtual reality world control access to instances of the platonic object according to access control parameters stored in the tree of provenance nodes for the objects connected via the blueprints and the platonic object.

Abstract: Provided are an electronic device and a method for controlling the electronic device.

Abstract: A method of data access control in an intermediation server includes: storing a record containing: a record identifier; a plurality of sections each containing data; and in association with each section, an owner identifier selected from a set of requester identifiers corresponding to respective requester subsystems; storing access control data corresponding to each requester identifier; wherein the access control data for a given requester identifier indicates which other requester identifiers are permitted to access a section of the record having the given requester identifier associated therewith as the owner identifier; responsive to receiving, from one of the requester subsystems, a request containing the record identifier and an active one of the requester identifiers corresponding to the active requester subsystem: granting access to a subset of the sections according to the active requester identifier, the owner identifiers and the access control data.

Abstract: A distributed network security service is disclosed. The disclosed platform comprises an external service that facilitates security operations for a private network. Data from nodes of the private network is received and analyzed by the service. An output is automatically generated by the service in response to a detected security event in the analyzed data that facilitates remediating the security event at least at one or more of the nodes of the private network, wherein a latency exists between the security event occurring on the private network and being remediated during which time an entity responsible for the security event has access to the private network before being blocked.

Abstract: In an example embodiment, access to a data set in a data lake can be specified using several approaches, based on the metadata and information attached. The metadata may be replicated from the original data source of the underlying data, and additional metadata may be modeled and stored to construct linkage information between data types. This linkage information may be used to automatically grant access to users to additional objects that are linked to objects that the user has explicit access to.

Abstract: Method and system disclosed herein facilitate retrieval of a blockchain key. The method comprises receiving a key store comprising a first encryption method, a second encryption method, and identification information of one or more network nodes storing a plurality of encrypted storage keys; displaying an authentication request and receiving and input form the user in response to the authentication request; upon the input received matching a record within a database, instructing the one or more network nodes to transmit the encrypted key segments; decrypting each encrypted key segment based on the first encryption method; and generating a blockchain key by appending the strings of the key segments based on the second encryption method.

Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.