Abstract: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Abstract: A method by one or more network devices implementing a scrubbing center for mitigating distributed denial of service attacks, where the scrubbing center is communicatively coupled to a plurality of clients and one or more servers. The method includes determining a set of packet fingerprints seen in a set of packets sent between the plurality of clients and the one or more servers, assigning a risk value to each packet fingerprint in the set of packet fingerprints based on analyzing previous security decisions made for packets having that packet fingerprint, and responsive to detecting an occurrence of a potential distributed denial of service attack, activating a security measure for each of one or more packet fingerprints in the set of packet fingerprints based on the risk value assigned to that packet fingerprint.

Abstract: A system for watermarking a USB Type-C and PD protocol hardware sub-system existing as a part of a SOC/IC system includes a tester to generate a watermarking signal, a device under test (DUT), wherein the DUT is configured with a USB Type-C port with power delivery implementation and including a hardware subsystem configured for watermarking the DUT and transmit a response signal upon receipt of the watermarking signal from the tester. The tester includes a controller including one or more processors that execute a set of executable instructions that are stored in a memory, upon which execution, the processor causes the controller to generate the watermarking signal, the watermarking signal comprises a custom signal and a custom packet associated with a configured custom signal stored in a data buffer that is associated with the SOC/IC system, and transmit the watermarking signal on one or more configuration channel (CC) lines.

Abstract: Described are techniques for asset management using an asset management identification key. The techniques include populating, based on input to a front-end portal, a plurality of fields including a plurality of attributes and a serial number of a device. The techniques further include hashing each of the plurality of fields. The techniques further include hashing a contiguous sequence of the hashed plurality of fields to generate an asset management identification key. The techniques further include transmitting the asset management identification key to a blockchain and authenticating the device using the asset management identification key stored on the blockchain.

Abstract: A system for detecting Denial-of-Service (DoS) attacks on one or more user profiles collects a number of invalid sign-on attempts on the one or more user profiles during every time interval. The system determines a number of invalid sign-on attempts on every user profile since the start of the first time interval. The system detects a first DoS attack on a particular user profile if a first number of invalid sign-on attempts on the particular user profile exceeds a single-user profile. The system detects a second DoS attack on multiple user profiles during the first time interval if the increase in the total number of invalid sign-on attempts since the last time interval exceeds a scan-level threshold number. The system detects a third DoS attack on multiple user profiles if the total number of invalid sign-on attempts detected during combined time intervals exceeds a third threshold number.

Abstract: In a user credential control system, an access control server includes a token issuing unit that issues, to a service provider server, a token in which a user credential that can be acquired by the service provider server is described according to the company name and the type of a service of the service provider server described in an electronic certificate, a policy registration unit that registers a policy of an access authority of the service provider server to the user credential based on the company name or the type of the service of the service provider server, and a notification reception unit that, when the user credential of the user terminal has been changed, acquires the service provider server with the access authority to the user credential from a token according to the registered policy to notify the service provider server of the change of the user credential.

Abstract: A lifelong learning intrusion detection system and methods are provided. The system may capture network data directed to a host node. The host node may include a honeypot. The honeypot may emulate operation of a physical or virtual device to attract malicious activity. The system may classify, based on a supervised machine learning model, the network data as being not malicious or not malicious. The system may classify, based on an unsupervised machine learning model, the network data as being anomalous or not anomalous. The system may alter operation of the honeypot to induce malicious activity. The system may determine, after operation of the honeypot is altered, the honeypot is accessed. The system may retrain the supervised machine learning model and/or unsupervised machine learning model based the network data.

Abstract: An enterprise security system is improved by taking remedial actions responsive to detecting attempts at tampering with computing resources. When a tamper detection instrument detects an attempt at tampering, information about the attempt at tampering may be used to identify one or more candidate types of threats and/or candidate threats. One or more remedial actions associated with the threat or type of threat can be identified and applied in ten enterprise network environment.

Abstract: Systems and methods for providing fleet remediation of compromised workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a first local management agent configured to provide a first workspace in a fleet of workspaces, an indication that the first workspace has suffered a security compromise, where the first workspace is instantiated based upon a first workspace definition; and in response to the indication, transmit a second workspace definition to a second local management agent configured to provide a second workspace in the fleet of workspaces, where the second workspace is instantiated based upon the first workspace definition, and where the second local management agent is configured to instantiate a third workspace based upon the second workspace definition.

Abstract: Examples of enrollment of virtual devices for unprivileged users are described. In some examples, a virtual device includes an enrollment agent, encrypted enrollment credentials, and a user mode privilege elevation component that elevates privilege of the enrollment agent. A privilege elevated token is created to include an administrative privilege of a local security authority service, and a security context of an unprivileged user account logged in to the virtual device. The enrollment agent is launched using the privilege elevated token rather than a user token of a user that is logged in. The enrollment agent decrypts the encrypted enrollment credentials based on administrative privilege of the privilege elevated token, and enrolls the virtual device with a management service using decrypted enrollment credentials.

Abstract: Systems, methods, and non-transitory computer readable medium disclosed herein relate to identity verification and authorization method. In one embodiment, the system can generate and send a message to a device associated with a user based on an initiated request from the user and a determination the user should be authenticated, wherein the message requests a content-based response from the user to authenticate the user. In another embodiment, the system can receive the content-based response from the user in reply to the message, wherein the content-based response comprises SMS (short message service) metadata, emoji, photo, video, audio, or a combination thereof. In another embodiment, the system can authenticate the user based on a determination of a confirmed match between the content-based response from the user and a response key preselected by the user.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An arrangement of particles corresponding to the first entities and the second entities may be generated. Charges associated with the particles may be determined based upon the first network profile. The particles may be rearranged to a second arrangement of particles based upon the charges. One or more clusters of particles in the second arrangement of particles may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the one or more clusters of particles.

Abstract: Systems, methods, and devices implement security operations in security platforms implemented across web servers and application servers. Systems include a first server including one or more processors configured to identify one or more patterns of malicious activity based, at least in part, on event information associated with a request and at least one of a plurality of custom parameters, and a second server including one or more processors configured to host an application accessed by the client device, wherein the first server is coupled between the client device and the second server and is configured to handle requests between the client device and the second server. Systems also include a database system configured to store application data associated with the application and the client device.

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.

Abstract: Disclosed are various aspects of voice skill session lifetime management. In some examples, a session extension request is received. The session extension request extends a voice skill session of a voice-activated device. A personal client device is identified based on the session extension request. A command to emit an ultrasonic pulse is transmitted to the personal client device.

Abstract: In one embodiment, a method comprises: securing, by a security agent executed within a network device, first secure data structures for secure storage in the network device and second secure data structures for secure communications in a secure peer-to-peer data network; monitoring, by the security agent, a corresponding mandatory lifecycle policy for each of the first secure data structures; and cryptographically erasing one of the first secure data structures in response to expiration of the corresponding mandatory lifecycle policy.

Abstract: In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device detects an occurrence of a security event during execution of the application. The device identifies a correlation between the security event and the OpenTelemetry trace data. The device provides an indication of the security event in conjunction with the OpenTelemetry trace data, based on the security event being correlated with the OpenTelemetry trace data.

Abstract: In one or more embodiments, the disclosed systems, methods, and media include utilizing a crosswalk algorithm to identify controls (e.g., cybersecurity controls) across frameworks, and for utilizing identified controls to generate cybersecurity risk assessments. A cybersecurity module may identify one or more controls in a data structure. The process may utilize a crosswalk algorithm to determine a relatedness between the identified controls and different controls of different frameworks. The process may update the data structure with selected different controls, such that a more robust set of controls are identified when the cybersecurity module indexes into the data structure to identify particular controls. Additionally, the process may generate a risk assessment for a device/software. The process may generate a risk score for the risk assessment, and the risk score may be based on a determined compliance level for each control determined to be related to a defined risk of interest.

Abstract: Managing security access in real-time to a computer system using control lists includes detecting a security event at a computer system. The security event is analyzed including an analysis of a historical corpus having historical data of security events. An access control list is generated based on the security event. A determination is made when the security event includes abnormal behavior based on the analysis of the security event and the historical corpus. The security event is published to a monitoring system for controlling access to the computer system, in response to the security event.

Abstract: A system and method for intelligently detecting a duplicate address attack is described. The system and method comprise transferring a first address conflict check message; receiving a first address conflict check response message; performing intelligent Duplicate Address Detection (DAD) to determine if the duplicate address attack is valid; and if the duplicate address attack is valid, then reporting the duplicate address attack to a monitoring server. An intelligent switch that detects the DAD attack blocks further address conflict check response messages from the attacker's MAC address.