Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.

Abstract: A timeline builder system includes a content management configuration. The timeline builder system further includes a content preparation module. The content management configuration and the content preparation module are housed as applications within a plurality of application servers. A back-end user creates a visual, audio and textual content for a front-end user.

Abstract: Systems and methods for detecting unrestricted file upload (UFU) vulnerabilities in Node.js (e.g., Node.js web applications) are provided. A lightweight framework can be used, drawing on a comprehensive evaluation of unique UFU-type attack types from multiple sources. By tailoring these attack instances to the Node.js ecosystem, systems and methods of embodiments of the subject invention offer more thorough coverage of potential attack vectors than existing technologies and tools.

Abstract: A scoring system to assign an exposure metric to a service accessed by multiple end-user devices in an application layer of a cloud-based system. The scoring system includes multiple tenants comprising multiple end-user devices and a scoring server. The scoring server configures dimensions that are functions of the service. The scoring server identifies a resource and determines a resource metric that is a weight of the resource in a dimension. The scoring server further receives a policy and calculates a policy metric that is distance of the policy from origin of a vector space. The scoring server also aggregates the policies and/or the dimensions based on the policy metric, retrieves a dimension metric, and computes the exposure metric for the service. Finally, the scoring server stores the exposure metric of the services and alerts the end-user device about the status of the service.

Abstract: Methods and systems for continuously and quantitatively assessing the risk to data confidentiality, integrity, and availability on identified on endpoints, servers, medical devices, and “Internet of things” devices in a networked healthcare environment monitor resource requests by user applications running on the various device. A map of resource usage by each application may be generated. Based on the map and a risk model (e.g., the contents of a risk database), application events associated with risks are detected and resources vulnerable to the risk may be identified.

Abstract: The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a graphical query builder for generating a subject path signature, for example representing a vulnerability path in the cloud environment. A computer-implemented method includes generating a graphical user interface having configurable node elements and edge elements and, in response to user input on the graphical user interface, configuring the node elements to represent entities in a subject path signature in the cloud environment and the edge elements to represent relationships between the entities in the subject path signature. The method also includes generating a query representing the subject path signature, executing the query to qualify a set of network paths in the cloud environment as conforming to the subject path signature, and outputting query results identifying the qualified set of network paths.

Abstract: A system includes an output device and a processor. The processor is configured to analyze a software system, which includes an application subsystem and a configuration subsystem, so as to generate an output describing (i) one or more operations performed by the application subsystem, and (ii) one or more configurations for the application subsystem, which are provided by the configuration subsystem. The processor is further configured to identify, based on the output, at least one flaw in the software system that results from a combination of the operations with the configurations, and to output via the output device, in response to identifying the flaw, an indication of the flaw. Other embodiments are also described.

Abstract: Embodiments identify vulnerabilities in, e.g., a web application. An embodiment first, searches a database to identify payload characteristics for a Hypertext Transfer Protocol (HTTP) request associated with a uniform resource locator (URL) of a web application. In turn, one or more payloads with characteristics corresponding to the identified payload characteristics are obtained. Next, the HTTP request with the obtained one or more payloads is sent to the URL. Then, one or more responses to the HTTP request sent with the obtained one or more payloads are observed to determine if the web application includes one or more vulnerabilities.

Abstract: The platforms, systems and methods provided herein may provide a data-driven workflow platform. The method comprises: mapping selected data objects to a data storage model of the data-driven workflow platform, where the selected data objects are stored in a data cloud configuration that is operatively coupled to the data-driven workflow platform; and displaying, on a graphical user interface (GUI), a flow for building a cloud application utilizing or managing the selected data objects. The interactive flow comprises at least one graphical element corresponding to a rule for automating an action triggered by a triggering event of the selected data objects.

Abstract: A method includes initializing a client state on a client device be executing a private batched sum retrieval instruction to compute c sums O of data blocks from an untrusted storage device. Each computed sum O stored on memory hardware of the client device and including a sum of a corresponding subset S of exactly k data blocks. The method also includes a query instruction to retrieve a query block Bq stored on the untrusted storage device by iterating through each of the c sums O of data blocks to identify one of the c sums O that does not include the query block Bq, instructing a service to pseudorandomly partition the untrusted storage device into partitions and sum the data blocks in each partition to determine a corresponding encrypted data block sum.

Abstract: Some embodiments are directed to a computer-implemented method (500) of determining a set of coefficients for homomorphically multiplying an encrypted value by a scalar. The encrypted value is represented by multiple respective value ciphertexts encrypting the value multiplied by respective powers of an even radix. The scalar multiplication is performed as a linear combination of the multiple respective value ciphertexts according to the set of coefficients. The set of coefficients are determined as digits of a radix decomposition of the scalar with respect to the radix. The determined digits lie between minus half the radix, inclusive, and plus half the radix, inclusive. It is ensured that no two subsequent digits are both equal in absolute value to half the radix.

Abstract: Techniques for cybersecurity analysis. A method includes identifying a first set of paths to a first asset. The first set of paths includes a first path which allows for uploading inspection code, a second path which allows for running the inspection code, and a third path which allows for obtaining results of running the inspection code. The first set of paths is selected such that application programming interfaces (APIs) of the first set of paths are at least partially shared with APIs of a second set of paths to each of at least one second asset and, further, selected based on at least one request processing attribute of the at least one API used in order to access the first asset. The inspection code is uploaded via the first path and run via the second path. Outputs of the inspection code are obtained via the third path and analyzed.

Abstract: Multiple portions of information for a product are hashed to produce unique hash values during a journey of the product from production to purchase by a consumer. The hash values and information are stored in a cryptographic cooperatively shared product data structure. The hash values are subsequently submitted as product or portions of product searches to the cryptographic cooperatively shared product data structures and results are obtained for products associated with the portions of the information. The results are provided to services to drive proactive actions with respect to the product or other products related to any of the portions of information.

Abstract: Systems and methods for cryptography based on 128 bit integers include: receiving a complex input, the input including a 128-bit number; encrypting by: setting an imaginary part of the input to a predetermined value; encrypting the input using a Fourier transform and a scaling factor; adding a first noise and a second noise to the encrypted input, wherein the second noise obfuscates the first noise; and decrypting by: receiving the encrypted input with added first noise and second noise; estimating a standard deviation of the first noise based on an imaginary part of the received encrypted complex input; computing a standard deviation of the second noise based on the standard deviation of the first noise and a predetermined parameter; and decrypting the encrypted message using an inverse Fourier transform, the first noise, and the second noise.

Abstract: The disclosed embodiments include computer-implemented apparatuses and processes that resolve securely email-based queries involving confidential third-party data. For example, an apparatus may receive message data associated with an inquiry from a first computing system. The message data includes encrypted interlaced data, an identifier, and temporal data, and when a structure of the message data corresponds to an expected structure, the apparatus generates a decryption key based on at least one of the identifier or the temporal data, and decrypts the encrypted interlaced data using the decryption key. Based on a portion of the decrypted interlaced data, the apparatus requests and receives a response to the inquiry from a second computing system, and transmits at least a portion of the response to the first computing system, which presents the portion of the response within a digital interface.

Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.

Abstract: A Counting Machine for Manufacturing and Validating Event-Relevant IDs, tagged with both Trust and Confidence Scores, for Specific Entities (Individuals and Enterprises) and their Prosoponyms using a Managed Secure-Immutable-Nonreputable-Replicated-Verifiable and Fault-Tolerant Distributed Datastore via an Ensemble-Based Network of both Existing and Newly-Created Heterogenous Single- and Multi-Factor ID Validation Services, the Ensemble consisting of both Commercial Organizations (known as Members) requiring valid Entity IDs for use during various events, such as purchase transactions, and Service Providers (known as Partners) who supply technology services for ID validation (as standalone services or as licensed by Members).

Abstract: Disclosed are embodiments for pairing wearable electronic devices, such as smart rings. The paired smart rings are configured so as to provide access to certain resources requiring a higher level of security. In some embodiments, a credential is sharable between the two devices. Thus, a bank manager is able to transfer a credential providing access to bank resources to a second bank employee. The bank manager is able to configure is time and/or use limit on the transferred credential. Thus, for example, by transferring the credential, the bank manager is able to delete certain authority to the bank employee while also limiting that authority as appropriate.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable facilitation of remediation of one or more vulnerabilities detected in a web application. Through the disclosed techniques, methods and/or apparatuses, users will be able to navigate to respective web pages of the detected vulnerabilities and snap directly to the vulnerabilities within the webpages. This allows the users to immediately know the location of the vulnerability, and inline feedback can be provided on the issue, including description, severity, solution and plugin outputs.