Abstract: Disclosed herein are systems and method for providing agentless security of virtual machines. In one aspect, the method intercepts, by a virtual switch filtering extension of an extensible virtual switch on a host processor, a data packet in an outbound transmission from a virtual machine to a destination device, wherein the virtual switch filtering extension is also configured to intercept data packets in inbound transmissions to the virtual machine. In response to determining that the data packet is not in compliance with the set of predefined rules associated with the virtual machine, the method prevents, by the virtual switch filtering extension, transmission of the data packet from the virtual machine to the destination device.

Abstract: A method of and system for securing data stored in a cloud-based software system is disclosed. A cloud data security system routinely scans files and analyzes the cloud system events to determine potential data loss/leak, and notifies users of the cloud system in real-time. The cloud data security system suggests appropriate classification levels and optimal security settings to the user by collecting actions and behaviors of other users of the cloud data security system within an organization or others who perform similar job duties in different organizations and/or locations. The cloud data security system enhances data security by providing visibility, actionable insights, and awareness on risks associated with the data, not only to administrators but also to end users of the cloud-based software system in real-time.

Abstract: Disclosed herein are systems and methods for access control in an electronic control unit (ECU). In one aspect, an exemplary method comprises, by an operating system (OS) kernel of the ECU of a vehicle, intercepting at least one request for an interaction of a control application with a basic component through an interaction interface provided by the basic component for interactions with applications, requesting from a security subsystem of the operating system, a verdict as to whether or not access for the interaction of the control application with the basic component through the interaction interface can be provided, and when the verdict is received from the security subsystem granting the access, providing the interaction between the basic component and the control application through the interaction interface in accordance with the received verdict.

Abstract: There is provided a method to detect phishing websites so as to protect users from sending their sensitive information to criminal servers. When browsing a web site having an input form asking sensitive information, the input fields are recorded (i.e. username field and password field). Then false credentials are generated and submitted in background. The new control layer then checks the response page content whether it includes an input form and if there is an input, it checks whether the form has the same fields as the first form. If the responded page does not have a form, or it has a form but includes different fields than the initial page's form, then the original site is identified as phishing.

Abstract: A semiconductor substrate of an integrated circuit is protected by a coating. The semiconductor includes a front face and a rear face. To detect a breach of the integrity of a semiconductor substrate of an integrated circuit from the rear face, an opening of the coating facing the rear face of the substrate is detected. In response thereto, an alarm is generated. The detection is performed by making resistance measurements with respect to the semiconductor substrate and comparing the measured resistance to a nominal resistive value of the semiconductor substrate.

Abstract: An agreement apparatus P(i) (where i=0, . . . , n?1) which executes a consensus protocol generates an opinion value with a signature Xij=(xi, sig_i(xi)) including an opinion value xi indicating an opinion and a signature sig_i(xi) on the opinion value xi or information different from the opinion value with the signature Xij as an opinion value with a signature X?ij=(x?ij, e?ij) and outputs the opinion value with the signature X?ij to an agreement apparatus P(j) (where j=0, . . . , n?1, i?j). The agreement apparatus P(j) accepts the opinion value with the signature X?ij and outputs the opinion value with the signature X?ij or information different from the opinion value with the signature X?ij to an agreement apparatus P(m) (where m=0, . . . , n?1, m?i, m?j) as an opinion value with a signature X?ij.

Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.

Abstract: An address retrieval system that retrieves the physical address of a user based on a request from another user. The address retrieval system can be connected to a network, such as a cellphone network, to allow a user to submit a request containing personally identifiable information, such as a phone number, of another user and the address retrieval system can locate/retrieve the requested address information and return the information to the requesting user or a third party. The release of the address information can be managed by a user-configurable privacy policy that provides rules, permissions and/or other management regarding the release of the user's address information.

Abstract: Embodiments described herein provide an implicit protocol with improved resource and bandwidth efficiency. A post-quantum secure approach for issuing multiple pseudonym certificates from a small piece of information is provided, while traditionally most encryption schemes are vulnerable to post-quantum attacks (e.g., in a traditional SCMS). Long-term security can be improved with the post-quantum protocol.

Abstract: A computing system receives encrypted data that can be decrypted by a first secret to obtain data, wherein the first secret is securely stored by the system, determines that the data encodes a second secret and executable code usable to perform cryptographic operations, and run the executable code to perform the cryptographic operations. The first secret may be a one-time pad.

Abstract: Disclosed is a methods for secure online authentication comprising determining, by a secure device, that a connection is being established between a browser and a protected website by analyzing web requests from the browser, obtaining information for the protected website when a request for authentication is received from the protected website, establishing a protected data transmission channel between the secure device and the protected website, receiving one or more authentication certificates from the protected website, verifying validity of the one or more authentication certificates, performing authentication and transmitting, from the device, authentication data stored on the device to the protected website, transmitting a new session identifier from the device to the browser for enabling access to the protected website and requesting that the browser dispatch the new session identifier to the protected website in response to the connection being established via the web requests.

Abstract: A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting.