Abstract: Systems and methods for automatic content remediation notification are disclosed herein. The system can include memory that can contain a content library database. The system can include a first user device and one or more servers. The one or more servers can: receive a content aggregation creation request from the first user device; identify content information associated with a set of the plurality of data packets; apply a filter request to the set of the plurality of data packets; automatically provide information relating to data packets in the restricted set of data packets to the first user device; receive content aggregate information identifying a content aggregate from the first user device; evaluate the content aggregate according to the metadata associated with the data packets of the content aggregate; and output an indicator of the evaluation result to the first user device.

Abstract: Systems and methods for automatic content remediation notification are disclosed herein. The system can include memory that can contain a content library database. The system can include a first user device and one or more servers. The one or more servers can: receive a content aggregation creation request from the first user device; identify content information associated with a set of the plurality of data packets; apply a filter request to the set of the plurality of data packets; automatically provide information relating to data packets in the restricted set of data packets to the first user device; receive content aggregate information identifying a content aggregate from the first user device; evaluate the content aggregate according to the metadata associated with the data packets of the content aggregate; and output an indicator of the evaluation result to the first user device.

Abstract: A method, computer system, and a computer program product for restricting and anonymizing a graphical user interface for a remote access session is provided. The present invention may include receiving a remote access request, from a third party, to fix a problem associated with a client computer. The present invention may also include determining the problem associated with the client computer utilizing a cognitive processing system. The present invention may then include determining a plurality of appropriate permissions for the graphical user interface of the client computer for fixing the determined problem utilizing the cognitive processing system. The present invention may further include presenting the determined problem and the determined plurality of appropriate permissions to a user. The present invention may also include receiving a user confirmation, wherein the user confirmation indicates the user agrees with the determined problem.

Abstract: Systems and methods are disclosed for detecting and removing injected elements from content interfaces. In one implementation, a processing device receives a content interface from a content provider, processes the content interface to identify elements of the interface that may not have been received from the content provider, compares the content interface with corresponding reference interfaces to identify elements of the content interface that are not present in the reference interfaces, processes the identified elements to determine how the identified elements affect a rendering of the content interface on the device, and modifies a rendering of the content interface on the device based on the manner in which the identified elements affect the rendering of the content interface on the device.

Abstract: Systems and methods are described for performing blockchain validation of user identity and authority. In various aspects one or more processors receive a first blockchain ID and a second blockchain ID, where each of the first blockchain ID and the second blockchain ID is associated with a user and is further associated with a first and second blockchain, respectively. A plurality of blockchain transactions may be aggregated where the plurality of blockchain transactions includes at least a first blockchain transaction associated with the first blockchain and a second blockchain transaction associated with the second blockchain. A first validation event providing a first indication of validity for the user may be identified based on the first blockchain transaction or the second blockchain transaction.

Abstract: Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system can perform analysis and correlation, including use of one or more data sources, to determine information about an application. The system can compute a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score may be analyzed to determine a threat of security posed by the application based on use of the application. The security system can perform one or more instructions to configure access permitted by an application, whether access is denied or restricted.

Abstract: Endpoints in a network environment include remote file systems mounted thereto that reference a file system generator that responds to file system commands with deception data. Requests to list the contents of a directory are intercepted, such as while a response is passed up through an IO stack. The response is modified to include references to deception files and directories that do not actually exist on the system hosting the file system generator. The number of the deception files and directories may be randomly selected. Requests to read deception files are answered by generating a file having a file type corresponding to the deception file. Deception files may be written back to the system by an attacker and then deleted.

Abstract: In a general aspect, a method for executing a target operation combining a first input data with a second input data, and providing an output data can include generating at least two pairs of input words each comprising a first input word and a second input word and applying to each pair of input words a same derived operation providing an output word including a part of the output data resulting from the application of the target operation to first and second input data parts present in the pair of input words, and a binary one's complement of the output data part.

Abstract: Embodiments perform token cache management by renewing tokens heuristically. A token renewal request interval is defined based on a configurable lifetime of a token and an acquisition duration. Upon expiration of the token renewal request interval, and in the event that the token is requested by at least one client application, the authentication module renews the token with a secure token service. Renewal may also occur in the absence of a request for the token by any client application if the cached token has been kept valid for less than a threshold time. In some examples, the tokens are associated with credentials for single sign-on during site recovery management.

Abstract: A method and system is provided for detecting malicious files in a distributed network having a plurality of virtual machines. An example method includes: determining and obtaining, by a virtual machine, at least one file for performing an antivirus scan; collecting data relating to characteristics of computing resources of each virtual machine and parameters relating to the antivirus scan; determining an approximation time function of the characteristics of the computing resources and an approximation function of the one or more parameters for determining an approximation time function of effectiveness of the antivirus scan; and beased at least on the approximation time function of effectiveness of the antivirus scan, selecting one virtual machine to perform the antivirus scan in order to determine whether the at least one file is malicious.

Abstract: Systems and methods for automatic content remediation notification are disclosed herein. The system can include memory that can contain a content library database. The system can include a first user device and one or more servers. The one or more servers can: receive a content aggregation creation request from the first user device; identify content information associated with a set of the plurality of data packets; apply a filter request to the set of the plurality of data packets; automatically provide information relating to data packets in the restricted set of data packets to the first user device; receive content aggregate information identifying a content aggregate from the first user device; evaluate the content aggregate according to the metadata associated with the data packets of the content aggregate; and output an indicator of the evaluation result to the first user device.

Abstract: A master apparatus includes, in an action frame for connection, acceptance policy regarding acceptance of a slave apparatus, and transmits the action frame. After establishment of connection with the slave apparatus, the master apparatus transmits a disconnection request to the slave apparatus. After having been disconnected from the master apparatus, the slave apparatus determines whether or not to reconnect to the master apparatus, on the basis of the acceptance policy included in the action frame from the master apparatus, and the disconnection request received from the master apparatus. Upon determining that reconnection is not possible, the slave apparatus does not transmit a participation request to the master apparatus.

Abstract: A computing system can be arranged to generate a range of different frequencies with at least one oscillator of a clock module prior to providing a first clock frequency to a controller with a channel selector of the clock module in response to a dither control circuit. A system operation may be executed with the controller before the first clock frequency is changed to a second clock frequency during the execution of the system operation as directed by the dither control circuit. The second clock frequency can be chosen from the range of different frequencies. The computing system may return to the first clock frequency at the conclusion of the execution of the system operation.

Abstract: The migration of a communication session from one device to another device may include registering at least two devices, receiving a request to transfer the session from one device to another, determining whether transfer of the session is authorized, storing session information associated with the session, authenticating user credentials at the second device, transmitting the stored session information to the second device, and receiving a request that incorporates the transmitted session information to restore the communication session on the second device. In addition, access to the system may be prohibited from the first device for a predefined period of time.

Abstract: A computer-implemented method can be performed to identify the publication of sensitive data and/or malware to a third-party site. According to the method, at least one processor retrieves data items stored on a computer system over a network, the computer system hosting a third-party site, to which the data items are published. The at least one processor stores the data items in local, computer-readable memory, and processes the data items stored in the local, computer-readable memory based on at least one search criteria. The at least one processor determines that at least one of the data items satisfies the at least one search criteria, and in response, provides an alert identifying the at least one data items.

Abstract: A method, computer program product, and apparatus for performing baseline calculations for firewalling in a computer network is disclosed. The method involves defining a reference group for an executed software program, measuring signals in the reference group, measuring signals of the program, computing a distance between the signals of the program and the signals of the reference group, and taking an action if the computed distance deviates from a norm mode. The distance can be computed using a similarity matrix or other method. Measuring the program comprises observing behaviors of the program, collecting and analyzing data, comparing the data to baselines of the reference group, and comparing the behaviors of the program across a previous execution of the program. In cases where a program is known to be malicious, a reference group is not needed and a sandbox can be tailored just by copying the environment of the actual system.

Abstract: The present disclosure discloses a method and an apparatus for detecting an application.

Abstract: A secure communication channel can be established between a recovery console and a recovery agent during an Active Directory disaster recovery. This secure channel can be established without employing the Kerberos or NT LAN Manager (NTLM) authentication protocols. Therefore, the recovery console and recovery agent will be able to establish a secure channel even when the domain controller is in Directory Services Restore Mode (DSRM) and NTLM is disabled. A secure channel can be established between the recovery console and the recovery agent based on the Microsoft Secure Channel (Schanel) Security Support Provider (SSP). The Schannel implementation can be modified in a manner that allows the client to be authenticated within the Schannel architecture.

Abstract: Systems and methods of improving the operation of a transaction network and transaction network devices are disclosed. An online purchase autofill plugin includes various modules and engines. The fields of online forms may be identified and the fields of online forms may be automatically filled. The user experience may be improved, and data security enhanced so that the transaction network more properly functions according to approved parameters, such as protecting the integrity of sensitive data.

Abstract: The disclosed computer-implemented method for detecting malicious computing events may include (i) determining, for multiple computing events detected within an enterprise, an initial disposition score for each computing event based on currently-available security information, (ii) determining an initial classification of each computing event as malicious or non-malicious by comparing the initial disposition score of each computing event with a threshold disposition score, (iii) for each computing event, determining (a) an updated disposition score based on new security information (b) an updated classification, (iv) calculating a degree to which the threshold disposition score correctly identifies malicious computing events by determining a frequency with which the initial classification of each computing event matches the updated classification of the computing event, and (v) adjusting the threshold disposition score based on the degree to which the threshold disposition score correctly identifies malicious