Abstract: A computing system determines that a third party system has been exposed to a digital security violation. The computing system identifies a first user account of a user registered with the computing system that has a corresponding account associated with the third party system. The computing system determines that the first user account has stored a first set of user credentials for the corresponding account associated with the third party system at a storage location accessible by the computing system. The computing system launches a series of web browsers configured to access a first website associated with the third party system. The computing system executes, via a first web browser of the series of web browsers, a first automated script specific to the first website associated with the third party system. The computing system performs at least one of a plurality of remedial operations with respect to the corresponding account.

Abstract: A method for determining a risk level of an instance on a cloud server. The method includes: obtaining one or more monitoring items of an instance to be monitored and a rule base of each monitoring item; obtaining monitoring data corresponding to each monitoring item of the instance to be monitored; and determining a risk level of the instance to be monitored under each monitoring item based on the rule base and the monitoring data of each monitoring item.

Abstract: A distributed system provides access by a principal to a resource associated with sensitive data. Micro-services in communication with an authorization engine each include a resource provider that receives a resource action request from the principal to access the resource, determines a context for the request, and transmits the context to the authorization engine in an authorization request. The authorization engine receives the authorization request, resolves the authorization request context against a plurality of pre-defined resource conditions, and responds to the resource provider with an authorization response of allow, deny, or allow-with-conditions. The context for the request includes metadata regarding attributes of the principal, and each of the resource conditions includes a logical expression operating upon the attributes.

Abstract: Methods, apparatus, systems and articles of manufacture for detecting malware via analysis of a screen capture are disclosed. An example apparatus includes at least one memory, instructions, and processor circuitry to execute the instructions. The processor circuitry is to detect execution of a process, capture a portion of a screen buffer as a captured image, after the execution of the process is detected, analyze the captured image to determine an image similarity to a stored image in a database, the database to at least store malicious images, and perform a responsive action when the image similarity satisfies a similarity threshold.

Abstract: A synthetic identity network for detecting synthetic identities may receive a first request for credit including one or more user attributes, compare the one or more user attributes to one or more stored user identities, create a new user identity, flag the new user identity as a potentially synthetic identity based on comparing the one or more user attributes to the one or more stored user identities, receive a second request for credit including or more second user attributes, compare the one or more second user attributes to the one or more user attributes associated with the potentially synthetic identity, prepare a notice including the potentially synthetic identity and a credit request identifier, and transmit the notice to one or more servers.

Abstract: The invention relates to a computer system and computer-implemented method for clearing possible malware from electronic documents, comprising the following steps: receiving an electronic original document on a control computer (1); transmitting the electronic original document to a display computer (2); transmitting the document content of the original document via a presentation signal (3) from the display computer (2) to the control computer (1); the control computer (1) creating an electronic document copy from the presentation signal (3).

Abstract: The present disclosure generally relates to methods, systems, apparatuses, and non-transitory computer readable media for managing health data. A method includes receiving a first data packet associated with a first user. The first data packet is assigned a universally unique identifier based on the first user. The method also includes causing an encryption of the first data packet. The method further includes storing at least one of the plurality of encryption keys on a first distributed ledger subnet. The method still further includes receiving the at least one of the plurality of encryption keys for the encrypted first data packet stored on the first distributed ledger subnet. The method also includes causing a decryption of the first data packet based on the at least one of the plurality of encryption keys for the encrypted first data packet stored on the first distributed ledger subnet.

Abstract: A method for qualifying a validator server used in zero-knowledge transactions including receiving hashed transactions between a prover client and a verifier server from the prover client and hashed transactions between the prover client and the verifier server, accessing the hashed transactions an enforcement node, analyzing the first and second pluralities of hashed transactions by the enforcement node, and qualifying or disqualifying the verifier server by the enforcement node responsive to analyzing the first and second pluralities of hashed transactions.

Abstract: A method for managing a group of secured network devices. The method includes detecting, by a switchover agent operating in a secured network device of the group of secured network devices, a switchover between two supervisors operating in the secured network device, based on the detecting: generating a modified heartbeat packet, wherein the modified heartbeat packet comprises a suspension time that is significantly larger than a heartbeat interval, and sending the modified heartbeat packet to a second secured network device of the group of secured network devices.

Abstract: A method for determining and using a security risk score for devices includes searching a network to automatically identify devices associated with potential security risks, collecting a first set of data from the devices including at least one of a device configuration, an IP address, a MAC address, or data related to software operated on the devices, collecting a second set of data from an external data source including risk data, comparing the second set of data to the first set of data to evaluate a potential security risk and determine a risk score for the devices, and using the risk score to perform an automated action including at least one of (i) providing an alert to a user identifying the potential security risk, (ii) generating a dashboard identifying the potential security risk, or (iii) initiating a corrective action responsive to the potential security risk based on the risk score.

Abstract: A system and method for computer security of a protected device that has a processor and an operating system software running on the processor includes security software that runs on the protected device and has local data for control of the security software. Upon initialization of the security software, the security software loads the local data and periodically reads file-type associations from the operating system software. For each file-type association, the security software determines if that file type is permitted by the local data and if that file type is not permitted by the local data, the security software removes that file-type association from the operating system software.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: A system and method for detecting cloud identity misuse in a cloud computing environment is presented. The method includes: deploying a runtime sensor on a workload in a cloud computing environment; continuously receiving data from the runtime sensor; generating an activity baseline based on the continuously received data, wherein the runtime sensor is configured to detect runtime processes on the workload; detecting an event in a cloud log, the event including an identifier of the workload; associating a runtime process detected by the runtime sensor on the workload with the event detected in the cloud log; and determining that the event is an anomalous event based on the generated activity baseline.

Abstract: A computer program product and computer-implemented method include operations including identifying a software update payload that is available for distribution and identifying compatibility data for the software update payload, wherein the compatibility data identifies configurations of a computing device that are compatible with the software update payload. The operations further include forming an update package that includes the software update payload and the compatibility data, digitally signing the update package, and providing the signed update package to one or more computing devices over a network.

Abstract: Ransomware activity detection and data protection is implemented by a remote R2 storage array on an asynchronous remote data replication facility, on which data from a primary R1 storage array is replicated to the remote storage array. Write operations on storage volumes in a remote data replication group are collected in a capture cycle on the primary storage array, along with IO pattern metadata describing both read and write operations on the storage volumes. At the end of the capture cycle, the update and metadata is transmitted to the remote storage array. The remote storage array receives the update and metadata and temporarily stores the update prior to applying it to its copy of the storage volumes. Ransomware anomaly detection is implemented using the update and metadata, and if ransomware activity is detected, the data on the remote R2 storage array is protected, and the update is not applied.

Abstract: The disclosure provides systems, methods and machine readable programs for isolation of data. In some implementations, this is performed on a healthcare information system (HCIS). It will be noted, however, that the disclosed embodiments can be used for different fields of endeavor, and for data other than medical patient data. After capturing data elements, such as patient records, the system automatically reviews and can extract the data elements in an isolated location, generates and stores reports, encrypts the reports, and sends them to multiple designated workstations and devices throughout a network at regular intervals to ensure that the most recent patient data is captured. After a compromising event, such as a system outage or a cyberattack, the updated patent data can be accessed locally by way of a locally installed client program.

Abstract: An automated method is provided for validating an action based on beacon source proximity to a user device. A user data processing device receives from a remote action validation server an action validation request. The request includes identification of an authentication device that may include a beacon transmitter and identification of a proposed action associated with the authentication device. The user data processing device determines whether the authentication device is within beacon signal reception range of the user data processing device and transmits an action validation response to the remote action validation processing system.

Abstract: A method validating commands for a software platform. The platform receives user input to specify a command for the software platform to perform an action. The command is expressed in an extended formal language including elements in a Boolean Algebra. The platform retrieving validation rules for the software platform. The validation rules are expressed in the extended formal language. The platform combines the command and the validation rules to build a formula in the extended formal language, including one or more logical quantifiers. The platform expresses the formula in disjunctive normal form, with an existential innermost quantifier and constructs a new formula in the extended formal language that is logically equivalent to the formula and has no quantifiers. The planform evaluates the truth of the new formula and executes the command to perform the action when the new formula is true. Otherwise, the platform rejects the command.

Abstract: Techniques for implementing a scalable automated training framework for anomaly and ransomware detection are disclosed. A computer system may instantiate one or more virtual machines (VMs). Each VM may be loaded with a corresponding file system. The computer system may simulate, on the one or more VMs, user actions and ransomware, which may cause changes to the corresponding file systems loaded on to the VMs. The computer system may obtain snapshots of the VMs that indicate changes to the corresponding file system of each of the VMs. The computer system may generate a metadata file for each VM based on the corresponding snapshot. The computer system may generate training data for training a ransomware detection model using a machine learning algorithm based on the metadata files for each of the VMs.

Abstract: Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.