Abstract: Embodiments of a cyber threat defense system protects a system from cyber threats with the following operations: Identifying unusual patterns of behavior within the plotted individual alerts and/or events in the multiple dimension space; Clustering the individual alerts and events that form the unusual pattern into a distinct item for cyber threat analysis of that cluster of distinct alerts and/or events; Applying machine learning models to infer for the cyber threat analysis what is possibly happening with the distinct item of the cluster, which came from the unusual pattern, and then assign a threat risk associated with that distinct item of the cluster; and Projecting on a user interface, based on the analysis by the one or more machine learning models, the assigned threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern.

Abstract: Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit being selected for sending the data packet or a copy as a function of data link layer information from the data packet and of a hardware address from a memory of the hardware switch unit. An actual value from a field of the data packet is compared by a hardware filter with a setpoint value for values from this field, the field including data link layer data or network layer data, and the data packet or a copy of the data packet being provided to a computing device as a function of a result of the comparison. The analysis for detecting an intrusion pattern in a network traffic in the computer network id carried out by the computing device.

Abstract: A collaborative security enhancement system for digital files is provided. A computing device detects a transfer of a digital file between a source device and a destination device in a given group of devices. The computing device generates a unique identifier (UID) for the transferred digital file. The computing device instructs that information relating to the digital file be stored in a record associated with the digital file, wherein the information includes: (i) an identification of the source device, (ii) an identification of the destination device; and (iii) the generated UID. The computing device identifies that the digital file has been contaminated. The computing device identifies a source of the contamination based, at least in part, on the stored information in response to identifying that the digital file has been contaminated.

Abstract: Methods, apparatus, systems and articles of manufacture for detecting malware via analysis of a screen capture are disclosed. An example apparatus includes a process detector to detect execution of a macro-executing process. An image capturer is to, in response to detection of the macro-execution process, capture an image of a user interface of the macro-executing process. A similarity analyzer is to analyze the image to determine an image similarity to a stored image in a repository of malicious macro interfaces. A responder is to perform a responsive action in response to the image similarity meeting or exceeding a similarity threshold.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: The current invention is a method of fully automated target identification of a phishing website if a website requests input data from user with deceptive contents (logo, URL path, text in html) and a randomized/wrong data is provided and the website is redirecting to a different domain related with the logo, URL path or text in html. By determining existence of relationships, the website is detected as phishing and the phishing target is automatically identified.

Abstract: Aspects of the disclosure relate to dynamic and automated spear phishing management. A computing platform may identify users to receive a simulated spear phishing message. In some instances, the computing platform may receive a very attacked persons (VAP) list and may identify the users to receive the simulated spear phishing message based on the VAP list. Based on historical message data associated with a first user, the computing platform may identify message features associated with the first user. Using a predetermined template and for a first user account linked to the first user, the computing platform may generate a first spear phishing message based on the message features. The computing platform may then send, to the first user account, the first spear phishing message.

Abstract: Systems and methods for classifying and mitigating security threats in a digital communication network are provided. A digital communication that has been identified as suspicious may be parsed to identify various content indicators contained in the communication. Processing may then be performed on the digital communication to determine if the digital communication comprises malicious content. Mitigation activities may be performed when malicious content is identified.

Abstract: Methods of sensory input integrity attestation are provided. Artifacts included within devices under test inject a known noise signal into the output signal of one or more output devices that are detectable by one or more input devices (i.e., sensors) of an embedded device, and monitor the received input data. By comparing the received signal against the expected noise signal, attestation of the validity of sensory input data is possible. Such sensory input data attestation is capable either locally or using a remote attestation device with knowledge of the expected data stream.

Abstract: Detecting a phishing message by providing a phishing detector having a scan engine and a fetcher, detecting a URL in the message by the scan engine, resolving the URL to a webpage by the scan engine, downloading the webpage by the fetcher, analyzing the downloaded webpage by the fetcher to determine whether the webpage is a phishing webpage, and, when the webpage is determined to be a phishing webpage, deleting the message by the scan engine.

Abstract: A method includes establishing communication between a first mobile device and a locking device via a first wireless transceiver of the first mobile device and a second wireless transceiver of the locking device; determining a location of at least one of the first mobile device or the locking device responsive to the communication; receiving, by a server, permission for the guest user to access the locking device using a second mobile device where the permission is provided from an external device prior to the second mobile device interacting with the locking device; generating, by the server, a guest user profile in response to receiving the permission where the guest user profile includes data usable to allow the guest user to lock or unlock the locking device; and transmitting, by the server, the guest user profile to the second mobile device.

Abstract: A network device may receive, from a first network, one or more fragments of a first network packet of a first network packet type, where the first network packet encapsulates a second network packet of a second network packet type. The network device may buffer the one or more fragments in. The network device may, upon receiving a fragment of the first network packet that includes an indication of a source network address and a source port for the second network packet, perform an anti-spoof check of the fragment flow without assembling the first network packet. The network device may, based on the fragment flow passing the anti-spoof check, in response to receiving all fragments of the first network packet: assemble the first network packet, decapsulate the second network packet from the assembled first network packet, and forward, to a second network, the second network packet.

Abstract: A method for posting of auditable, immutable data to a blockchain includes: receiving a blockchain including a plurality of blocks, each block including at least a block header and one or more transaction values, wherein each transaction value includes at least a transaction hash; receiving a data file associated with a specific transaction hash included in a block in the blockchain, wherein the data file includes one or more variables; modifying at least one of the one or more variables included in the data file; generating a new hash value via application of one or more hashing algorithms to the modified data file; generating a new transaction value based on at least the generated new hash value and the specific transaction hash; digitally signing the generated new transaction value; and electronically transmitting the signed new transaction value.

Abstract: Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

Abstract: An interface system for securing devices on a network gaining access to an external wide area network, such as Internet. The interface system includes a gateway, a vulnerability scanner, switch, cameras, network access controller, and machine learning module. The interface system detects any unusual activity from a device on the network and can take autonomous decisions based on calculated scores to allow or block the unusual activity.

Abstract: A method of cyber protection of a machine based on acquiring acoustic signals from a vicinity of the machine, while the machine is operative. The method includes analyzing the acquired acoustic signals to determine whether the machine or a controller of the machine is operating suspiciously and initiating a cyber measure on the controller of the machine, responsive to a determination based on the acquired acoustic signals that the machine or the controller is operating suspiciously.

Abstract: A Data Radio Bearer (DRB) integrity protection configuration method, a network device and a User Equipment (UE) are provided. The DRB integrity protection configuration method includes: receiving configuration information indicating a DRB integrity protection configuration from a network device; and enabling a predetermined control process for DRB integrity protection in accordance with the configuration information. The predetermined control process is a DRB integrity protection activation process or a DRB integrity protection deactivation process.

Abstract: An extraction apparatus can obtain a first alert and a second alert that are generated, when an anomaly occurs in a control system, in order to provide notification of the anomaly. The extraction apparatus includes: a classification unit configured to generate association information associating the first alert with the second alert; a learning unit configured to learn a generation pattern of the second alert when the anomaly occurs due to a cause other than a cyber-attack based on the association information generated by the classification unit and a generation pattern of the first alert when the anomaly occurs due to a cause other than a cyber-attack; and an extraction unit configured to extract, from among the second alerts, the second alert generated due to a cyber-attack based on the generation pattern of the second alert that is learned by the learning unit and output the extracted second alert.

Abstract: A Pervasive Intermediate Network Attached Storage Application (PINApp) enables users to digitally assign (pin) a folder or drive to a cloud storage service for the purpose of sharing their digital content between devices. The PINApp enables users to engage cloud storage services without the need to upload the digital content to the same in order for the digital content to be viewed or shared.