Abstract: Systems and methods for authenticating a user of a mobile electronic device to use a FIDO (fast identification online) compliant application in the device are provided. These entail receiving a user authentication input at the mobile electronic device and caching the authentication input. While the authentication input remains cached, the user is authenticated to use the mobile electronic device via the authentication input. The mobile electronic device is then unlocked and the FIDO compliant application is opened. Secure delayed FIDO authentication is then executed by providing the cached authentication input to the FIDO compliant application to open an authenticated session of the user on the FIDO compliant application.

Abstract: Various methods, apparatuses/systems, and media for implementing a vulnerability management module are provided. A receiver receives a request for dynamically scanning vulnerability of a target computing device based on testable vulnerability criteria extracted from a database. A processor dynamically executes the testable vulnerability criteria from the SCCM based on the received request; creates a static SCCM advertisement with a dynamic pre/post validation check capability based on a result of the dynamically executing the testable vulnerability criteria; reports a success or a failure of the static SCCM advertisement related to the testable vulnerability criteria to indicate whether a vulnerability exists within the target computing device; and automatically remediates the vulnerability when it is determined that the vulnerability exists within the target computing device.

Abstract: An information processing apparatus acquires monitoring data. The monitoring data is data representing an event occurring in the monitoring target system. The information processing apparatus determines whether or not the event represented by the monitoring data is an event to be warned. This determination is made using the determination model. The determination model is a model for determining whether or not the event is a warning target. The information processing apparatus updates the determination model, based on the monitoring data and the result of determination on the monitoring data by using the determination model.

Abstract: Techniques are disclosed relating to account security operations based on security risk values that are modified based on one or more security risk criteria. In some embodiments, a system stores a plurality of key-value pairs in a datastore. Each key may specify a set of multiple access attributes corresponding to an origin computing system from which one or more access attempts were initiated and each value may include access information for one or more access attempts whose access attributes match a corresponding key. In some embodiments, the access information includes one or more account identifiers and result indications. In some embodiments, the system modifies security risk values based on multiple security risk criteria associated with different granularities of information in the datastore. A first criterion may be evaluated at a key granularity based on access attempts that match all of the multiple access attributes for a key.

Abstract: The disclosed computer-implemented method for protecting against malicious content may include intercepting, by a security application installed on the computing device, an original message intended for a target application installed on the same computing device. The original message may include potentially malicious content. The security application may forward the original message to a security service. The computing device may receive a clean message from the security service, wherein the clean message includes a safe representation of the potentially malicious content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer system and computer implemented method of detecting attacks on physical systems are disclosed. The system may include one or more databases and one or more controller configured to execute instructions. The instructions may include the following method steps: receiving at least one signal related to a monitored physical system; de-noising the at least one signal to extract a smooth portion of the signal; detecting one or more states of the monitored physical system by analyzing the smooth portion of the signal; obtaining a noise portion of the signal by subtracting the de-noised smooth portion from the at least one signal; classifying the noise portion; determining expected states of the system based on the classified noise portion; comparing the expected states to the detected one or more states; and detecting an attack on the monitored physical system based on the comparison.

Abstract: Data is analyzed using feature hashing to detect malware. A plurality of features in a feature set is hashed. The feature set is generated from a sample. The sample includes at least a portion of a file. Based on the hashing, one or more hashed features are indexed to generate an index vector. Each hashed feature corresponds to an index in the index vector. Using the index vector, a training dataset is generated. Using the training dataset, a machine learning model for identifying at least one file having a malicious code is trained.

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

Abstract: Aspects of the disclosure relate to real-time validation of application data. A computing platform may collect, in real-time, information associated with a plurality of data transmissions between applications, where the information includes, for each data transmission of the plurality of data transmissions, an indication of a source application and a destination application, a first indication whether the data transmission was sent by the source application, and a second indication whether the data transmission was received by the destination application. The computing platform may compare, for each data transmission, the first indication and the second indication. The computing platform may detect, for a particular data transmission, a lack of a match between the first indication and the second indication. The computing platform may identify the particular data transmission as an anomalous data transmission.

Abstract: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.

Abstract: Methods and systems for authenticating and continuously re-authenticating users are disclosed. Most software applications executing on mobile devices only require a user to provide identification information (e.g., user ID and password) at the outset of launching the application, and infrequently or never subsequently request user identification information. The methods and systems described herein provide continuous protection of user identities using a combination of touch-based biometric sensor data, motion sensor data, and implicit mobile device data.

Abstract: A network node is configured to enable authentication of a user of a client device based on biometric data captured by the client device. The network node receives, from the client device, a request to authenticate a user that includes a first set of transformed biometric data transformed with a first secret feature transform key shared with the client device; fetches, from a secure end-user repository, a second set of enrolled transformed biometric data associated with the first set of transformed biometric data and a second secret feature transform key with which the second set of biometric data was transformed at enrolment of the transformed biometric data; and submits the second set of transformed biometric data and the second secret feature transform key over a secure communication channel to the client device.

Abstract: A system method and computer media for detection of potential cyber security vulnerabilities in a computer network are described; the system includes an interface configured for receiving a log file of a target computer system, an analyzing module, a mapping module configured to map a plurality of potential entrance points, a code generator for generating a computer code for exterior intrusion and a testing server configured for transmitting the computer code to the target system and collecting at least one response member, transmitted in response to the computer code.

Abstract: Implementations of the present disclosure include providing graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, each node representing an asset within the enterprise network, and each edge representing one or more lateral attack paths between assets in the enterprise network, determining, for each node, an incoming value based on attributes of a set of incoming edges and an outgoing value based on attributes of a set of outgoing edges, the attributes including a number of edges and semantic types of the edges, at least one cardinality value of each node being determined based on one or more of the incoming value and the outgoing value of the node, receiving input representative of filter parameters, generating a sub-graph based on attributes of the nodes and the filter parameters, and displaying, by the visualization platform, the sub-graph in a display.

Abstract: Methods, systems, and computer readable media for authentication using a text file and a one-time password are described. A method includes receiving user credentials and providing initial text for modification then generating first and second hash values based on a hash function of the initial and modified texts, and comparing the hash values and creating a record in a user table to store information corresponding to the user including the second hash value, wherein the information includes the modified text if the texts do not match; then sending a user a first one-time password via email to verify that the user is an owner of an email address provided by the user.

Abstract: Provided is an inspection system capable of inspecting whether or not a control device mounted to a vehicle normally operates also during usage. An inspection information generation unit of a server generates security inspection information for use in inspection of a function of an ECU on the basis of ECU design information and security information, and the security inspection information is transmitted to an ECU_GW. In the ECU_GW having received the security inspection information, an ECU_GW control unit performs a conversion process, and transmits information obtained by the conversion process to an ECU_A and an ECU_B. When receiving the information, each of the ECU_A and the ECU_B determines, with use of a determination reference held in advance, whether the received information is normal or abnormal.

Abstract: A method for securely sharing a common software package includes storing, within a database, a set of software packages associated with a first namespace, then storing, within the database, a common software package associated with the set of software packages. The common software package is obfuscated and includes an access modifier. A request to install a first software package selected from the set of software packages associated with the namespace is received by a subscriber. In response to the request from the subscriber, the system installs the first software package and the common software package in accordance with the access modifier.

Abstract: A plug-and-play (PnP) driver associated with a security agent is described herein. The PnP driver attaches to device stacks of enumerated bus devices of a computing device as upper-device or lower-device filters based on the device classes of the enumerated bus devices. For example, the PnP driver may attach to the device stack of a hub or controller device as an upper-device filter and to device stacks of other devices as lower-device filters. Either while attaching or after attachment, the PnP driver may take action to alter, limit, or otherwise block functionality of an enumerated bus device. The PnP driver may also perform a system inventory of enumerated bus devices connected to the computing device and create fingerprints for one or more of the computing devices. Additionally, the PnP driver may create and remove control device objects (CDOs) to enable communication with user-mode processes or threads.

Abstract: In one example, a device directory server may maintain a digital rights management list for a user device belonging to a device group associated with a user. The device directory server may maintain a primary digital rights management list associating a user device with a primary online account for a user having a content license for a digital content item. The device director server may receive a status update indicating the user device is still in use by the user if sent by the user device. The device directory server may determine whether a status update has been received from the user device. The device directory server may deactivate the user device on the primary digital rights management list when no status update has been received within a pruning period for the user device to be associated with the primary online account.

Abstract: A method for regulating access to a protected resource is disclosed. The method includes: receiving, via the communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including: a client identifier uniquely identifying the client application; an authorization code for authorizing the client application's access of the protected resource; and a public key associated with the end user; and in response to validating the request: encrypting the authorization code using the public key to generate a first code; and transmitting, via the communication interface to the client application on the first device, a second signal including both an access token for accessing the protected resource and the first code.