Abstract: Systems for providing a threat intelligence system differentiate between network activity that is a mass scan, or is an accidental or otherwise benign abnormality, or is a directed attack. All of the network activity of a computing resource service provider is logged, and the logs are parsed to include the activity of a particular activity source. The activity is stored in an activity profile, and is updated on a rolling window basis. The systems then use the activity profiles of activity sources that have communicated with a user's computing resources to determine whether the activity and/or activity source is a potential threat against the user's virtual computing environment(s) and/or the computing resources executing therein. The system computes a threat level score based on parameters identified in the activity profiles.

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

Abstract: A method for accessing a restricted application programming interface (API) is disclosed, including: receiving, from a first application, a request to access the restricted API, the restricted API not supported by the first application; determining whether the first application is authorized by a provider of the restricted API to access the restricted API; and granting, in response to the determination that the first application is authorized by the provider of the restricted API to access the restricted API, the first application access to the restricted API.

Abstract: In a system and methods to verify data integrity and origin authenticity of signed elements in an arbitrary blockchain, a block is signed using a first digital signature algorithm. A hash on the signed first block content is computed. A parallel assurance of blockchain signatures (“PABS”) record includes a cryptographic message, comprising the block identifier and the hash, and is signed using a second digital signature algorithm, which, in some embodiments, is different from the first digital signature algorithm. Integrity and origin authenticity of the signed block content are verified by verifying the digital signature of the first cryptographic message. Additionally, to verify the block content, a verification hash is computed on the signed block content of the block of the blockchain, and the verification circuit verifies that the hash from the cryptographic message matches the verification hash.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: A method and apparatus that securely obtains services in response to a request for a service while concealing personally identifiable information (PII) includes a software package having a user identification (ID) and network protection module that runs on a third party system and an anonymizer module that runs on a user system. The user system sends the request for the service via an API that invokes the user ID and network protection module to validate the request. In response to receiving validation, the anonymizer module modifies the request for the service to conceal at least part of the PII and sends the modified request to the service provider. In one embodiment, the third party system may be an application program configured to run on the user system. Thus, no PII or data to identify the unique individual is transmitted to the service provider.

Abstract: A method of operation of an information linking system includes: scanning an identification icon on an object; determining an access key by analyzing the identification icon including a target location read from the identification icon and a current location of a device that scanned the identification icon; and retrieving at least an initial availability level from a plurality of qualified information levels of a geo-location object information and additional information levels, authorized by the access key when the current location is within a geo-fence of the target location, for displaying on the device.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor and a non-transitory computer-readable medium having stored thereon a program of instructions executable by the processor. The program of instructions may be configured to, when read and executed by the processor, receive an initial password, the initial password comprising a string of characters to be entered by a user of the information handling system for accessing the information handling system, separate the initial password into a plurality of compartments, select a random order of the plurality of compartments, generate a key based on the initial password as rearranged in accordance with the random order of the plurality of compartments, and store a key sequence representative of the random order of the plurality of compartments.

Abstract: An apparatus for generating trusted image data includes an image data generator, a processor and an output unit. The image data generator generates image data of an image to be taken of a three-dimensional scene and trust data of the three-dimensional scene. The trust data indicates a depth information of at least one pixel of the image to be taken or comprises data capable of being used to calculate a depth information of at least one pixel of the image to be taken. The processor generates encrypted image data by encrypting at least the trust data or characteristic data derivable from at least the trust data, so that an authentication of the image data is enabled based on the encrypted image data. The output unit provides trusted image data including the encrypted image data.

Abstract: An electronic device includes a biometric sensor, such as a fingerprint sensor, that identifies biometric input received at the biometric sensor. One or more processors operable with the biometric sensor identify one or more companion devices operating within a wireless communication radius of the electronic device. Where multiple companion devices are within the wireless communication radius, a user can make a selection of one or more of them. One or more gesture sensors identify a predefined gesture input, such as a key turn simulation. A wireless communication circuit responsive to the one or more processors, delivers an actuation credential to at least one companion device to control the companion device.

Abstract: Systems and methods for reversibly remediating security risks, which monitor a network or system for security risks, and upon detection of one or more of risks, apply a remedial action applicable to at least partially remedy or mitigate the one or more detected risk. The network or system is monitored for a change to the detected risk(s), and upon detection of a change to the detected risk(s), the applied remediation action is automatically reversed.

Abstract: A method of operation of an information linking system includes: locating an object with an identification icon; scanning the identification icon with a device; determining an access key by analyzing the identification icon; and retrieving at least a general availability level from a plurality of selective information levels of an object information file and additional information levels authorized by the access key for displaying on the device.

Abstract: Technologies relating to monitoring communications traffic to detect potential attacks on industrial control system networks and building automation system networks are described herein. In an embodiment, a monitoring device receives a plurality of communications from a control network. The monitoring device transmits the communications to a computing device. Based on the communications, the computing device generates a listing of devices that communicated by way of the control network over a period of time, and computes a volume of traffic between each pair of devices in the listing of devices. The computing device then outputs a graphical user interface (GUI) by way of display, the GUI comprising data indicative of the computed volumes of traffic, which may be indicative of a potential attack on the control network.

Abstract: A processing device receives a request to create a second account in a cloud computing system having multiple web services. The request specifies an organization unit (OU) associated with a first account of the cloud computing system. A first instance of a threat detection service monitors activity data associated with the first account and detects anomalous activity by the first account using a first machine learning (ML) model. The processing device creates the second account and attaches the second account to the OU. The processing device generates a second ML model for the second account using at least a portion of the first ML model and monitors subsequent activity data associated with the second account using the second ML model to detect anomalous activity by the second account.

Abstract: A method and system for creating a composite security rating from security characterization data of a third party computer system. The security characterization data is derived from externally observable characteristics of the third party computer system. Advantageously, the composite security score has a relatively high likelihood of corresponding to an internal audit score despite use of externally observable security characteristics. Also, the method and system may include use of multiple security characterizations all solely derived from externally observable characteristics of the third party computer system.

Abstract: A computerized method for authenticating access to a subscription-based service to detect an attempted cyber-attack. The method features operations by the cloud broker that include receiving service policy level information and information based on operational metadata. The service policy level information includes at least subscription attributes to identify one or more performance criterion in analyses conducted on one or more objects submitted by a sensor for malware representing an attempted cyber-attack. The operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service. The cloud broker, using both the service policy level information and the information based on the operational metadata, selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and establishes a communication session between the sensor and the cluster via the cloud broker.

Abstract: A method includes receiving a build request containing build step instructions from a user. The build step instructions specify a usage of containers within memory hardware for building an output container. The containers include at least one private container having private contents and/or at least one public container having public contents. The method also includes authenticating the user initiating the build request and determining whether the user is authorized to access the private containers. When the user is authenticated and authorized to access the private containers, the method includes obtaining the containers specified by the build step instructions from the memory hardware, executing the build step instructions to build the output container while using the received containers, and outputting the built output container.

Abstract: Embodiments herein facilitate resisting side channel attacks through various implementations and combinations of implementations. In embodiments, this is accomplished by preventing sensitive data from consecutively following other data through potentially vulnerable resources which otherwise may cause data to leak. Where such vulnerabilities to attacks are known, suspected, or as a proactive precaution, a cleaner can be used to inhibit the sensitive data from passing through the vulnerable areas consecutively and thus inhibit the leakage. Embodiments also envision utilizing certain types of circuits to assist in preventing leakage. By using such circuits one can reduce or even potentially eliminate the requirement for cleaners as mentioned previously.

Abstract: Methods and systems for detecting webpages that share malicious content are presented. A first set of webpages that hosts a web account checker is identified. A baseline page structure score and a baseline language score are calculated based on the identified first set of webpages. Content from a second set of webpages is collected and analyzed based on the calculated baseline page structure and the calculated baseline language scores. One or more of the second set of webpages is flagged as malicious based on the analyzing of the content collected from the second set of webpages.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for cross-channel electronic communication security. In this regard, the invention provides dynamic construction and targeting of adaptive simulated malicious electronic communications for unsecure communication identification by a user. The invention configures adaptive simulated malicious electronic communications for interacting with users via user interfaces of the multiple electronic communication media and user devices. Another aspect of the invention is directed to configuring, dynamically and in real time, a simulated malicious electronic communication for one electronic communication medium, based on and in response to, user actions on another simulated malicious electronic communication on another electronic communication medium.