Abstract: An apparatus for scanning vulnerabilities, wherein the apparatus includes at least a processor and a memory communicatively connected to the at least a processor, the memory containing instructions configuring the at least a processor to access at least a manifest file, wherein the at least manifest file includes at least a direct dependency, scan the manifest file for a software package data, extract the software package data from the manifest file, generate at least a dependency tree as a function of the software package data, and store the dependency tree in a database. A method for scanning vulnerabilities is also disclosed.

Abstract: Systems and methods for computing times to remediate for asset vulnerabilities are described herein. In an embodiment, a server computer receives first vulnerability data for a plurality of entities identifying asset vulnerabilities and timing data corresponding to the vulnerability data indicating an amount of time between identification of an asset vulnerability and a result of the asset vulnerability. The server computer identifies a strict subset of the first vulnerability data that belongs to a particular category of a first plurality of categories. The server computer receives second vulnerability data for a particular entity identifying asset vulnerabilities. The server computer identifies a strict subset of the second vulnerability data the belongs to the particular category. Based, at least in part, on the strict subset of the first vulnerability data, the server computer computes a time to remediate the asset vulnerabilities in the strict subset of the second vulnerability data.

Abstract: A technology to identify processing paths of untrusted input data received by applications that are vulnerable to attacks and to further detect and prevent actual attacks that try to exploit those vulnerabilities is disclosed. Application code is augmented at run-time with sensor code which detects the entry of input-data into the application and further traces the propagation, manipulation and, sanitization of this input-data until its usage in a data sink. The so generated data-flow traces reveal data-flow paths that lack required sanitization measures to neutralize potentially harmful input-data. Such data-flow paths are reported as vulnerabilities. Further, input-data that reaches data-sink interfaces is scanned by data-sink sensors to identify harmful input data. On identification of harmful input data, an attack is reported, and countermeasures are applied to prevent the identified attack.

Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.

Abstract: Disclosed are systems and methods for registering and localizing a building server. A system comprises a building server communicatively coupled with a computing cloud, and configured to initiate a registration process that comprises transmitting data identifying the building server. The computing cloud comprises at least a device registration module that receives the data transmitted from the building server, authenticates the building server, and generates and transmits data such as a building server password and a digital certificate. The computing cloud also comprises an identity management module that receives a request to create a unique ID associated with the building server, and updates a memory to indicate an association between the building server and the computing cloud.

Abstract: Systems and methods for providing user-induced variable identification of end-to-end computing system security impact information via a user interface are disclosed. The system receives at a graphical user interface (GUI), a user calibration of a graphical security vulnerability element. The system then determines a set of computing system components that interact with data associated with the network operation based on a transmission of the network operation associated with a computing system. The system then determines a set of security vulnerabilities associated with each computing system component of the set of computing system components using a third-party resource. The system then applies a decision engine on the set of security vulnerabilities to determine a set of impacted computing-aspects associated with the set of computing system components.

Abstract: Disclosed herein are methods and systems for managing traffic violation or enforcement data using a distributed ledger. The distributed ledger provides a transparent chain of custody/evidence related to all digital interactions with traffic violation or enforcement data. The distributed ledger can be audited for data accuracy and integrity by nodes making up the system each time one of the nodes interacts with the traffic violation or enforcement data. For example, a digital evidence package related to a traffic violation event can be generated by a node within the system and a package digest can be logged in the distributed ledger beginning with the creation of the digital evidence package and each time that the digital evidence package is processed, modified, or reviewed by nodes within the system.

Abstract: This disclosure describes a bot detection system that leverages deep learning to facilitate bot detection and mitigation, and that works even when an attacker changes an attack script. The approach herein provides for a system that rapidly and automatically (without human intervention) retrains on new, updated or modified attack vectors.

Abstract: A security framework for life-critical and safety-critical devices, specifically medical devices, using: a) runtime, adaptive methods that dynamically assess the risk of newly discovered vulnerabilities and threats, and b) automatic mitigation methods that reduce system risk by seamlessly reconfiguring the device to operate within different execution modes. This technology automatically isolates threats by disabling affected system components. A multi-modal software design uses adaptive software in which operational modes have monotonically decreasing cumulative risk. Formal risk models are used to model the individual risk of accessing or controlling system components and to automatically calculate the cumulative risk of software modes. The automated detection of potential threats by the system or reporting of known vulnerabilities will dynamically change the system risk.

Abstract: Configuration monitoring is performed using a computer-based system and method by identifying misconfigured settings through the collection of large amounts of configuration data from diverse sources. The configuration data is then analyzed to identify misconfigured items. Automation of such configurations is implemented using machine learning to analyze existing configurations as well as new configurations. By using machine learning, the computer-based system and method can predict a pass state or a fail state of the configuration of a newly connected system in an organization. A logistic regression classifier is trained using old complying configuration data and data reflecting industry standards. The trained classifier can predict and classify whether a new configuration passes or fails the industry standards based on the training data of old configuration data.

Abstract: Systems and methods for determining and displaying platform-specific end-to-end security vulnerabilities via a graphical user interface (GUI) are disclosed. To provide users with visual indications of vulnerable computing aspects associated with a computing platform, the system identifies computing aspects associated with a platform. The system then obtains from a security entity, security-vulnerability descriptions that are associated with the platform. Using the security-vulnerability descriptions, the system then determines threat levels for each security-vulnerability description and then, using the determined threat levels, determines a computing aspect impact level for each computing aspect associated with the platform. The system then generates for display on a GUI, a graphical layout comprising each computing aspect impact level for each computing aspect associated with the platform.

Abstract: A method for minimizing scan disruptions includes receiving a scan request requesting to scan a set of network-connected assets. Each network-connected asset is associated with corresponding network characteristics. The method includes partitioning the set of network-connected assets into a plurality of groups based on the corresponding network characteristics. For each respective group, simultaneously, the method includes determining an ordered list for scanning each network-connected asset in the respective group, scanning a first network-connected asset of the respective group based on the ordered list, and, after scanning the first network-connected asset, determining a post-scan health status of the first network-connected asset. The method includes determining, using the post-scan health status, that a health of the first network-connected asset is degraded.

Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.

Abstract: Method and system for providing access to information comprising the steps of receiving a request for information derived from data from a requester having one or more requester properties. Determining if the one or more requester properties meet one or more predetermined criteria associated with the data, if the one or more requester properties meet the predetermined criteria then providing the requested information to the requester. Storing data describing the request within a blockchain. In another aspect, there is provided a method and system for anonymizing data comprising the steps of at a first source of data determining one or more parameters of a procedure for dividing a first data set into subsets of data, such that each subset of data meets one or more criteria. Providing the parameters to a second source of data. At the second source of data amending the parameters such that the procedure will divide a second data set data into subsets of data that each meet the one or more criteria.

Abstract: A system for encrypted identification and communication is provided. In one aspect, a method includes receiving identification information identifying a user, validating an identity of the user, providing an interface for entering an electronic address associated with an accused entity, obtaining additional addresses associated with the accused entity, verifying an identity of the accused entity based on providing the additional addresses to the user, encrypting the addresses, comparing the encrypted data against stored data to identify at least one matched user, and generating a request for the at least one matched user to communicate with the user.

Abstract: The present disclosure provides a communication network node for providing data to a distributed ledger, wherein the node has circuitry configured to: provide a user data management part for separating sensitive user data and non-sensitive user data, and provide the non-sensitive user data to the distributed ledger.

Abstract: A system for conducting cyberthreat analytics on a submitted object to determine whether the object is malicious is described. The system features a cybersecurity system operating with a cloud platform, which is configured to host resources including cloud processing resources and cloud storage resources. The cybersecurity system is configured to analyze one or more received objects included as part of a submission received from a subscriber after authentication of the subscriber and verification that the subscriber is authorized to perform one or more tasks associated with the submission. The cybersecurity system is configured to operate as a multi-tenant Security-as-a-Service (SaaS) that relies upon the cloud processing resources and the cloud storage resources provided by the cloud platform in performing the cybersecurity operations.

Abstract: When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

Abstract: A biometric attribution approach identifies a keyboard actor based on timing between entered keystrokes. Patterns tend to emerge in a timing interval between keystrokes entered by an actor. The keystroke patterns of an actor are analyzed to compute a signature exhibited by the actor. Gathered or intercepted keystroke patterns of an unknown actor are compared to identify a likelihood that typing sessions emanated from a common actor. Keystroke activity of a purported suspect actor can be compared to a database or model of keystroke attributes for determining if the keystroke activity emanated from the same actor as other keystroke sequences. Keystroke patterns rely only on the timing between keystrokes, as key data and upstroke information need not be gathered since the comparisons reply only on keystroke timing deltas.

Abstract: A method and an apparatus for Wi-Fi connection based on Wi-Fi Protected Setup (WPS) in a portable terminal are provided. The method includes entering a group owner mode of Wi-Fi Direct when enabling of WPS is requested, after entering the group owner mode, entering a WPS session mode where the portable terminal is operable in a WPS registrar mode, determining whether an Access Point (AP) whose WPS session of the WPS registrar mode is enabled or a device whose group owner mode is enabled, exists nearby, and when an AP whose WPS registrar mode is enabled is discovered, disabling the WPS registrar mode and the group owner mode, enabling a WPS session where the portable terminal is to operate in a WPS enrollee mode, and accessing the discovered AP.