Abstract: A cybersecurity system is provided for automated cybersecurity insights, remediation recommendations, and service provisioning. The cybersecurity system can generate threat insights and/or generate remediation recommendations using machine learning models and cybersecurity data obtained from target networks, partners, and the like. To provision cybersecurity services, cybersecurity system may collect metadata regarding the network connections and use cases desired for one or more services. Once the metadata has been collected, the cybersecurity assessment system automatically provisions the selected services based on the provided data, such as duration of time elected, service metrics, and the like.

Abstract: Systems and methods for determining and displaying platform-specific end-to-end security vulnerabilities via a graphical user interface (GUI) are disclosed. To provide users with visual indications of vulnerable computing aspects associated with a computing platform, the system identifies computing aspects associated with a platform. The system then obtains from a security entity, security-vulnerability descriptions that are associated with the platform. Using the security-vulnerability descriptions, the system then determines threat levels for each security-vulnerability description and then, using the determined threat levels, determines a computing aspect impact level for each computing aspect associated with the platform. The system then generates for display on a GUI, a graphical layout comprising each computing aspect impact level for each computing aspect associated with the platform.

Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Abstract: A method for assessing a regular expression for vulnerability to ReDoS attacks includes receiving a regular expression for evaluating a string defined by ordered set of characters from an alphanumeric input device, and evaluating the regular expression for determining if a parsing operation of the string according to the regular expression results in a disproportionate resource consumption. The evaluation determines if the resource consumption constitutes a Regular expression Denial of Service (ReDoS) attack by providing a vulnerability indication of a single valid attack string, rather than attempting to find all possible attack strings. The valid attack string is defined by an input string for which evaluation based on the regular expression would result in disproportionate resource consumption.

Abstract: A system for detecting security threats in automated teller machines (ATMs) extracts baseline features from a first set of signals received from a first ATM, when the first ATM is initiated to operate. The baseline features represent a unique electrical signature of the first ATM. The system extracts test features from a second set of signals received from the first ATM, when the first ATM is in operation. The system determines whether there is a deviation between the test features and baseline features. If the system detects the deviation, the system determines that the first ATM is associated with a particular anomaly that makes the first ATM vulnerable to unauthorized access. The system determines that a second ATM is associated with the particular anomaly if the system detects the deviation between baseline features and test features associated with the second ATM.

Abstract: An automated teller machine (ATM) receives a first set of signals from components of the ATM. The first set of signals includes intercommunication electrical signals between the components of the ATM and electromagnetic radiation signals propagated from the components of the ATM. The ATM extracts baseline features from the first set of signals. The baseline features represent a unique electrical signature of the ATM. The ATM extracts test features from a second set of signals received from the component of the ATM. The ATM determines whether there is a deviation between the test features and baseline features. If the ATM detects the deviation, the ATM determines that the ATM is associated with a particular anomaly that makes the ATM vulnerable to unauthorized access.

Abstract: Novel tools and techniques are provided for implementing web-based monitoring and detection of fraudulent or unauthorized use of voice calling service. In various embodiments, a computing system might receive, from a user device associated with an originating party, a request to initiate a call session with a destination party, the request comprising user information associated with the originating party and a destination number associated with the destination party; might query a database with session data (including user information) to access permission data and configuration data; and might configure fraud logic using received configuration data from the database. The computing system might analyze the session data and permission data using the configured fraud logic to determine whether the originating party is permitted to establish the requested call session with the destination party; if so, might initiate one or more first actions; and, if not, might initiate one or more second actions.

Abstract: A method for detecting DoS attacks using an encrypted communication protocol includes estimating traffic telemetries of packets of at least ingress traffic passing over an insecure network that is directed to a protected entity by analyzing TCP headers of the packets, the packets using an encrypted version of a non-encrypted communication protocol, the packets being intended for the protected entity; providing at least one rate-based feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate a normal behavior of the traffic; and executing a mitigation action when a potential flood DoS attack using the encrypted communication protocol is detected by an evaluation of each of the at least one rate-based feature and the at least one rate-invariant feature with respect to respective baselines to determine whether the behavior of the ingress traffic indicates a potential flood DoS attack.

Abstract: Provided is a process including: obtaining, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying a distributed credential-monitoring application; receiving query results including one or more passwords associated with the first username; determining that at least some of the one or more passwords in the query results match the obtained first password; and in response to the determination, blocking, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password.

Abstract: A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying an individual over time without retaining sensitive biometric data. In one embodiment, the system includes a local identity server including an electronic processor, a communication interface, and a memory. The electronic processor is configured to initiate a personalization of a partner-specific identification vehicle that identifies the individual based at least in part on an individual global unique identifier associated with the individual, receive a request for a service from the individual via the communication interface, receive consent and registration information from the individual via the communication interface, generate an identity confirmation that confirms an identity of the individual, and output the identity confirmation via the communication interface.

Abstract: A method, system and computer program product for facilitating risk mitigation of information security threats. Data obtained from at least one tracked data source is analyzed for identifying at least one event related to a threat, to be stored in a database comprising date and time of each event identified, enabling generation of threat timeline comprising temporally ordered sequence of each event related to respective threat identified. Features selected using correlation between features from threat timelines in the database and labeling assigned using records of threat usage incidents are extracted from events in threat timeline for the threat which the at least one event related thereto being identified and based thereon a dynamic score indicating an estimated level of risk posed by the threat is calculated using at least one machine learning model for predicting threat usage during a time window defined, enabling risk mitigation based on outputted indication thereof.

Abstract: A computer system includes an ensemble moving target defense architecture that protects the computer system against attack using one or more composable protection layers that change each churn cycle, thereby requiring an attacker to acquire information needed for an attack (e.g., code and pointers) and successfully deploy the attack, before the layers have changed state. Each layer may deploy a respective attack information asset protection providing multiple respective attack protections each churn cycle, wherein the respective attack information asset protections may differ.

Abstract: Disclosed herein are methods and systems for managing traffic violation or enforcement data using a distributed ledger. The distributed ledger provides a transparent chain of custody/evidence related to all digital interactions with traffic violation or enforcement data. The distributed ledger can be audited for data accuracy and integrity by nodes making up the system each time one of the nodes interacts with the traffic violation or enforcement data. For example, a digital evidence package related to a traffic violation event can be generated by a node within the system and a package digest can be logged in the distributed ledger beginning with the creation of the digital evidence package and each time that the digital evidence package is processed, modified, or reviewed by nodes within the system.

Abstract: A system and method for detecting cyber-attacks using quantile regression analysis are disclosed. The method includes identifying at least one hit quantile out of a plurality of quantiles, wherein at least one sample of traffic directed at a protected entity falls within quantile edges of the at least one identified hit quantile, wherein each of the plurality of quantiles is characterized by a probability distribution of at least one feature of a data stream, each of the plurality of quantiles having a respective probability estimate of bytes to fall into it; updating the probability estimates of the plurality of quantiles when the hit quantile has been identified; determining if the probability estimate of the at least one hit quantile is above a threshold; and detecting a cyber-attack when the probability estimate of the at least one hit quantile is above the threshold.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to an assertion proxy receiving a verified assertion from an IDP obtained from an assertion that is generated when a user logs into a service provider (SP) and is verified in dependence upon the IDP's public key. It also relates to evaluating the verified assertion against one or more security policies. It further relates to forwarding the verified assertion evaluated to the SP and causing establishment of a single sign-on (SSO) authenticated session without modifying the assertion.

Abstract: An autonomous driving controller includes a plurality of parallel processors operating on common input data received from the plurality of autonomous driving sensors. Each of the plurality of parallel processors includes communication circuitry, a general processor, a security processor subsystem (SCS), and a safety subsystem (SMS). The communication circuitry supports communications between the plurality of parallel processors, including inter-processor communications between the general processors of the plurality of parallel processors, communications between the SCSs of the plurality of parallel processors using SCS cryptography, and communications between the SMSs of the plurality of parallel processors using SMS cryptography, the SMS cryptography differing from the SCS cryptography. The SCS and/or the SMS may each include dedicated hardware and/or memory to support the communications.

Abstract: Systems and methods for securely sharing and authenticating a last secret can include generating, by a cryptographic module on a first network node, a seed configured for deriving or recovering a last secret, the last secret providing access to a secure entity and being a last cryptographic element controlling access to the secure entity, creating, by the cryptographic module, an envelope for the seed, enveloping the seed by the envelope, and transmitting, by the cryptographic module, the seed to a computing system on a second node different than the first node, the computing system being configured to decrypt the envelope of the enveloped seed to recover the seed, and obtain the last secret based on the seed, where the cryptographic module is prevented from deriving the last secret.

Abstract: A computer-implemented method can comprise determining, by a device comprising a processor, personally identifying data elements of data, representative of a group of transactions, that comprise personally identifying information according to an anonymization criterion associated with personally identifying information being determined not to be satisfied by the data elements, and storing, by the device, non-identifying data elements of the data to a non-identifying data store.

Abstract: A computer system may generate alerts related to a potential cyber attack an resource of an organization. The computer system may receive activity information associated with activity on a computer network of the organization, access contextual information about the resource, determine, based on the contextual information, select, based at least in part on the contextual information, one or more indicators that are indicative of a cyber attack against the resource to form a second plurality of indicators, and generate, based at least in part on the second plurality of indicators and the contextual information, a risk score, wherein the risk score indicates a probability that the resource is at risk of a cyber attack. In response to the risk score satisfying a threshold value, the computer system may generate an alert. Alerts may be presented using a graphical user interface. Analysts' actions may be tracked for review.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.