Abstract: A risk knowledge graph is created from information on risk events involving network entities of a private computer network. Each of the risk events is represented as a node in the risk knowledge graph. The nodes are connected by edges that represent the risk events. The nodes are grouped into communities of related nodes. A response action is performed against a community to mitigate a cybersecurity risk posed by the community.

Abstract: The present invention is a system for and method of enabling an initiating party to capture, store, and retrieve an image of at least one acknowledging party performing an acknowledgement requested by the initiating party where the acknowledging party(s) may be remotely located from the initiating party.

Abstract: Methods, systems, and computer-readable media for auto-tuning permissions using a learning mode are disclosed. A plurality of access requests to a plurality of services and resources by an application are determined during execution of the application in a learning mode in a pre-production environment. The plurality of services and resources are hosted in a multi-tenant provider network. A subset of the services and resources that were used by the application during the learning mode are determined. An access control policy is generated that permits access to the subset of the services and resources used by the application during the learning mode. The access control policy is attached to a role associated with the application to permit access to the subset of the services and resources in a production environment.

Abstract: A method and system for providing information management of data from hosted services receives information management policies for a hosted account of a hosted service, requests data associated with the hosted account from the hosted service, receives data associated with the hosted account from the hosted service, and provides a preview version of the received data to a computing device. In some examples, the system indexes the received data to associate the received data with a user of an information management system, and/or provides index information related to the received data to the computing device.

Abstract: Aspects described herein may allow for the generation of a message to be sent to an intended recipient of a request for a communication session prior the initiation of the communication session. The system may monitor applications and associated devices to determine the initiation of the communication session. Based on such a determination, the system may generate a message to be presented to a communication initiating user and to be sent to an intended recipient of the communication session. The system may determine data for the message based on an analysis of the data associated with the communication initiating user, and the system may apply a machine learning model to generate draft messages for the user. Messages may be generated to authenticate a user with an intended recipient of the communication session.

Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS operations logic to manage XMSS functions, a chain function controller to manage chain function algorithms, a secure hash algorithm-2 (SHA2) accelerator, a secure hash algorithm-3 (SHA3) accelerator, and a register bank shared between the SHA2 accelerator and the SHA3 accelerator. Other examples may be described.

Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.

Abstract: States of storage nodes in a storage cluster may be transitioned from a secured state to an unsecured state. When all the storage nodes are in the secured state, a first reboot of the storage nodes is initiated. The first reboot may involve the storage nodes rebooting from the secured state into an intermediate state. During the first reboot: storage nodes that have rebooted into the intermediate state are allowed to rejoin the distributed storage cluster, and storage nodes in the unsecured state are not allowed to join the distributed storage cluster. When all the storage nodes are in the intermediate state, a second reboot of the storage nodes may be initiated. The second reboot may involve rebooting the storage nodes from the intermediate state into the unsecured state. During the second reboot, storage nodes that have rebooted into the unsecured state are allowed to rejoin the storage cluster.

Abstract: Embodiments of systems and methods are provided to enhance network security by providing secure, multi-path user authentication, while also providing a more convenient login experience to the user. In the present disclosure, a cloud-based user authentication and threat detection system is provided with an artificial intelligence (AI) engine and a training dataset. Utilizing a cloud-based system enables the AI engine to collect data from multiple devices located within different physical locations or environments (such as, for example, the user's home and office). The collected data is stored within the training dataset and used to create a personalized user profile for each user. Each time a user initiates login to a system or network from a particular location, the AI engine collects data from multiple devices within that location and utilizes the user profile data previously stored within the training dataset to securely authenticate the user or detect potential security threats.

Abstract: Various embodiments include implementing an interceptor for application security testing. The interceptor may intercept traffic, including one or more traffic items, between a scan engine and a target application. The traffic item(s) may include a request directed to the target application from a scan engine implementing application security testing or a response from the target application responsive to request(s) from the scan engine. The interceptor may determine that a particular traffic item satisfies a particular traffic trigger associated with a particular traffic action comprising a manipulation to the traffic between the scan engine and the target application. The particular traffic action is one of a plurality of predefined traffic actions that the interceptor is configured to perform across different scan engine versions, different scan configurations, or both.

Abstract: A computer-implemented method for generating a speeding ticket. The method includes generating a first image of at least a part of a vehicle by a first camera, detecting a first set of the characters of the number plate of the vehicle dependent on the first image, and generating a secured file by a first camera using the first set of the characters and a first character code. The method further includes generating a second image of the part of the vehicle by a second camera and detecting a second set of the characters of the number plate dependent on the second image. The method further includes generating the speeding ticket, in response to determining that the vehicle violates a speed limit and in response to verifying that the first set of the characters is equal to the second set of the characters.

Abstract: Systems and methods to authenticate a Non-Fifth Generation Capable (N5GC) device on a Residential Gateway (RG) include a wireline access network comprising the RG and a wireline-access gateway function (W-AGF). The RG connects to the W-AGF using a termination system (e.g., a Cable Modem Termination System (CMTS) and the like) to relay N5GC device messages received at the RG to the W-AGF and vice versa. During a registration/authentication procedure for the N5GC device, the W-AGF generates a Registration Request message on behalf of the N5GC device and sends the Registration Request message to an Access & Mobility Management Function (AMF) of a Fifth Generation (5G) core network. The Registration Request message includes an indication that the N5GC device lacks 5G capabilities (e.g., is N5GC). In response to the Registration Request message, the system causes the N5GC device to be authenticated at least partly in response to the Registration Request message.

Abstract: A device may receive security data identifying assets of an entity, security issues associated with the assets, and objectives associated with the assets and may utilize a data model to generate, based on the security data, asset related data identifying mapped sets of security data. The device may process a first portion of the asset related data, with a first model, to calculate an asset risk likelihood score for an asset of the assets and may process a second portion of the asset related data, with a second model, to calculate an asset criticality score for the asset. The device may process a third portion of the asset related data, with a third model, to calculate an asset control effectiveness score for the asset and may combine the scores to generate a security risk score for the asset. The device may provide the security risk score for display.

Abstract: A system dividing unit (110) divides a target system into a plurality of sub-systems. A root system selection unit (122) selects a sub-system in which a threat on security occurs, as a root system from among the plurality of sub-systems. A root tree generation unit (131) generates an attack tree of the root system, as a root tree. A descendant system selection unit (132) selects one sub-system or more located on an intrusion course to the root system, as one descendent system or more from among the plurality of sub-systems. A descendant tree generation unit (133) generates one attack tree or more corresponding to the one descendent system or more, as one descendent tree or more. A sub-attack tree integration unit (140) integrates the root tree and the one descendent tree or more, to thereby generate an attack tree of the target system.

Abstract: A method for data transfer and storage is provided. The method may include: encrypting data generated by a terminal device; storing duplicated copies of the encrypted data respectively in a first storage device and a second storage device, which are removably inserted into the terminal device; generating, with the terminal device, a message authentication code associated with the encrypted data; transmitting the message authentication code to a first server; physically transporting the first storage device to a remote location of the first server, and upon the first storage device being inserted into the first server, determining whether the encrypted data stored in the first storage device are damaged using the message authentication code; and in response to a determination that the encrypted data stored in the first storage device are not damaged, transmitting the encrypted data from the first storage device to the first server.

Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.

Abstract: Methods are systems are provided for onboarding network equipment to managed networks. An onboarding controller of a managed network may generate a challenge for network equipment to be onboarded into the managed network, and may send the challenge to a communication device different from the equipment network. The challenge may include information relating to a configuration change to be made to the network equipment. Further, the challenge is sent over a connection that is different than a connection used in communicating with the network equipment. The onboarding controller may verify, based on handling of the configuration change, an identity and/or a network location of the network equipment. Handling the configuration change may include applying the configuration change.

Abstract: One embodiment of the described invention is directed to a key management module and a consumption quota monitoring module deployed within a cybersecurity system. The key management module is configured to assign a first key to a subscriber and generate one or more virtual keys, based at least in part on the first key, for distribution to the subscriber. A virtual key is included as part of a submission received from the subscriber to authenticate the subscriber and verify that the subscriber is authorized to perform a task associated with the submission. The consumption quota monitoring module is configured to monitor a number of submissions received from the subscriber.

Abstract: Upgrade to a Trusted Application in a Trusted Execution Environment compliant to a Trusted Execution Environment standard to an as-a-server functioning by running, inside the Trusted Execution Environment, each instance of a Multi Instance/Single Session Trusted-Server Trusted Application compliant to the TEE standard in an infinite state-full loop polling a session of a Single Instance/Multi Session Trusted-Pipe Trusted Application, the single session of each of the instance of the Trusted-Server Trusted Application being adapted to perform a task as a server, said Trusted-Pipe Trusted Application being further polled by the Customer Application and opening session depending on command coming from the Customer Application.