Abstract: A communication device of handling data transmission comprises configuring a first bearer and a second bearer according to at least one bearer configuration received from a network; encrypting a first packet of a first flow into a first encrypted packet according to an encryption key and a first bearer identity of the first bearer; receiving a first RRC message from the network before transmitting the first encrypted packet to the network successfully, wherein the first RRC message configures the communication device to transmit at least one packet of the first flow via the second bearer to the network; transmitting the first encrypted packet to the network via the first bearer; encrypting a second packet of the first flow into a second encrypted packet according to the encryption key and a second bearer identity of the second bearer; and transmitting the second encrypted packet to the network via the second bearer.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: Methods and apparatuses are provided for automatic wireless connection to a digital device in a portable terminal. A phone number and an Electronic Serial Number (ESN) of the portable terminal are obtained. A Wireless Local Area Network (WLAN) is set to an Ad-hoc mode. A Service Set Identifier (SSID) of the WLAN is automatically generated using the phone number and the ESN of the portable terminal. A security key of the WLAN is automatically generated using the phone number and the ESN of the portable terminal. An Internet Protocol (IP) address for the WLAN is automatically generated using the phone number and the ESN of the portable terminal. The digital device is wirelessly connected to using the IP address for the WLAN.

Abstract: An Operating System (OS) command launcher or loader is newly obfuscated each time a command is successfully processed by the OS command launcher. Moreover, a binary for the OS command launcher is validated each time a command is attempted to be processed for execution by the OS command launcher.

Abstract: A computer-implemented method includes security settings data associated with one or more profiles of a protected social entity on one or more social networks is scanned, and the security settings data associated with the one or more profiles of the protected social entity is assessed. A first security risk score for the protected social entity is determined based on the assessment of the security settings data, and the first security risk score is provided to the protected social entity.

Abstract: Systems and methods of the disclosure can implement intrusion radiation protection (IRP) to prevent malicious IP traffic in a secure network. The IRP system can receive an IP packet, determine that a protocol of the IP packet matches a predetermined policy of a plurality of predetermined policies, classify the IP packet based on the predetermined policy and a size of the IP packet, inspect a payload of the IP packet responsive to the classification to determine features of the IP packet, determine that one of the features of the IP packet is improper based on the classification, and flag the IP packet as suspect based on the determination. The IRP system can log and/or drop the flagged IP packet. The IRP system can additionally replace a payload of the IP packet with a second payload, and transmit the IP packet with the second payload to its destination.

Abstract: A user authentication system that analyzes call forwarding information obtained from telecommunication networks, such as through the use of Signaling System No. 7 (“SS7”) protocols, to detect the possibility of fraud. In response to a request to access a network-accessible service, the system performs an initial authentication of provided user account credentials. The system then obtains a telecommunication subscriber identifier that is associated with the user account. Prior to performing additional device-based user authentication, the system obtains call forwarding information for the user. The obtained call forwarding information is then evaluated for potentially fraudulent call forwarding configurations. For example, call forwarding to certain call forwarding numbers, or the use of different call forwarding types, may be indicative of fraud intended to undermine further user authentication.

Abstract: FIDO (“Fast IDentity Online”) authentication processes and systems are described. In an embodiment, a FIDO information systems (IS) computer system receives a FIDO authentication request for a transaction from a user device, which includes user data and user device authenticator data. The FIDO IS computer system then verifies the user data and user device authenticator data, selects a FIDO-certified server, transmits the FIDO authentication request to the selected FIDO server, and receives a challenge message from the selected FIDO-certified server. The FIDO IS computer system next transmits the challenge message to the user device, receives a FIDO authentication response, transmits the FIDO authentication response to the selected FIDO-certified server, receives an authentication result from the FIDO-certified server, and transmits the authentication result to the user device.

Abstract: Embodiments of methods and systems for encrypting and decrypting with encryption attributes are presented. An encryption attribute contains information to identify one or more segments of a file to be encrypted. An encryption process encrypts those one or more segments to generate a partly encrypted file instead of encrypting the entire file. That is, the file includes some data that are encrypted and some data that are not. In one embodiment, at least three encryption keys are used such that the encryption attribute is encrypted with using a third key.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: The disclosed computer-implemented method for detecting anomalous behavior in shared data repositories may include (i) identifying a shared data repository that comprises files, (ii) monitoring access to the files for a predetermined time period in order to determine which files are accessed by each user, (iii) creating a graph of the access to the files, wherein each vertex represents a user and each edge that connects two vertices represents that one or more files were accessed by both users represented by the two vertices, (iv) deriving, from the graph, a set of communities, wherein each community represents a set of users that collaborated on one or more files during the predetermined time period, and (v) determining that a collaboration pattern of a user does not match a collaboration pattern for the user's community observed during the predetermined time period. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: System and methods for determining network threats are disclosed. For each entity operating in a network being monitored for network security, an example method obtains an observed metric value for each metric that characterizes actions performed by the entity. Each observed metric value may be input into a machine learning model that is specific to the metric in order to determine an anomaly score for the observed metric value that represents how anomalous the observed metric value is relative to an expected metric value for the metric. A threat score may then be determined for each entity from the anomaly scores for each metric. A security threat presentation that identifies one or more high-scoring entities according to the threat scores may be generated and provided for display on a user device.

Abstract: Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.

Abstract: A set of certificates are received at a gateway device from a management server, where each one of the certificates was generated by the management server upon determination that the gateway device is associated with a respective wireless sensing device (WSD). The gateway device receives from a first WSD an advertisement message indicating it is available for connecting to a gateway device. In response to confirming based on a first certificate of the set of certificates associated with the first WSD, that it is authorized to connect to the WSD, the gateway device transmits to the first WSD the first certificate and an identifier of the gateway device for enabling authentication of the gateway device at the WSD. The gateway device receives data from the first WSD, upon confirmation at the WSD that it is authorized to connect with the gateway device.

Abstract: A price-mining prevention system, in various embodiments, is configured for: (A) detecting an access to a particular web page containing pricing information; (B) determining whether a source of the access is an individual employed by one or more competitors of a company that owns the particular web page being accessed; and (C) at least partially in response to determining that the individual is employed by one or more competitors of a company that owns the particular web page being assessed, taking one or more defensive actions against the source of the access. The step of determining whether the individual is employed by a competitor of the company may comprise scanning a post made on one or more public message boards to determine, based on the content of the post, whether the message board poster is employed by a competitor of a company that owns the particular web page.

Abstract: Technologies for displaying public and private images includes a display device and one or more user viewing devices. The display device is configured to display or generate a personalized image or video that is viewable by an authorized user viewing device and not viewable by unauthorized viewing devices. To facilitate the display of the personalized images, the display device and the user viewing device(s) may negotiate a display protocol to be used by the display device to display the personalized image in a private manner. In some embodiment, the display device may also display a public image or video that is viewable by unauthorized viewing devices and/or individuals without viewing devices.

Abstract: An image processing apparatus is provided. The image processing apparatus includes a storage configured to store an operating system (OS) of the image processing apparatus, a script file including a program code and a first electronic signature, and an interpreter program provided to execute the program code on the OS; and at least one processor configured to perform an authentication of the first electronic signature with the OS in response to the interpreter program executing the program code on the OS, and selectively permit or block the execution of the program code according to whether the first electronic signature passes or fails to pass the authentication.

Abstract: Techniques for assessing risks of IoT device. A system utilizing such techniques can include a packet analysis based IoT device risk assessment system and an IoT device risk assessment system. A method utilizing such techniques can include extraction of IoT device risk factors from a device profile of an IoT device and application of assessment weights to the IoT device risk factors to assess a risk level of an IoT device.

Abstract: A firewall provides improved network security by allowing the use of dynamic objects in firewall rules, where the dynamic objects evaluate to a variable set of devices. The dynamic objects may be updated from real-time data sources and non-real time inventories of data. Dynamic objects may be used for either or both of source and destination in a firewall rule. Where the dynamic object includes non-real time data, the dynamic object may be synchronized with the non-real time data inventory on a configurable basis. By using dynamic objects, the firewall can provide flexibility in the rules to allow control over user-owned and controlled devices.

Abstract: Various embodiments concern mechanisms for facilitating communication between network-accessible platforms for developing, hosting, or running hybrid applications that utilize resources hosted across multiple platforms. Hybrid applications cause messages or “calls” to be passed between the platforms that must be authenticated. For example, when a call is placed by a Heroku platform to a Force.com platform, the call must be authenticated for security purposes. If Heroku has not already been authenticated when the call is submitted, an authentication process is invoked. An event listener can be used to register details regarding the initial callout task, and then register or “fire” an event when the authentication process is successfully completed. Registration of the initial callout task completely separates the authentication process from the resource being invoked. Requests can be completed without requiring further user input using at least some of the details registered by the event listener.