Abstract: A system deletes and sanitizes files in a distributed file system. The system also randomizes rotation of data in a distributed file system.

Abstract: Various systems and methods for managing identity credentials on a mobile device are described herein. A verifier device may perform operations including receiving one or more data elements associated with a credential, wherein the data elements are signed with a signature associated with an issuer of the data elements, analyzing the signature to determine a confidence score, the confidence score enumerated into a plurality of confidence levels, configuring a verification process based on the confidence score, and executing the verification process.

Abstract: Systems and methods for enhancing a routing protocol of a telecommunications network are provided. In one embodiment, a method for enhancing the Intermediate System to Intermediate System (IS-IS) routing protocol is provided. The method includes receiving a packet from a first peer device on a network; determining whether a mismatch exists in an authentication of the packet from the first peer device; and responsive to an authentication mismatch, sending a flush instruction to a plurality of peer devices on the network to remove any link state packets from the first peer device. The plurality of peer devices are configured to remove all link state packets from the first peer device regardless of a type of authentication and a type of mismatch.

Abstract: A system for inoculating a computer network against malware is described. Specifically, environmental indicators used by anti-analysis and target filtering mechanisms of a malware program may be determined based on analysis within a virtual or physical sandbox environment. The environmental indicators may be sent to computing devices associated with the computing network. The malware program, based on the environmental indicators, may be spoofed to assume that a computing device is associated with an anti-malware system, and/or is a device that is not to be infected. Based on this assumption, the malware program may not execute within the computing device.

Abstract: Some implementations disclosed herein provide systems and methods that use an inmate-accessible electronic briefcase to facilitate an inmate's organization of significant content. Electronic documents are created and stored in an organized document storage area that may be accessed while the inmates are incarcerated and after the inmates are released.

Abstract: An approach for clustering large sets of categorical data involves iteratively ordering the data points, partitioning the data into blocks based on the ordering, and clustering the data points within each block, where different iterations use different orderings and, thus, different partitionings. In some embodiments, the data points are represented by multi-dimensional categorical vectors, and the orderings are based on permutations of the categorical dimensions. The iterative clustering may be repeated for multiple successive time windows to track the clusters. Various applications of the disclosed clustering approach, including for cyber security, are also described.

Abstract: A system for transmitting and receiving data, in particular for a rail vehicle, includes at least one in-vehicle control unit for processing and generating data, at least one external server unit with a communication device for establishing a communication connection with at least one in-vehicle interface, and at least one in-vehicle interface for transmitting data generated by the at least one in-vehicle control unit and for receiving data transmitted by the at least one external server unit. The at least one in-vehicle control unit and the at least one in-vehicle interface are interconnected so as to transmit data through an electronic filter device.

Abstract: A method for detecting a microarchitectural attack on a trusted execution environment (TEE) and/or a violation of an expected execution flow of an application running in the TEE includes implementing a counting thread. An eviction set is loaded in a transaction. The eviction set corresponds to a cache set used by an operation of the application such that a transactional abort is received upon the operation being executed. A value of the counting thread is read upon receiving the transactional abort. These steps are repeated for a next operation of the application running in the TEE and an execution time is measured for the operation based on a difference between the values of the counting thread. The measured execution time for the operation is compared with an expected execution time to detect one or more variations that indicate the microarchitectural attack and/or the violation of the expected execution flow.

Abstract: A computerized system for encryption and transmission of digital information comprising: a set of non-transitory computer readable instructions that, when executed by a processor, preform the steps of: receiving a data set from an instance of a sender browser running on a sender computer device, verifying that a recipient is a subscriber and if the recipient is a subscriber, generating a sender key, encrypting a portion of the data set with the sender key, generating a key pair having a first key and a second key, encrypting the sender key with the first key, encrypting the second key with a master key, and, generating a hyperlink to the portion of the data set that is encrypted.

Abstract: An information technology (IT) and security operations application is described that enables cross-tenant analyses of data to derive insights that can be used to provide actionable information across the application including, for example, action recommendations, threat confidence scores, and other incident data enrichments. The generation and presentation of such information to users of an IT and security operations application can enable analyst teams to more efficiently and accurately respond to various types of incidents in IT environments, thereby improving the overall operation and security of the IT environments. Furthermore, because of the shared use of an IT and security operations application concurrently by any number of separate tenants, such cross-tenant analyses can be performed in near real-time and on an ongoing basis to deliver relevant insights.

Abstract: A method of cyber risk assessment includes receiving request for a quantitative cyber risk assessment from an entity associated with a domain name. Entity information is non-intrusively gathered from a plurality of data sources about the entity based on the domain name. A digital footprint of the entity is discovered based the associated domain name using non-intrusive information gathering. At least one characteristic of the entity is classified to determine an entity classification and at least one entity risk quantification parameter. At least one control item is fetched from the knowledge database. An entity technical finding is determined based on the fetched at least one control item and based on the discovered digital footprint. At least one industry-related quantification parameter is fetched based on the entity technical finding and based on the entity classification. A quantitative risk value is calculated from a determination of loss frequency and loss magnitude.

Abstract: An intrusion point identification device includes: a threat information collector that collects and stores threat information including identification information identifying a moving body, route information indicating a route through which the threat has intruded into the moving body, and discovery information indicating a discovery date of an attack; a vehicle log collector that collects logs, extracts, from the logs, histories of points that indicate locations of one or more moving bodies within a predetermined period, and stores the histories of the points as history information, the logs indicating points that indicate locations of the one or more moving bodies, the predetermined period being set based on the discovery information; an intrusion point identification unit that identifies an intrusion point of the threat from a first attack source through a first route among the points indicated in the history information; and an intrusion point notifier that outputs the intrusion point.

Abstract: A computer implemented method and system for near field communication authentication sharing techniques is disclosed. The method comprises providing user credentials to access an application on a first device; sending a request to share the authentication with a second device; in response to the request, receiving an authentication code; and transmitting the authentication code to the second device, wherein sharing enables the second device to access the application on the second device without providing user credentials.

Abstract: Providing an isolation system that allows analysts to analyze suspicious information in way that aids in preventing harmful information from spreading to other applications and systems on a network. A plurality of virtual containers may be used by analysts to analyze the suspicious information. The analyst may utilize a non-native application to analyze the suspicious information within the virtual container. The non-native application may be used to analyze the suspicious information in an analysis format instead of an original format for which the suspicious information, and any harmful information therein, were intended to be accessed. Additionally, the virtual containers may be accessed through the use of an API that allows an analyst to analyze the suspicious information in the virtual container without transferring information from the virtual container back to the analyst user computer system.

Abstract: The present invention pertains to a method and system for preventing unauthorized access via signal interception and hacking to a user's secure mobile device. One embodiment of the system further comprises an encryption server in communication with the secure mobile device, a clear server in communication with a clear mobile device, and a termination gateway in connection with secure and clear POTS phones on the PSTN. The termination gateway communicates with the clear and encryption servers by IP tunneling. The system enables universal access between secure and non-secure packet-switched phone lines, operating via the Internet, and clear and secure circuit-switched phone lines operating on the PSTN.

Abstract: A system for testing a security object is disclosed. The system comprises processors and memory storing a plurality of security engines and instructions that, when executed by the processors, causes the system to: access a decision tree comprising a first node and a plurality of second nodes; link a first leaf node of the decision tree with a first security engine; link a second leaf node of the decision tree with a second security engine; receive a security object comprising a digital asset that is attackable using one or more attack execution operations; and test the security object using the decision tree to determine a security threat parameter for the security object. The security threat parameter may be used to prioritize one or more remediation steps for mitigating against the one or more attack execution operations associated with the digital asset.

Abstract: An example intermediary system allows a control system to securely identify and communicate with a device. The device uses master secret and time data shared with the control system to generate and advertise a time-dependent device identifier and potentially an encrypted device message. The intermediary system augments the received device data with a message (e.g., an estimate of the device's location) encrypted using the time-dependent device identifier as an encryption key. Furthermore, it hashes the time-dependent device identifier for additional security. The augmented data is provided for retrieval and processing by the control system. The owner uses the shared master secret, time data and hash function to generate a hashed time-dependent device identifier used to retrieve matching augmented data from the server. The retrieved message data is decrypted using the reverse of the encryption operations.

Abstract: The technology disclosed intercepts a webpage rendered by a server in response to a user action executed on a client. The technology disclosed analyzes one or more images of the webpage and determines that a particular hosted service is represented by the images. It analyzes one or more fields of the webpage and determines that the fields elicit confidential information. The technology disclosed intercepts a request generated by the client in response to another user action providing the confidential information via the fields. The technology disclosed analyses the request and determines that the confidential information is being exfiltrated to an unsanctioned resource. This determination is made by comparing a resource address in the request with one or more sanctioned resource addresses used by the particular hosted service. The technology disclosed determines that the webpage is effectuating a phishing attack and blocks transmission of the confidential information to the unsanctioned resource.

Abstract: An apparatus and method for assessing security risk for digital resources are described. The apparatus includes at least a processor and a memory communicatively coupled to the at least a processor. The memory includes instructions configuring the at least a processor to receive digital resource data about a plurality of digital resources in a digital environment, calculate a resource significance score for each digital resource based on the digital resource data, determine at least one critical resource as a function of the resource significance score, and analyze a digital security risk associated with the at least one critical resource.

Abstract: Example methods are provided to use a guest monitoring mode (GMM) module in a hypervisor to monitor for attempts to maliciously modify operating system (OS) kernel objects in a virtualized computing environment. A created OS kernel object is migrated to a memory space where the GMM module can detect an attempt to modify the OS kernel object. The GMM module uses reference information to determine whether the modification is authorized by trusted OS kernel code or is being attempted by malicious code.