Abstract: An apparatus and method for determining a risk associated with a cyber-attack are provided. The apparatus includes a processor and a memory communicatively coupled to the at least a processor. The memory contains instructions configuring the at least a processor to receive a cyber profile associated with a digital environment. The processor is further configured to receive risk assessment category data associated with the cyber profile and determine a digital environment risk record based on the risk assessment category data. In addition, the processor is configured to generate a user interface data structure configured to display the determined risk record.

Abstract: A method of detecting unauthorized code modification within a kernel of a computer system comprising performing a first measurement of the kernel in a kernel location, by a measurement tool executing on the computer system and storing the first measurement in a storage location. Initiating the measurement tool in response to a trigger event to perform a second measurement of the kernel. Comparing the second measurement, of the kernel, to a first measurement, of the kernel, by the measurement tool to determine a comparison value. Initiating a monitoring tool, executing on the computer system, in response to the comparison value exceeding a threshold value.

Abstract: A communication system (1) includes a terminal information acquisition unit configured to acquire version information of an OS of a terminal (10), a comparison unit configured to compare a version of the OS of the terminal (10) acquired by the terminal information acquisition unit with a latest version of the corresponding OS, and a setting unit configured to set, when the version of the OS of the terminal (10) is not the latest version, a path along which traffic of the terminal (10) passes through a security appliance (5), and set, when the version of the OS of the terminal (10) is the latest version, a path along which the traffic of the terminal (10) does not pass through the security appliance (5).

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

Abstract: Embodiments of the present disclosure provide a first set of methods, computer-readable media, and system configured for: receiving a configuration for a domain name system (DNS) to log all queries; publishing a customized sender policy framework (SPF) policy to the DNS, the customized SPF policy comprising a macro-endowed mechanism; logging a plurality of received SPF customized queries; accessing a log comprising the plurality of received SPF customized queries; extracting data from each of the received SPF customized queries, the data being populated by the macro mechanism associated with the SPF customized query; populating a datastore with extracted data comprising at least one of the following: a username, a IP address, and a domain, as extracted from each received SPF customized query; and providing, based on the extracted data, an indication of outbound emails sent from the domain. In various embodiments, email authorizations and restrictions may be based thereon.

Abstract: An anti-malware application can emulate a suspicious program in a sandbox environment and retrieve any exception handlers the suspicious program attempts to register with the operation system. When the suspicious program triggers an exception, the anti-malware application can save a current context of the suspicious program being emulated. To emulate the handling of the exception, the anti-malware application can validate an exception handler chain including one or more exception handlers added by the suspicious program. The anti-malware application can then select and emulate an exception handler based on the saved context of the suspicious program at the time the exception was triggered. If the first exception handler is successful at resolving the exception, the anti-malware application can then save an updated post-exception context and continue emulation of the suspicious program based on the result of the first exception handler.

Abstract: In representative embodiments, a digital assistant is extended by service activities. A service activity executes as a service as part of the digital assistant. A service activity specifies a set of user data to be provided when invoked, at least one insight used to invoke the service activity in a proactive way and at least one intent used to invoke the service activity in a reactive way, and executable code that is executed when the service activity is invoked. A development environment provides templates to ease development of service activities. Service activities in development can be deployed alongside production services with access to service activities in development restricted to a set of authorized users.

Abstract: A system, method and computer-readable medium for data protection simulation and optimization in a computer network, including grouping data stored in data stores in the computer network into groupings according to an architectural or a conceptual attributes, storing, current values of risk metrics for each grouping, each of the metrics corresponding to sensitive domains, receiving a risk reduction goal corresponding to at least one risk metric in the risk metrics, the at least one risk metric corresponding to at least one sensitive domain in the sensitive domains, determining a simulated value of the at least one risk metric for each grouping in the groupings by simulating application of a protection mechanism to sensitive data in each corresponding data store, the sensitive data corresponding to the at least one sensitive domain, and ranking the groupings based on the at least one simulated value of the at least one risk metric for each grouping.

Abstract: Anomalous control and data flow paths in a program are determined by machine learning the program's normal control flow paths and data flow paths. A subset of those paths also may be determined to involve sensitive data and/or computation. Learning involves collecting events as the program executes, and associating those event with metadata related to the flows. This information is used to train the system about normal paths versus anomalous paths, and sensitive paths versus non-sensitive paths. Training leads to development of a baseline “provenance” graph, which is evaluated to determine “sensitive” control or data flows in the “normal” operation. This process is enhanced by analyzing log data collected during runtime execution of the program against a policy to assign confidence values to the control and data flows. Using these confidence values, anomalous edges and/or paths with respect to the policy are identified to generate a “program execution” provenance graph associated with the policy.

Abstract: The disclosed technology teaches a method for managing user access to one of a set of decentralized networked nodes that share a private permissioned blockchain data structure or a decentralized personal ledger, to which access has been limited to users authorized by one of the set of decentralized networked nodes.

Abstract: Systems and methods are disclosed for performing location-based authentication using location-aware devices. One method includes: receiving an access request comprising authentication credentials and a first location from a first location-aware device; receiving a second location from a second location-aware device associated with the authentication credentials; and upon determining that the first location and second location are within a pre-determined distance, authenticating the authentication credentials.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.

Abstract: A facility management system comprises a server, a biometric identification unit, and a processing circuit. The server is configured to store a list of registered users, and biometric information and access rights pertaining to each registered users. The biometric identification unit is associated with the building equipment. The biometric identification unit is enabled to facilitate a user desiring access to the associated building equipment to scan at least one biometric parameter, and subsequent to scanning of the biometric parameter the biometric identification unit is configured to generate a scanned biometric information.

Abstract: Techniques for providing dynamic resource implementation prioritization for a network are provided. In one embodiment, a method includes determining a user of a selected device and assigning a user value based on the user's identity. The method includes determining related devices on the network by evaluating user behavior information to identify devices in the network that are in communication with the selected device. The method includes calculating a composite device value based on a value of the selected device, the user value, and values of the related devices. The method includes determining a probability factor for potential security vulnerabilities affecting the selected device and calculating a risk score based on the composite device value and the probability factor. Security measures may be implemented based on a comparison of the calculated risk score for the selected device with a plurality of risk scores for other devices in the network.

Abstract: The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus.

Abstract: Disclosed herein are system, method, and computer program product embodiments for managing cloud-based document permissions. In an embodiment, a document generation system may generate and/or store a cloud-based document. The document generation system may also generate links to the cloud-based document. The generated links may be associated with different permissions. For example, a first link may allow a first client device accessing the first link to edit the document while a second link may allow a second client device accessing the second link to only view the document. Other permissions may also include generating distinct graphical user interfaces (GUIs) associated with different links. The GUIs may accept input messages and/or comments in a chat panel. The document generation system may facilitate the delivery of these input messages to other client device with document access.

Abstract: Disclosed are various embodiments for using distributed ledgers to assist in securely developing applications. An application component comprising a component file can be received from a validation client. It can then be determined that the application component complies with a security policy. In response to a determination that the application component complies with the security policy, an endorsed application component record can be generated that comprises the component file or a network address at which the component file is obtainable and a signature for the component file generated with an asymmetric key-pair stored in the memory. The endorsed application component record can then be stored in the distributed ledger.

Abstract: A method for collecting and managing event data of a vehicle can be performed by one or more computing systems. The method includes acquiring event data generated by an event data recorder mounted on a vehicle and a first certificate assigned to the vehicle, associating the event data with the first certificate, storing the event data in a first database, acquiring the first certificate and a second certificate assigned to the vehicle, associating the first certificate with the second certificate, and storing the first certificate in a second database.

Abstract: Verification of a data recipient is disclosed, including: sending, to a server, a request for requested information, wherein the request includes identifying information associated with a user; receiving, from the server, at least two pieces of information over different transmission channels; sending, to the server, recovered security data that is generated based at least in part on the at least two pieces of information, wherein the server is configured to determine whether the recovered security data matches stored security data; receiving, from the server, protected requested information associated with the request; and using the recovered security data to recover unprotected requested information based at least in part on the protected requested information.

Abstract: Techniques to provide mobile access to content are disclosed. A request from a mobile application running on a mobile device to access content is received at a connector node. A user credential associated with the request is used to identify at the connector node a policy associated with the request. A policy metadata associated with the policy is provided from the connector node to the mobile application running on the mobile device. The mobile application may include application code that is responsive to the policy metadata to perform, with respect to the request to access content, an action indicated by the policy.