Abstract: In a method for detecting an attack compromise window in a CMS website for which a temporal sequence of a plurality of snapshots of website backups have been stored, a temporally ordered set of spatial elements from each snapshot is constructed. Spatial metrics are computed for each individual snapshot's elements. The collected spatial metrics are temporally correlated and queried against attack models to recover an attack timeline. Attack events in the attack timeline are labelled. A sequence of assigned attack labels is verified. The compromise window is extracted from the plurality of snapshots.

Abstract: The present disclosure describes digital watermark detection systems and methods. In one such system, a plurality of intellectual property cores are integrated on a system-on-chip, such that the intellectual property cores comprise a first intellectual property core and a second intellectual property core. The system further includes a first network interface connected to the first intellectual property core that can encode a first digital watermark into a packet stream designated for the second intellectual property core. The system further includes a second network interface connected to the second intellectual property core that can receive the packet stream and decode the packet stream to generate a second digital watermark. The second network interface is further configured to perform a validation test on the packet stream and deliver the packet stream to the second intellectual property core when the first digital watermark is determined to match the second digital watermark.

Abstract: Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include instantiating an odometer with a nested privacy filter architecture, the nested privacy filter including privacy filters of different, increasing sizes, training a DL model, maintaining, during training and by a privacy odometer that operates using the nested privacy filter, a running total of privacy loss budget consumed by the training, and responsive to a query for the total privacy loss budget consumed, returning, by the odometer, a size of a smallest privacy filter of the nested privacy filters that is bigger than the running total of the privacy loss budget.

Abstract: A system and method for identifying authorized job step programs. The process identifies a plurality of job step programs. It then identifies authorized program facility (APF) authorized programs from the plurality of job step programs. An output table of APF authorized program is generated. This table is used to submit at least one batch job using the output table. A list identifying which parameters in a parameter string contain an address for each APF program in the output table is generated. This list is then provided for program testing.

Abstract: An electronic device for receiving and seamlessly providing cybersecurity analyzer updates and concurrent management systems for detecting cybersecurity threats including a processor and a memory communicatively coupled to the processor. The memory stores an analyzer logic to generate a first analyzer configured to receive a suspicious object for threat evaluation, an inspection logic to manage a first queue of suspicious objects for threat evaluation to the first analyzer, and an update logic to receive updated cybersecurity analytics content data. The analyzer logic receives updated cybersecurity analytics content data and can generate a second analyzer that incorporates at least a portion of the parsed updated cybersecurity analytics content data.

Abstract: The method includes receiving a first identity attribute; determining a corresponding first level of assurance (LOA) based on the first identity attribute and a first attribute history; receiving a second identity attribute; determining a corresponding second LOA based on the second identity attribute and a second attribute history; defining a Self-Sovereign Identity (SSI) based on the first identity attribute, the second identity attribute, the first LOA, and the second LOA; and determining an aggregate LOA based on the SSI.

Abstract: When having detected that key data set to an accelerator by command information is not key data permitted to use, a monitor unit issues, to a storage control unit, a suspension request for suspending processing related to writing of data, a compute unit having received an instruction from an application program reads data from the storage device, encrypts read data using the accelerator, and issues, to the storage control unit, an instruction to write encrypted data to the storage device, and when having received the suspension request, the storage control unit suspends processing related to writing of data to the storage device.

Abstract: Methods, systems, and devices for leveraging data already collected on a user in a secure and private manner, in particular to verify user credentials for third parties. The methods, systems, and devices innovate beyond traditional security and privacy platforms in computer systems by processing the data to create a useable metric for the purposes of the third parties, in which the useable metric preserves the security and privacy of the underlying data.

Abstract: Methods and systems for injected byte buffer data classification are disclosed. According to an implementation, a security agent can detect process injection events, gather byte buffer data associated with the process injection events, and send the byte buffer data to a security service comprising a byte buffer classification function. The byte buffer classification function can be implemented as a trained transformer type neural network machine learning model, which can analyze the byte buffer data and generate a classification output comprising a probability that the byte buffer data is associated with a malicious process injection.

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.

Abstract: Techniques for securing data in a storage device are disclosed. The storage device includes one or more authentication components including one or more of a biometric reader, a positioning system, and a wireless receiver. The storage device further includes a security subsystem configured to secure data using multiple authentication factors obtained using the one or more authentication components.

Abstract: A method performed by a first network entity (121, 131) for authenticating an event in a communications network (101, 102, 103, 104) is provided. The first network entity (121, 131) is configured to receive an event signal. The first network entity (121, 131) is also configured to authenticate the event if the received event signal correlates with an 5 output signal of a closed-loop shift register in the first network entity (121,131). Furthermore, the first network entity (121, 131) is configured to trigger a change in the closed-loop shift register in order to obtain a subsequent output signal from the closed-loop shift register. A first network entity (121, 131) for authenticating an event is also provided. Further, a wake-up receiver circuit (1210) comprising the first network entity 10 (121, 131) is provided, as well as, a wireless device (1200) comprising the wake-up receiver circuit (1210).

Abstract: Various embodiments include systems and methods to implement a process for determining expected exploitability of security vulnerabilities. Vulnerability information corresponding to a security vulnerability is input into a multi-headed neural network. A first feature vector is output via a probability of exploitation head of the multi-headed neural network. The first feature vector is extracted from the vulnerability information and comprises a first set of features. A second feature vector is extracted from code snippets and an abstract syntax tree analyzer, with the second feature vector including a second set of features related to the security vulnerability. The two feature vectors are concatenated to produce a third feature vector, and a regression model is used to determine a probability of exploitation for the security vulnerability based at least in part on the third feature vector.

Abstract: A device may provide a verification indicator to a device associated with a website. The verification indicator may be associated with verifying access to the website. The device may detect that the verification indicator has been associated with code associated with the website based on processing the code. The device may provide a script to the device. The script may be included in the code. The script may be associated with monitoring operations of the website. The device may receive data related to the operations. The device may analyze the data using a model. The model may be associated with making a prediction related to at least one of: a value to be received via the website, or traffic associated with the website. The device may perform one or more actions related to the website based on a result of the analyzing.

Abstract: Systems and methods are described for mitigating false positives in a simulated phishing campaign. A simulated phishing message reported to second security awareness system by a user as suspicious is received by first security awareness system. The reported message includes a link that has been followed. Link data of followed link of the reported message is held in click cache having predetermined delay. Post the predetermined delay, whether the link was followed by second security awareness system instead of being clicked by user responsive to identifying that link data in click cache corresponds to link data in link cache or internet protocol (IP) address of an entity that follows a link corresponds to IP address stored in IP cache known to be associated with second security awareness system. Responsive to determination, second security awareness system's following of link of the reported message is excluded as interaction of the user.

Abstract: In one embodiment, a method may comprise: instrumenting, by a process, runtime of a software application; detecting, by the process, a reflection call made within the runtime of the software application; determining, by the process and from the reflection call, a reflection target and a reflection caller; comparing, by the process, the reflection target, the reflection caller, and the reflection call against a security policy; and performing, by the process, one or more mitigation actions on the reflection call in response to a violation of the security policy. In another embodiment, a secure audit process first generates the security policy based on approving reflection calls, reflection targets, and reflection callers seen during a runtime of the software application in a secure environment, and then shares the security policy with local instrumentors of the software application to cause enforcement of the security policy against a local runtime of the software application.

Abstract: Methods and systems for identifying personally identifiable information (PII) are disclosed. In some aspects, frequency maps of fields storing known PII information are generated. The frequency maps may count occurrences of unique bigrams in the PII fields. A field of interest may then be analyzed to generate a second frequency map. Correlations between the first frequency maps and the second frequency map may be generated. If one of the correlations meets certain criterion, the disclosed embodiments may determine that the field of interest does or does not include PII. Access control for the field of interest may then be based on whether the field includes PII. In some aspects, a storage location of data included in the field of interest may be based on whether the field includes PII.

Abstract: A system and method monitors access of an external storage device connected to a target device. A notification of a connection of the external storage device to the target device is received, a notification of an external file access on the external storage device is received, and activity of a user on the target device is monitored to detect a user operation accessing a source file stored on the target device. Events are logged based upon the connection, the user operation, and the external file access. Two or more of the events are associated with a copy of the source file to the external connected storage device and the source file history. An alert regarding the association is forwarded to a monitor application in communication with the target device.

Abstract: Embodiments of the present disclosure are directed to systems and methods for group-based filtering of user devices on a wireless network. Upon a request from a user device to access a requested network service, a device specific identifier associated with the user device is used to determine one or more groups associated with the user device. Based on any access restrictions for the one or more groups associated with the user device, the requested network service may be selectively authorized or provided.