Abstract: The technology disclosed relates to simulating spread of a malware in cloud applications. In particular, the technology disclosed relates to accessing sharing data for files shared between users via sync and share mechanisms of cloud applications, tracing connections between the users by traversing a directed graph constructed based on the sharing data, and simulating spread of a malware based on the traced connections to simulate user exposure to, infection by, and transmission of the malware. The connections are created as a result of syncing and sharing the files via the sync and share mechanisms. The malware is spread by syncing and sharing of infected ones of the files via the sync and share mechanisms.

Abstract: Disclosed herein are systems and method for detecting malware signatures in databases. In one exemplary aspect, a method may comprise identifying a plurality of entries of the database, wherein each entry represents a record stored on a computing device and selecting at least one suspicious entry in the plurality of entries. The method may comprise retrieving a record associated with the suspicious entry and applying a transformation to original contents of the record. The method may comprise scanning the transformed contents of the record for a malware signature. In response to detecting a portion of the transformed contents that matches the malware signature, the method may comprise executing a remediation action that removes a corresponding portion from the original contents of the record and updating the database by replacing the at least one suspicious entry with an entry of the record on which the remediation action was executed.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: A computer system generates a hierarchical evolutionary tree of digests of sample files. The digests are generated using a locality sensitive hashing function. The digests are grouped into several clusters, and the clusters are grouped into several nodes. The nodes are connected in hierarchical order to generate the hierarchical evolutionary tree. A digest of a file being evaluated for malware is generated using the locality sensitive hashing function. The digest is put in a cluster of the hierarchical evolutionary tree having digests that are most similar to the digest relative to digests of other clusters of the hierarchical evolutionary tree. The digest is identified to be of the same malware family as the digests of the cluster.

Abstract: In an example embodiment, rather than merely identifying and patching vulnerabilities, a defender in a computer system is able to utilize deception to set traps for attackers who might attack an application. In this manner, rather than the attacker simply merely needing one entry point to succeed, the attacker would then need to avoid all traps, and the defender only needs one trap to be alerted of the attacker. More particularly, in an example embodiment, traps are set in a way that fools attackers, by blending deceptive but believable network traffic into real traffic to and from the application.

Abstract: A vehicle surveillance device for an in-vehicle network system that includes one or more electronic control units includes: a frame transmitter and receiver that receives a frame flowing over the in-vehicle network system; and a score calculator that detects a suspicious behavior different from a normal driving behavior based on the frame received by the frame transmitter and receiver and vehicle data including information on one or more frames received by the frame transmitter and receiver prior to receiving the frame, and calculates, based on a detection result, a score indicating a likelihood that reverse engineering has been performed on a vehicle provided with the in-vehicle network system.

Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Abstract: Techniques are described herein for assembling/evaluating automated assistant responses for privacy concerns. In various implementations, a free-form natural language input may be received from a first user and may include a request for information pertaining to a second user. Multiple data sources may be identified that are accessible by an automated assistant to retrieve data associated with the second user. The multiple data sources may collectively include sufficient data to formulate a natural language response to the request. Respective privacy scores associated with the multiple data sources may be used to determine an aggregate privacy score associated with responding to the request. The natural language response may then be output at a client device operated by the first user in response to a determination that the aggregate privacy score associated with the natural language response satisfies a privacy criterion established for the second user with respect to the first user.

Abstract: Methods, systems, and apparatuses are described herein for improving the security of personal information by preventing attempts at gleaning personal information from authentication questions. A computing device may receive a request for access to an account associated with a user. The request may comprise candidate authentication information. Based on comparing the candidate authentication information with the account data, the computing device may generate a synthetic authentication question. The synthetic authentication question may be generated as if the candidate authentication information is valid. A response to the synthetic authentication question may be received, and the request for access to the account may be denied.

Abstract: A method, apparatus, and system are provided for verifying a location of data stored on at least one storage device within at least one cell area served by at least one network node of a wireless communication network. In one embodiment, a location assurance gateway is provided with a communication interface and processing circuitry, the processing circuitry configured to cause the communication interface to communicate with the at least one network node of the wireless communication network for location information associated with the at least one cell area, the location information associated with the at least one cell area being used to verify a location of the data stored on the at least one storage device.

Abstract: The technology disclosed teaches incident-driven and user-targeted data loss prevention that includes a CASB controlling infiltration via cloud-based services storing documents in use by organization users, by monitoring manipulation of the documents. The CASB identifies the cloud-based services that the particular user has access to and at least one document location on the cloud-based services to inspect for sensitive documents, in response to receiving an indication that user credentials have been compromised. The CASB performs deep inspection of documents identified as stored at the location and detects at least some sensitive documents. Based on the detected sensitive documents, the CASB determines an exposure for the organization due to the particular user.

Abstract: A system for managing security on a cloud management platform portal (CMPP (1)), the system comprising a set of routines (scripts) which are executed on a computing device or processor allowing the cloud management platform portal to contact a cloud automation service (CAS (4)) so as to provision services to a customer, and a ServiceNow (2) (SNOW) application comprising at least one of a set of routines comprising at least one of certain specified network Standard Service Requests and/or network activity Standard Service Requests.

Abstract: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

Abstract: There are provided systems and methods for user specific error detection for accepting authentication credential errors. A service provider, such as an authentication server and/or transaction processor, may require credentials for a user to utilize a specific service, such as an account and account services. The user may establish an authentication credential, such as a password or other secret, that allows the user to use the account. The user may then attempt to utilize the credentials with the service provider but may perform a typo in entering the authentication credential. The service provider may reject an authentication of the user but may allow the user to reenter the authentication credential. If the user correctly enters the authentication credential at this stage, the service provider may perform analysis of the incorrect and correct authentication credential to determine whether to allow the incorrect authentication credential for future authentications.

Abstract: A method includes receiving a scan request requesting to scan a set of network-connected assets designated for a network scan. For each respective network-connected asset, the method includes scanning, at a network security scanner using a first scanning privilege level, the respective network-connected asset. The method includes determining, based on the scan using the first scanning privilege level, whether the respective network-connected asset has a vulnerability. In response, the method includes scanning, at the network security scanner using a second scanning privilege level, the respective network-connected asset. The second scanning privilege level defines a lower level of access the network security scanner has than the first scanning privilege level. The method includes determining, based on the scans, an exposure level of the vulnerability. The method includes reporting the exposure level of the vulnerability to a user of the respective network-connected asset.

Abstract: Systems and methods are disclosed for establishing controlled remote access to debug logs. An example method may comprise: receiving, by a first computing device, from a second computing device, an encrypted file comprising a debug log; running, within a trusted execution environment of the first computing device, a log access application; sending, to the second computing device, a request for access to the debug log by the log access application, wherein the request comprises a validation measurement generated by the trusted execution environment with respect to the log access application; receiving, from the second computing device, an access key; and accessing the debug log using the access key.

Abstract: The present disclosure discloses a method, apparatus, device, and storage medium for defending against attacks, which relate to the technical field of information security, and can be used in intelligent traffic or an autonomous driving scenario. The specific implementation solution is: acquiring an instruction set including at least one instruction for controlling vehicle state; comparing each instruction in the instruction set with at least one attack instruction in an attack behavior knowledge base respectively to determine a maximum similarity value corresponding to each instruction; and determining the type of the instruction and of the processing tactics for the instruction according to the maximum similarity value corresponding to each instruction and a preset similarity range.

Abstract: Techniques are described herein for assembling/evaluating automated assistant responses for privacy concerns. In various implementations, a free-form natural language input may be received from a first user and may include a request for information pertaining to a second user. Multiple data sources may be identified that are accessible by an automated assistant to retrieve data associated with the second user. The multiple data sources may collectively include sufficient data to formulate a natural language response to the request. Respective privacy scores associated with the multiple data sources may be used to determine an aggregate privacy score associated with responding to the request. The natural language response may then be output at a client device operated by the first user in response to a determination that the aggregate privacy score associated with the natural language response satisfies a privacy criterion established for the second user with respect to the first user.

Abstract: Techniques are described for providing an application programming interface (API) architecture that is capable of supporting cross-site request forgery (CSRF) protection with an attribute flag in a cookie, for client devices that utilize a stateless user session to interface with an API gateway. A client device may transmit session requests received by an API gateway. The API gateway may generate a session, and a cookie including session properties associated with the session. The cookie may further include the attribute flag associated with a CSRF token. By transmitting the cookie with the attribute flag to the client device, the client device may receive and insert the cookie into subsequent requests to indicate a requirement that the subsequent requests be accompanied by the CSRF token. In this way, the API gateway may utilize the attribute flag indicating the requirement for the CSRF token to protect the client device from malicious attacks.

Abstract: The present invention discloses a method and a server for authentication adaptive to a secured application. The method comprising encrypting a part of continuous streams of random real-time data using a user's public key to form a first encrypted data when the request is received from a first entity, transmitting the first encrypted data to the first entity, wherein the first entity communicates the first encrypted data to a second entity, receiving a second encrypted data from the second entity, wherein the second encrypted data is created by decrypting the first encrypted data using a user's private key and encrypting the decrypted data using the user's private key, authenticating the second encrypted data received from the second entity by comparing data decrypted from the second encrypted data with the part of continuous streams of random real-time data stored in the authentication server and initiating action based on authentication.