Abstract: The disclosed computer-implemented method for managing privacy policy violations may include obtaining, by the computing device, an intermediate representation of a privacy policy, wherein the intermediate representation denotes a formal policy and is generated by extracting the privacy policy in natural language from a website and parsing the privacy policy. The method may also include comparing, by the computing device, behavior of the website against the intermediate representation, thereby detecting at least one violation of the formal policy. The method may further include enforcing, by the computing device, the formal policy at least in part by taking a security action in response to the violation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Location-based anomaly detection based on geotagged digital photographs. In some embodiments, a method may include identifying a completed transaction associated with a user. The method may also include determining a transaction geographic location associated with the completed transaction. The method may further include identifying a mobile device associated with the user. The method may also include identifying one or more geotagged digital photographs taken by the mobile device. The method may further include extracting one or more photograph geographic locations from the one or more geotagged digital photographs. The method may also include, in response to determining that the transaction geographic location is not within a threshold distance of any of the one or more photograph geographic locations, identifying the completed transaction as a suspicious transaction and performing a remedial action.

Abstract: A computer-implemented method for protecting data on devices may include (i) identifying a device that is operated by a user and that comprises private data pertaining to the user, (ii) determining that stalkerware on the device is sending the private data to an unauthorized device not operated by the user, (iii) requesting, in response to determining that the stalkerware is sending the private data to the unauthorized device, that the user select at least one safety plan step from a set of safety plan options, and (iv) modifying, at least in part based on the safety plan step selected by the user, outgoing data sent by the stalkerware to the unauthorized device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting coordinated propagation of social media content may include calculating, by a computing device, a content similarity score for each social media post in relation to other social media posts in a set of social media posts. The method may also include identifying a related subset of social media posts based on the content similarity score. Additionally, the method may include detecting one or more clusters of social media posts in the related subset by clustering social media posts based on content similarity scores and timing. Furthermore, the method may include determining that a user account associated with a social media post in a detected cluster is in a coordinated network of user accounts. Finally, the method may include performing a security action in response to determining that the user account is in the coordinated network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting fraudulent shopping websites may include (i) identifying a shopping website that advertises a plurality of allegedly available payment options for completing transactions on the shopping website, (ii) determining, based at least in part on an analysis of the plurality of allegedly available payment options that at least one of the plurality of allegedly available payment options is suspicious, (iii) calculating a trustworthiness score for the shopping website that is based at least in part on the determination that at least one of the allegedly available payment options is suspicious, and (iv) displaying an alert to a user based on the trustworthiness score of the shopping website. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure provides systems, methods, and computer-readable media for managing graphics processing unit (GPU) allocation for a virtual machine (VM). A first GPU driver, associated with a first GPU, is offloaded from an operating system (OS) of the VM. Then, the first GPU is deallocated from the VM. A second GPU is allocated to the VM, and a second GPU driver, associated with the second GPU, is loaded in the OS of the VM. To restore a GPU context from the first GPU within the second GPU, a GPU command log from the first GPU is replayed to the second GPU.

Abstract: The disclosed computer-implemented method for customizing security alert reports may include (i) identifying a local machine learning model that predicts how a client responds to security alerts generated for the client, (ii) identifying a set of peer machine learning models that predict how a set of peers of the client each responds to security alerts generated for each respective peer, (iii) measuring a level of similarity between the client and each respective peer of the set of peers according to a similarity metric to create a similarity model, (iv) aggregating the local machine learning model and at least one of the set of peer machine learning models based on the similarity model to create an aggregated machine learning model, and (v) protecting the client by applying the aggregated machine learning model to customize an electronically displayed security alert report. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may include (i) identifying a first light-and-radio frequency signature that was captured by a security device based on signals emanating from a mobile computing device at a first time and location, (ii) identifying a second light-and-radio frequency signature that was captured by a same or different security device based on signals emanating from the same mobile computing device at a second time and location, (iii) determining that the first light-and-radio frequency signature and the second light-and-radio frequency signature match such that an inference is made that an individual possessing the mobile computing device was present at both the first time and location and the second time and location, and (iv) performing, based on the inference, a security action to protect a user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Adaptive security filtering on a client device. A method may include applying a data filter to a client device to obtain a first set of data associated with the client device, determining a risk level of a datum of the first set of data, determining a resource level associated with obtaining the first set of data, adjusting the data filter to an adjusted filter based on the determined risk level of the datum and the determined resource level, and applying the adjusted filter to the client device.

Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for generating user profiles may include (i) analyzing a data set of user profiles for services, (ii) detecting a measurement of obfuscation that was applied to a specific attribute across multiple user profiles for a specific service, (iii) applying the measurement of obfuscation to true data for a new user by fuzzing the true data to create a fuzzed value, and (iv) generating automatically a new user profile for the specific service by populating the specific attribute within the new user profile with the fuzzed value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Protecting against an impersonation scam in a live video stream. In some embodiments, a method may include periodically extracting and storing signature features from verified video streams of verified streamers, identifying an unverified live video stream of an unverified streamer being viewed by one or more users, extracting and storing signature features from the unverified live video stream, computing overall distance scores between the signature features of the unverified live video stream and the signature features of the verified video streams, determining whether the unverified streamer is impersonating one or more of the verified streamers by determining whether one or more of the overall distance scores are less than a distance threshold, determining whether one or more text signature features of the unverified live video stream include an impersonation scam, and performing a remedial action to protect the one or more users from the impersonation scam.

Abstract: The present disclosure relates to using correlations between support interaction data and telemetry data to discover emerging incidents for remediation. One example method generally includes receiving a corpus of support interaction data and a corpus of telemetry data. Topics indicative of underlying problems experienced by users of an application are extracted from the corpus of support interaction data. A topic having a rate of appearance in the support interaction data above a threshold value is identified. A set of telemetry data relevant to the topic is extracted from the corpus of telemetry data, and a subset of the relevant set of telemetry data having a frequency in the relevant set of telemetry data above a second threshold value is identified. The topic and the subset of telemetry data are correlated to an incident to be remediated, and one or more actions are taken to remedy the incident.

Abstract: The disclosed method for assuring authenticity of electronic sensor data may include (i) capturing, using a sensor within a device, electronic sensor data, and (ii) digitally signing, using a cryptoprocessor embedded within the device, the electronic sensor data to create a digital signature that verifies that the signed electronic sensor data has not been modified since the electronic sensor data was captured by the sensor. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for categorizing web applications based on age restrictions in online content policies may include (i) accessing a web application associated with a group of application pages, (ii) determining policy data for accessing content from the web application in the application pages, (iii) extracting one or more age restrictions for accessing the web application from the policy data, and (iv) performing a security action that prevents underage access to the web application based on the age restrictions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for learning queries in automated incident remediation is performed by one or more computing devices, each comprising one or more processors. The method includes parsing at least a portion of incidents from an incident log based at least in part on one or more incident types associated with each incident from the portion of the incidents, identifying parameters associated with a plurality of queries, grouping the plurality of queries into a plurality of query groups based at least in part on the identified parameters, identifying a new incident added to the incident log, and generating an automated query based at least in part on a similarity between the new incident and a prior incident.

Abstract: The disclosed computer-implemented method for controlling uploading of potentially sensitive information to the Internet may include (i) loading, at the computing device, at least a portion of a webpage and (ii) performing a security action including (A) converting, at the computing device, components of the webpage from an online status to an offline status, (B) receiving a sensitive information input to a respective offline component of the webpage, (C) converting, based on a stored user preference and in response to receiving the sensitive information input, the respective offline component to the online status, (D) buffering an outgoing network request comprising the sensitive information input, (E) receiving an approval input indicating approval to transmit the potentially sensitive information to the Internet, and (F) releasing the outgoing network request in response to receiving the approval input. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for establishing restricted interfaces for database applications may include analyzing, by a computing device, query behavior of an application for query requests from the application to a remote database in a computer system and identifying, based on the analysis, an expected query behavior for the application. The method may include establishing, between the application and the remote database, a restricted interface. The method may include receiving, at the restricted interface, a query request from the application to the remote database and limiting, by the restricted interface, the query request from the application to the remote database based on the expected query behavior. The method may include determining, by checking the query request against the expected query behavior, that the query request is anomalous query behavior and performing a security action with respect to the computer system.

Abstract: Uniform Resource Locator (URL) transformation and redirection with access control. A method may include registering for an account with a secure redirection application; requesting, from the secure redirection application, a unique site identifier for an online entity; receiving, from the secure redirection application, the unique site identifier; submitting user data and the received unique site identifier to the online entity; receiving, from the online entity, a unique URL generated by the secure redirection application, in response to submitting the user data and the received unique site identifier to the online entity; and actuating the unique URL to be directed to the online entity.