Abstract: Methods, systems, and techniques for facilitating identification of electronic data exfiltration. A message transmission log and screenshot metadata are obtained. A screenshot corresponding to the screenshot metadata is matched to a sent electronic message, such as an email, having a file attachment represented in the message transmission log to generate an event. The screenshot metadata indicates that the screenshot was captured prior to when the message transmission log indicates the electronic message was sent. An anomaly score is determined for the sent electronic message is determined by applying unsupervised machine learning, such as by applying an isolation forest, to score the sent electronic message relative to a baseline. The anomaly score meeting or exceeding an anomaly threshold is treated as potentially being indicative of electronic data exfiltration.

Abstract: System and method for signal processing for cyber fraud detection are disclosed. The method may include: receiving a trigger signal for fraud detection, the trigger signal comprising an event indicator and entity data associated with an entity profile stored in a database; determining, based on the trigger signal, a risk signal processing model comprising a plurality of risk components, each risk component associated with a respective weighing factor; computing, based on the risk signal processing model, a respective risk signal for each of the plurality of risk components; processing the respective risk signal for each of the plurality of risk components in real time or near real time to generate an aggregated risk signal; and generating, based on the aggregated risk signal, a fraud or cyber security alert signal.

Abstract: A method for concealing threat detection and notification code in a website code base comprises maintaining at least one beacon within the website code base. Each beacon is disguised as code for a resource request, and is adapted to transmit at least one signal identifying misappropriation of the website code base. In some embodiments, a first beacon transmits a signal identifying misappropriation of the website code base, and a second beacon transmits a signal identifying tampering with the first beacon.

Abstract: Methods, systems, and techniques for analyzing a web browser extension are disclosed. A method of analyzing a web browser extension comprises: obtaining source code of the web browser extension; analyzing the source code to determine a risk posed by the web browser extension; and generating an indication of risk posed by the web browser extension based on the analysis of the source code.

Abstract: Methods, systems, and techniques for facilitating identification of electronic data exfiltration. A message transmission log and screenshot metadata are obtained. A screenshot corresponding to the screenshot metadata is matched to a sent electronic message, such as an email, having a file attachment represented in the message transmission log to generate an event. The screenshot metadata indicates that the screenshot was captured prior to when the message transmission log indicates the electronic message was sent. An anomaly score is determined for the sent electronic message is determined by applying unsupervised machine learning, such as by applying an isolation forest, to score the sent electronic message relative to a baseline. The anomaly score meeting or exceeding an anomaly threshold is treated as potentially being indicative of electronic data exfiltration.

Abstract: Methods, systems, and techniques for facilitating identification of electronic data exfiltration. A message transmission log and screenshot metadata are obtained. A screenshot corresponding to the screenshot metadata is matched to a sent electronic message, such as an email, having a file attachment represented in the message transmission log to generate an event. The screenshot metadata indicates that the screenshot was captured prior to when the message transmission log indicates the electronic message was sent. An anomaly score is determined for the sent electronic message is determined by applying unsupervised machine learning, such as by applying an isolation forest, to score the sent electronic message relative to a baseline. The anomaly score meeting or exceeding an anomaly threshold is treated as potentially being indicative of electronic data exfiltration.