Abstract: There are provided systems and methods for user specific error detection for accepting authentication credential errors. A service provider, such as an authentication server and/or transaction processor, may require credentials for a user to utilize a specific service, such as an account and account services. The user may establish an authentication credential, such as a password or other secret, that allows the user to use the account. The user may then attempt to utilize the credentials with the service provider but may perform a typo in entering the authentication credential. The service provider may reject an authentication of the user but may allow the user to reenter the authentication credential. If the user correctly enters the authentication credential at this stage, the service provider may perform analysis of the incorrect and correct authentication credential to determine whether to allow the incorrect authentication credential for future authentications.

Abstract: There are provided systems and methods for a proxy and navigation code injection to prevent malicious messaging attacks. One or more proxy servers may reside in a perimeter network and be used to remove malicious links from messages transmitted to devices protected by the proxy server(s). The proxy server(s) may detect links to external (e.g., Internet-based) resources, such as websites and databases, and may extract data from the external resources. The proxy server(s) may generate static data that prevents processes on the external resources from being executed by devices protects by the proxy server(s). The proxy server(s) may further generate a link to the static data by adding a proxy server network address to the original link. Once the link is generated, it may be used to replace the original link to the external resource to prevent navigation to malicious data.

Abstract: There are provided systems and methods for a dynamic pixel display in electronic communications to enhance data security. Electronic network communications by a service provider, such as an electronic transaction processor for digital transactions, may be compromised by malicious computing attacks or other actions that compromise the security of the communications and corresponding data within the communications. To increase security of the data within a communication, such as text or images in an email, the service provider may utilize a pixel arrangement within a field of the communication that has corresponding identifiers and weblinks to backend pixel data that have randomized so that each pixel's location is variable between different communications. When the email is opened, code for the email may request the backend pixel data using the weblinks. A malicious party listening to the communication does not receive the data without having to reconstruct the randomized layout.

Abstract: Methods and systems are presented for detecting and automatically blocking malicious traffic directed at a service provider. An IP address associated with a domain of the service provider is dissociated from the domain. Requests addressed to the IP address after it has been dissociated are identified as malicious and logged. IP addresses from which the malicious requests originated are blocked, and the log of malicious requests is used to train a model for determining pattern-based rules. Rules for managing traffic are determined based on the patterns and pushed to nodes of a proxy service, and the nodes may block or otherwise limit requests based on the rules.

Abstract: Techniques are disclosed relating to retaining a log entry in response to detection of a respective triggering event occurring within a computer network. This triggering event may result in a set of processes being performed. A computer system may determine a trace signature for the log entry. This trace signature may track information related to the set of processes. The computer system may compute, using the trace signature, a log retention value for the log entry. This log retention value may be computed using weight factors for ones of the set of processes. The computer system may retain the log entry within a log file according to a retention period that corresponds to the log retention value.

Abstract: Techniques are disclosed relating to automatically generating and analyzing database queries. In various embodiments, a database inquiry assistance system maintains a first machine learning model trained using query history data for a database and a second machine learning model using analysis history for the database. In an embodiment, the system receives from a user system a request for an inquiry into data stored in the database and identifies a sequence of queries for responding to the request, where identifying the sequence of queries includes applying the second machine learning model to the request. The system generates corresponding database query code for implementing one or more of the queries in the sequence of queries, where generating the corresponding database query code includes applying the first machine learning model to descriptors of one or more of the queries, and sends a plan identifying the sequence of queries to the user system.

Abstract: Techniques are disclosed relating to retaining a log entry in response to detection of a respective triggering event occurring within a computer network. This triggering event may result in a set of processes being performed. A computer system may determine a trace signature for the log entry. This trace signature may track information related to the set of processes. The computer system may compute, using the trace signature, a log retention value for the log entry. This log retention value may be computed using weight factors for ones of the set of processes. The computer system may retain the log entry within a log file according to a retention period that corresponds to the log retention value.

Abstract: Compound I of the formula and/or pharmaceutically acceptable salt(s) of Compound I comprised in a pharmaceutical composition and methods of using the same to treat cystic fibrosis.

Abstract: Systems and methods for dynamic IP address whitelisting are disclosed. These techniques allow for better management of IP addresses and improve computer system and network security. In one embodiment, a system may execute a first task, at a first frequency, that includes determining, based on registered account activities corresponding to registered accounts with a service provider, at least one IP address associated with at least one registered account with the service provider. The first task may further include adding the at least one IP address to a dynamic whitelist (e.g., allowlist) of IP addresses. The system may execute a second task, at a second frequency, that includes removing, from the dynamic whitelist, at least one existing IP address identified as inactive. Thus, in various embodiments, inactive IP addresses can be removed from a whitelist while active IP addresses are periodically re-verified.

Abstract: There are provided systems and methods for detecting malicious email addresses using email metadata indicators. Digital accounts may be attacked by malicious computing processes or other actions that attempt to compromise the security of accounts and/or perform account takeovers. To increase security of the accounts and account data, the service provider may interface with a digital address and/or identifier provider, such as an email provider to request metadata indications of addresses. The metadata indicator may include a score associated with whether the address is compromised or being used for fraudulent purposes. This score may be based on usages of the address over a period of time, connections of the address, and other activities. The indicator may be used to determine whether to allow data changes to the account's data.

Abstract: Systems and methods for security engine audit rules to prevent incorrect network address blocking are disclosed. An entity such as a service provider may determine network traffic logs caused or generated by malicious web traffic and network communications, such as during a computing attack by a bad actor. The service provider may implement automated blocking controllers, which use detection rules to detect the malicious network traffic, and thereafter generate a network address blocklist that is distributed to devices, components, and servers of the service provider for network address blocking. To ensure the integrity of the detection rules, audit rules and a dynamic exclusion macro may be executed to detect when a detection rule is behaving abnormally and/or leading to anomalous results. If a detection rule is not properly blocking network addresses, the rule may be removed from execution until recovery.

Abstract: There are provided systems and methods for split one-time password digits for secure transmissions to selected devices. Authentication credentials and one-time password operations by a service provider, such as an electronic transaction processor for digital transactions, may be compromised by malicious computing attacks or other actions that compromise the security of data and communications. To increase security of the data within a communication and authentication operations, a split one-time password system may be implemented. A user may preset a number of known digits for a one-time password with a profile and/or account. When multifactor authentication is required, randomized digits may be generated using a hash algorithm and may be transmitted to the user with instructions for completion of the one-time password. The user may be required to specifically enter the known digits with the randomized digits to properly pass the multifactor authentication.

Abstract: Computing system defenses to rotating IP addresses by malicious entities during computing attacks are disclosed. An online entity may utilize a framework having computing operations for detecting and protecting from computing attacks using IP address rotation through multiple IP addresses to hide the malicious conduct. The threat detection system and framework may perform processes that indicate whether IP addresses are correlated and being used in the same computing operations, which may be malicious or fraudulent. If correlated, the framework may further determine that the IP addresses are being used to perpetrate the same or similar computing attack from a malicious actor. The framework may the execute one or more processes to protect from the computing attack that uses the rotation of IP addresses, including IP address blocking, manual challenges, and changing status code identifiers for webpage access requests.

Abstract: Techniques are disclosed relating to computer network security. In some embodiments, a computing system generates a plurality of executable binaries that include alerting beacons for a computer network associated with a transaction service. The computing system then deploys, within the computer network, the plurality of executable binaries as traps to detect privilege escalation attempts within the computer network. In some embodiments, the computing system detects that one or more alerting beacons included in the plurality of executable binaries have been triggered. In response to the detecting, the computing system may transmit, to a security management system, a notification indicating the one or more triggered alerting beacons. The disclosed detection techniques may advantageously reduce breaches in network security, which in turn may reduce or prevent the loss of private data.

Abstract: There are provided systems and methods for identifying patterns in computing attacks through an automated traffic variance finder. A service provider, such as an electronic transaction processor for digital transactions, may determine network traffic logs caused or generated by malicious web traffic and network communications, such as during a computing attack by a bad actor. The service provider may generate a log signature for the network traffic log based on a variance or uniqueness of the network traffic logs IP address from other network traffic logs for each field in the network traffic log over a time period, and a spread in the commonality of the network traffic log with other network traffic logs. An aggregate score for each field may be determined based on the variance and the spread. Once determined, the log signature may be used to identify other network traffic logs through a search function.

Abstract: Techniques are disclosed relating to detecting and prevent phishing attacks (such as man-in-the-middle attacks) related to multi-factor authentication (MFA) or two-factor authentication (2FA) processes. A system is described that makes a determination of whether to permit or deny a subsequent authentication step (e.g., a 2FA authentication step) based on a level of trust determined between the computing device making the initial authentication request to a service computer system and the computing device being asked to implement the subsequent authentication step (such as a mobile device). The computing device associated with the subsequent authentication step assesses the trust between the devices and makes the determination of whether to permit or deny the subsequent authentication step. The present techniques enhance computer system security against phishing attacks while maintaining a satisfying user experience for legitimate users.

Abstract: Systems and methods for defending against emoji domain web address phishing are disclosed. The present techniques thus improve computer system security in various instances in which a web address includes an emoji character, which can be rendered as a graphical icon on a user system, and which may cause user confusion leading to a possible computer security breach. In an embodiment, a system receives a web address as an input to a web browser. The system processes the received web address to remove any emoji characters present in the received web address. The system compares the processed web address to the received web address and determines whether the processed web address matches the received web address. Various actions are performed to prevent successful phishing attempts against users based on whether the processed web address matches the received web address.

Abstract: There are provided systems and methods for automated adjustment of security alert components in networked computing systems. An entity, such as an electronic transaction processor for digital transactions, may utilize threat detection within a security information and event management system. The threat detection may implement one or more processes to tune security alerts automatically, which can be done prior to deployment. A security alert may be broken into modular components, which may be run progressively, in increasing sampling numbers, against a set of computing logs to identify hits. The hits are compared to an expected proportion for each modular component to determine whether the modular component is providing proper results. Further, threat detection may utilize a system to obtain justifications for potentially malicious behavior to eliminate false positives. This may be done automatically when detecting suspicious activities.

Abstract: Compound I of the formula (I) and/or pharmaceutically acceptable salt(s) of Compound I comprised in a pharmaceutical composition and methods of using the same to treat cystic fibrosis.

Abstract: There are provided systems and methods for injecting computing code for detection of malicious computing attacks during suspicious device behavior. A service provider, such as an electronic transaction processor for digital transactions, may detect activities of a computing device when using computing services. The service provider may determine that those activities are suspicious or high risk. In order to determine if the computing device is being used by a malicious user, such as to perform an automated computing attack against the service provider, the service provider may determine one or more probes that may be inserted to a corresponding user interface displayable by the computing device. The probe may attempt to differentiate between real human users and automated and/or malicious users. Computing code for the probe may be injected into the computing code for the user interface and may be provided when the user interface is output.