Abstract: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.

Abstract: Techniques are disclosed relating to determining whether geographic locations of a user computing device satisfy a location consensus threshold. A computer system receives results of a plurality of location determination operations, each of which specifies a geographic location of a computing device initiating an action. The computer system then makes a determination whether the received results satisfy a consensus threshold as to geographic location of the computing device. In some embodiments, the determination is usable to select, from a plurality of sets of rules for different geographic regions, a particular set of rules for processing the action. In some cases, the particular set of rules is usable to determine whether to process the action. Such techniques may advantageously allow a processing system to understand how to process actions initiated by a computing device associated with different geographic locations.

Abstract: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.

Abstract: Computer system security can be threatened by users who manipulate their software to avoid detection of malicious activities—such as account takeover. Web browser software, for example, can be altered so the browser will report false information about the browser itself and/or the system on which it is running. By providing such false information, a user can try to avoid his system being fingerprinted (e.g. identified) so that the user can more effectively instigate electronic attacks without being detected. This disclosure describes techniques that allow for detection of when a user has tampered with their web browser (e.g., by overriding native code functions in the browser). Detecting that a browser has been tampered with can allow a computer server system to take mitigation actions against potentially malicious users, thus improving computer security.

Abstract: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.

Abstract: Techniques are disclosed relating to determining whether geographic locations of a user computing device satisfy a location consensus threshold. A computer system receives results of a plurality of location determination operations, each of which specifies a geographic location of a computing device initiating an action. The computer system then makes a determination whether the received results satisfy a consensus threshold as to geographic location of the computing device. In some embodiments, the determination is usable to select, from a plurality of sets of rules for different geographic regions, a particular set of rules for processing the action. In some cases, the particular set of rules is usable to determine whether to process the action. Such techniques may advantageously allow a processing system to understand how to process actions initiated by a computing device associated with different geographic locations.

Abstract: A request to access one or more server resources is received from a user device. Based on the request, a purported version of a browser running on the user device is determined. The user device executes a program within the browser, according to various embodiments, which throws one or more exceptions associated with one or more particular browser versions. The results of the exceptions may be analyzed to determine whether the purported version of the browser appears to be a true version of the browser. If the analysis indicates that the purported version of the browser is not accurate, the request to access the one or more server resources may be evaluated at an elevated risk level. Inaccurately reported browser versions may indicate an attempt to gain unauthorized access to an account, and thus, being able to detect a falsely reported browser version can help improve computer security.

Abstract: Computer system security can be threatened by users who manipulate their software to avoid detection of malicious activities—such as account takeover. Web browser software, for example, can be altered so the browser will report false information about the browser itself and/or the system on which it is running. By providing such false information, a user can try to avoid his system being fingerprinted (e.g. identified) so that the user can more effectively instigate electronic attacks without being detected. This disclosure describes techniques that allow for detection of when a user has tampered with their web browser (e.g., by overriding native code functions in the browser). Detecting that a browser has been tampered with can allow a computer server system to take mitigation actions against potentially malicious users, thus improving computer security.

Abstract: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.

Abstract: A request to access one or more server resources is received from a user device. Based on the request, a purported version of a browser running on the user device is determined. The user device executes a program within the browser, according to various embodiments, which throws one or more exceptions associated with one or more particular browser versions. The results of the exceptions may be analyzed to determine whether the purported version of the browser appears to be a true version of the browser. If the analysis indicates that the purported version of the browser is not accurate, the request to access the one or more server resources may be evaluated at an elevated risk level. Inaccurately reported browser versions may indicate an attempt to gain unauthorized access to an account, and thus, being able to detect a falsely reported browser version can help improve computer security.