Abstract: An object can represent computer applications that play audio. Audio parameters associated with the audio can be determined based on size of the object so that when the object is large, the audio sounds like it originates from a large sound source or sources. When the object is small, the audio parameters are determined so that the audio sounds like it originates from a small sound source. Other aspects are described.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor activities of objects in a system, compare the monitored activities to metadata for the system, and identify low prevalence outliers to detect potentially malicious activity. The monitored activities can include an analysis of metadata of the objects in the system to identify polymorphic threats, an object reuse analysis of the system to detect an object reusing metadata from another object, and a filename analysis of the system.

Abstract: There is disclosed in an example a computing apparatus configured to operate as an enterprise threat intelligence server, and including: a network interface configured to communicatively couple to a network; and one or more logic elements providing a reputation engine, operable for: receiving a first uniform resource locator (URL) identifier; determining that a first URL identified by the first URL identifier has an unknown enterprise reputation; and establishing a baseline reputation for the URL. There is further disclosed a method of providing the reputation engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the reputation engine.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: In an example, there is disclosed a system and method for a two-device scrambled display. A first device displays content in a scrambled form. A second device acts as an interpreter, including an input driver for receiving a scrambled input; an output driver for displaying an organically perceptible output; and one or more logic elements comprising a unscrambling engine operable for: receiving an input on the input driver; detecting that at least a portion of the input is scrambled; unscrambling the scrambled portion of the input; and outputting an unscrambled analog of the scrambled input via the output driver.

Abstract: There is disclosed in an example a computing apparatus configured to operate as an enterprise threat intelligence server, and including: a network interface configured to communicatively couple to a network; and one or more logic elements providing a reputation engine, operable for: receiving a first uniform resource locator (URL) identifier; determining that a first URL identified by the first URL identifier has an unknown enterprise reputation; and establishing a baseline reputation for the URL. There is further disclosed a method of providing the reputation engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the reputation engine.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor activities of objects in a system, compare the monitored activities to metadata for the system, and identify low prevalence outliers to detect potentially malicious activity. The monitored activities can include an analysis of metadata of the objects in the system to identify polymorphic threats, an object reuse analysis of the system to detect an object reusing metadata from another object, and a filename analysis of the system.

Abstract: This disclosure describes systems, methods, and computer-readable media related to an incident response tool using data exchange layer. In some embodiments, a data collector may be generated by an incident response server. The incident response server may transmit a data collector to multiple broker servers, where each broker server may transmit the data collector to multiple user devices associated with the broker server. The incident response server may receive data from the data collectors executing on the user devices and may analyze the received data.

Abstract: This disclosure describes systems, methods, and computer-readable media related to an incident response tool using data exchange layer. In some embodiments, a data collector may be generated by an incident response server. The incident response server may transmit a data collector to multiple broker servers, where each broker server may transmit the data collector to multiple user devices associated with the broker server. The incident response server may receive data from the data collectors executing on the user devices and may analyze the received data.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.

Abstract: Provided in some embodiments are systems and methods for remediating malware. Embodiments include receiving (from a process) a request to access data, determining that the process is an unknown process, providing the process with access to one or more data tokens in response to determining that the process is an unknown process, determining whether the process is engaging in suspicious activity with the one or more data tokens, and inhibiting execution of the process in response to determining that the process is engaging in suspicious activity with the one or more data tokens.

Abstract: A locking sample case used for displaying high-valued aromatic materials. The sample case has a stage for holding the material, a cover configured to mate with the stage, and a base to mate with the mated stage and cover assembly. The base has a lock mechanism to lock the stage to the base. The cover has tabs that secure the cover to the stage. The sample case is configured so that when the stage is mated to the base, the tabs cannot disengage from the base, so the cover cannot be removed from the stage when the stage is mated with the base. The cover has windows and closable vents to allow a potential buyer to see and smell the aromatic material. The sample case is configured to have a tether that can only be detached when the base is decoupled from the stage.

Abstract: A locking sample case used for displaying high-valued aromatic materials. The sample case has a stage for holding the material, a cover configured to mate with the stage, and a base to mate with the mated stage and cover assembly. The base has a lock mechanism to lock the stage to the base. The cover has tabs that secure the cover to the stage. The sample case is configured so that when the stage is mated to the base, the tabs cannot disengage from the base, so the cover cannot be removed from the stage when the stage is mated with the base. The cover has windows and closable vents to allow a potential buyer to see and smell the aromatic material. The sample case is configured to have a tether that can only be detached when the base is decoupled from the stage.

Abstract: Among other disclosed subject matter, a computer-implemented method includes receiving illustrated content. The illustrated content includes half-tone content. The method includes blurring at least part of the illustrated content. The blurring is performed according to a blur radius. The method includes downscaling the blurred illustrated content to an output size.

Abstract: Among other disclosed subject matter, a computer-implemented method includes receiving illustrated content. The illustrated content includes half-tone content. The method includes blurring at least part of the illustrated content. The blurring is performed according to a blur radius. The method includes downscaling the blurred illustrated content to an output size.

Abstract: Among other disclosed subject matter, a computer-implemented method includes receiving illustrated content. The illustrated content includes half-tone content. The method includes blurring at least part of the illustrated content. The blurring is performed according to a blur radius. The method includes downscaling the blurred illustrated content to an output size.