Abstract: The present disclosure relates to methods of joining three or more double-stranded (ds) or single-stranded (ss) DNA molecules of interest in vitro or in vivo. The method allows the joining of a large number of DNA fragments, in a deterministic fashion. It can be used to rapidly generate nucleic acid libraries that can be subsequently used in a variety of applications that include, for example, genome editing and pathway assembly. Kits for performing the method are also disclosed.

Abstract: The present disclosure relates to methods of joining three or more double-stranded (ds) or single-stranded (ss) DNA molecules of interest in vitro or in vivo. The method allows the joining of a large number of DNA fragments, in a deterministic fashion. It can be used to rapidly generate nucleic acid libraries that can be subsequently used in a variety of applications that include, for example, genome editing and pathway assembly. Kits for performing the method are also disclosed.

Abstract: An example system to obscure personally identifiable information of a user of an electronic device is disclosed. The example system includes a first processor to select a set of instructions from a plurality of sets of instructions. The first processor also is to transmit the set of instructions to a second processor, the second processor disposed in an electronic device, the electronic device remote from the first processor, the set of instructions to cause the second processor to obtain non-personally identifiable data from the personally identifiable information gathered by the electronic device. The example system also includes a remote data reader to read the non-personally identifiable data from the electronic device.

Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.

Abstract: The present invention relates to methods for genotyping microbial host cells that have been subjected to metabolic engineering. The methods provided herein allow detection of genetic edits in the genome of a microbial host cell using PCR-based genome enrichment following appendage of a common priming site. The compositions and methods of the present invention can be used to confirm engineered metabolic diversity as well as ectopic insertions. Kits for performing the methods are also disclosed.

Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.

Abstract: Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.

Abstract: In an example, there is a disclosed a computing apparatus, including: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, including a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a performance monitoring unit (PMU); and one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a kernel space threat detection engine to: receive a PMU event; correlate the PMU event to a computer security threat including extracting artifacts from the PMU event, and correlating the artifacts to an artifact profile for a known attack; and identify a process associated with the PMU event as a potential attack.

Abstract: There is disclosed in one example a computer-implemented anti-ransomware method, including: selecting a file for inspection; assigning the file to a type class according to a file type identifier; receiving an expected byte correlation for the type class; computing, according to a byte distribution of the file, a byte correlation for the file; comparing, via statistical analysis, the byte correlation to the expected byte correlation; and determining that the file has been compromised, including determining that the file has a byte correlation that deviates from the expected byte correlation by more than a threshold, taking a ransomware remediation action for the file.

Abstract: There is disclosed in one example a social media server, including: a processor; a trusted input/output (IO) interface to communicatively couple to a consumer device; a network interface to communicatively couple to an enterprise; and a memory having stored thereon executable instructions to instruct the processor to provide a data loss prevention (DLP) engine to: receive via the trusted IO interface a signed and encrypted user posting for the social media service, the user posting including a signed user state report verifying that the user has passed a biometric screening; transmit content of the user posting to the enterprise via the network interface for DLP analysis; receive from the enterprise a notification that the user posting has passed DLP analysis; and accept the user posting.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.

Abstract: The disclosure relates to methods, systems, and apparatuses, including computer programs on a computer storage medium, for generating a dynamic user interface and playing a video within the dynamic user interface. A dynamic computer user guidance system includes a user interface generation module that causes a display of a dynamic user interface. The dynamic user interface provides a plurality of instructions via one or more dynamic elements. The user interface generation module generates a user interface status indicator. The system includes a video control module that an integrated video to play in the dynamic user interface in response to receipt of the user interface status indicator. The video control module generates a video status indicator. A synchronization module communicably coupled to the user interface generation module and the video control module synchronize a state change in one or more dynamic elements in response to receipt of the video status indicator.

Abstract: The present disclosure relates to methods of joining three or more double-stranded (ds) or single-stranded (ss) DNA molecules of interest in vitro or in vivo. The method allows the joining of a large number of DNA fragments, in a deterministic fashion. It can be used to rapidly generate nucleic acid libraries that can be subsequently used in a variety of applications that include, for example, genome editing and pathway assembly. Kits for performing the method are also disclosed.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; and a storage medium having stored thereon executable instructions to provide an inference engine configured to: receive a new suspicious fragment object from a protected device; add the new suspicious fragment object to a rolling map configured to provide a temporal snapshot of suspicious fragment objects over a time span; determine a connection between the new suspicious fragment object and an existing suspicious fragment object within the rolling map; apply the connection to a connection map; and operate a map classifier to determine that the connection map represents a probable computer security threat.

Abstract: There is disclosed in one example a computing apparatus, including: a processor; and logic encoded into one or more computer-readable mediums, the logic to instruct the processor to: capture first data from an intermediate data source across a first temporal interval; perform partial signal processing on the first data to classify the first temporal interval as either suspicious or not suspicious, wherein the first temporal interval is classified as suspicious if it is determined to potentially represent at least a portion of a cryptomining operation; classify second through N temporal intervals as either suspicious or not suspicious; based on the first through N temporal intervals, classify the apparatus as either operating a cryptomining function or not; and upon classifying the apparatus as operating a cryptomining function and determining that the cryptomining function is not authorized, take remedial action on the apparatus.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a performance monitoring unit (PMU); and one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a kernel space threat detection engine to: receive a PMU event; correlate the PMU event to a computer security threat including extracting artifacts from the PMU event, and correlating the artifacts to an artifact profile for a known attack; and identify a process associated with the PMU event as a potential attack.

Abstract: An example system to obscure personally identifiable information of a user of an electronic device is disclosed. The example system includes a first processor to select a set of instructions from a plurality of sets of instructions. The first processor also is to transmit the set of instructions to a second processor, the second processor disposed in an electronic device, the electronic device remote from the first processor, the set of instructions to cause the second processor to obtain non-personally identifiable data from the personally identifiable information gathered by the electronic device. The example system also includes a remote data reader to read the non-personally identifiable data from the electronic device.

Abstract: Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.