Abstract: Techniques to facilitate detection of whether or not applications are executed on physical devices are disclosed herein. In at least one implementation, a mobile application that generates a web service request is executed on a computing system. The computing system executes a client security component of the mobile application to collect attributes associated with the computing system and an operating environment on which the mobile application is executing, and utilizes a mobile application programming interface to transfer the web service request including the attributes for delivery to a web server. The web server executes a server security component of a web service to extract the attributes from the web service request and process the attributes to determine whether or not the mobile application is being executed on a physical mobile device.

Abstract: Techniques to validate web service requests from applications executing on wireless communication devices are disclosed herein. In at least one implementation, an application that generates a web service request is executed on a wireless communication device. The wireless communication device executes a client security component of the application to collect security information and include the security information in the web service request, and utilizes a mobile application programming interface to transfer the web service request including the security information for delivery to a web server. The web server executes a server security component of a web service to extract the security information from the web service request, validate the web service request based on the security information, and provide the web service request to the web service upon successful validation.

Abstract: A method for protecting endpoints from network attacks is provided. The method includes blocking a first data unit, in response to matching a portion of the first data unit to a specified exploit pattern, the matching occurring at a layer of a communication model below an application layer. The method includes collecting attributes of the first data unit at the application layer and blocking at least one further data, in response to the at least one further data unit matching at the application layer a subset of the collected attributes of the first data unit.

Abstract: A computer-implemented method for reevaluating apparently benign behavior on computing devices may include (1) receiving a plurality of reports from a plurality of computing systems that indicate that an attack that targeted each of the systems reached a specific stage on each system, (2) identifying behavioral data that includes, for each computing system within the plurality, a plurality of activities that the computing system observed before the attack reached the specific stage on the computing system, wherein the plurality of activities are of a type of activity that is relevant to detecting a prior stage of the attack, (3) analyzing the behavioral data to correlate the attack with at least one activity observed before the attack reached the specific stage, and (4) determining that the activity is suspect based at least in part on correlating the attack with the activity. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying security risks in downloads may include (1) identifying a request to download a file that is subject to a security assessment, (2) determining that a first segment of the file is required for the security assessment, (3) based on determining that the first segment of the file is required for the security assessment, retrieving the first segment of the file before retrieving a second segment of the file, and (4) determining, based at least in part on the first segment, that the file includes a security risk. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for protecting users from accidentally disclosing personal information in an insecure environment. In one embodiment, the method includes monitoring I/O device input data associated with a guest operating system on a virtualization platform. The guest operating system has less privilege than a privileged operating system on the virtualization platform. The method further includes determining whether the I/O device input data corresponds to personal information of a user, and delaying or blocking the transfer of the I/O device input data to the guest operating system if the I/O device input data corresponds to the personal information of the user.