Abstract: State information is received from a server indicating an identity of a user logged into the server. An administrative domain wide policy is determined that specifies a relationship between user a group and services or servers accessible to users belonging to the user group. Relevant servers are sent updated management instructions corresponding to rules of the administrative domain wide policy. Such rules provide access to a service or server to users belonging to user groups related to the service. As a result, the servers allow communications that provide access to users based on the specified relationships.

Abstract: A system and method uses any or all of information of a user and/or user's activity at a second web site, information of the user's friends or other connections at the second web site, or registration information of the user, to determine whether to allow the user to communicate with other users of a first web site, prevent the user from communicating with other users of the first web site, or monitor the user's communications and allow or prevent the user from further communication based on the monitored communications at the first web site.

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract: A system and method for regulating and analyzing inbound and outbound communications in and between computer networks on the basis of geographic security assertions are provided. Geographic information is collected, optimized, and shared between network objects to enforce network access control on the basis of configurable security assertions. Security assertions are configured and metrics displayed using maps and other geographic data in a graphical user interface.

Abstract: Systems and methods for allowing and blocking data packets sent to and from browser software applications and non-browser software applications operated on a computing device are described. The systems can use whitelisting based on the maker of a non-browser software application being a trusted source of data packets sent to the non-browser application or based on consensus by one or more consensus trusted computing devices that connections made by an URL open in a browser software application are correct and trusted. The system uses a firewall to block data packets to and from web addresses that are not owned by the maker of the application, are not trusted by the consensus trusted computing devices, or are blocked by selection by a user of the computing device. The system can also include a health monitor engine to ensure a kernel drive of the system is operational and not disabled by malware.

Abstract: A protective system, apparatus, and method for protecting an electronic communication device of a user that can safely: execute at least one of execution data within a message in question received from outside or execution data of an external device to which a hyperlink connects, in order to protect the electronic communication device; transmit an execution output that is the executed result of the execution data to the electronic communication device and display same; prevent the electronic communication device from being exposed to a malicious code during the process of checking the message in question received from outside, and check the execution content of the message in question.

Abstract: An attack detection apparatus (6) collects packets a transmission source or a transmission destination of which is a protection target apparatus (5), and generates packet information by setting an entry for each collected packet and describing attribute data of the packet together with occurrence time of the packet for each entry. Further, the attack detection apparatus (6) stores definition information which defines an extraction time width and an extraction condition for each category of attack.

Abstract: This disclosure provides systems and methods for prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics. A method includes receiving, by a risk manager system, real-time data from a plurality of connected devices. The method includes creating, by the risk manager system, a data model based on the real-time data. The method includes analyzing, by the risk manager system, the data model to identify potential current threats. The method includes predicting, by the risk manager system, potential threats. The method includes notifying a user, by the risk manager system, of the potential threats.

Abstract: An edge service is disclosed herein that performs an anti-phishing attack function, to detect and mitigate against phishing attacks. In an implementation, the edge service examines incoming emails for any that include links to web pages. When such an email is encountered, the edge service opens the suspect web page and compares it to at least one protected page. When warranted by the result(s) of the comparison, the edge service takes steps to mitigate the phishing attack, such as by not delivering the email to a recipient.

Abstract: A reputation of an installer may be determined based on contextual information including its source (e.g., its publisher), a cryptographic signature or certificate, a process that carried out its download, a user that initiated its download, whether the installer has been previously vetted by a security policy, and so forth. A corresponding reputation may then be inferred for each of the computer objects contained within the installer, such that the reputation remains with the computer objects if/when they are unpacked on an endpoint. Each of the computer objects may then be unpacked for individual analysis (e.g., a static analysis) regarding each object's compliance with a security policy, thereby producing a second reputation for each computer object. A decision whether to execute the installer/objects, e.g., during an installation process, may then be made by reconciling the reputation of the installer and the second reputation for each computer object.

Abstract: Systems and methods are presented for generating a threat score and a usage score of each of a plurality of IP addresses. The threat score may be determined based on quantity of occurrences and recency of each occurrence of an IP address in network alert datasets, in addition to a weighting factor for each data source indicating the accuracy of the data source.

Abstract: A trigger event monitoring system is provided in one or more virtual assets. One or more trigger parameters, including security threat patterns, are defined and trigger data is generated. The one or more trigger monitoring systems are used to monitor extrusion and intrusion capabilities and self-monitored trigger events that may harm or otherwise leave a virtual asset in a vulnerable state. In one embodiment, trigger events and monitoring of at least a portion of message traffic sent to, or sent from, the one or more virtual assets are initiated and/or performed to detect any message including one or more of the one or more of the trigger parameters. Any message meeting the one or more trigger parameters is identified as a potential security threat and is assigned a threat score, which is provided to the virtual asset. Various corrective actions may take place.

Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.

Abstract: A packet transmission method and an apparatus pertain to the field of network technologies. The method includes obtaining, by a terminal device, a source IP (Internet Protocol) address in a to-be-transmitted packet and N IP addresses of the terminal device, where N is an integer, and when the source IP address in the to-be-transmitted packet is different from any one of the N IP addresses of the terminal device, determining that the source IP address in the to-be-transmitted packet is forged, and prohibiting transmitting the to-be-transmitted packet. The application can solve the problem that a virus such as Trojan in the terminal device may be prevented from forging a source IP address of another device to randomly transfer an attack packet in the network to improve network security.

Abstract: Systems and computer-readable media are disclosed for utilizing one or more databases to detect a point of compromise (“POC”). A POC detection computing platform may receive data associated with a potential point of compromise from a first computing system. The POC detection computing platform may extract data associated with the potential point of compromise from one or more central servers and/or databases. The extracted data may then be analyzed to determine if a point of compromise has been detected. The POC detection computing platform may transmit the results of the analysis to a second computing system.

Abstract: Techniques are disclosed for supplementing network flow analysis with data collected from endpoint computer systems in a network. An endpoint analysis agent may run on endpoints to collect information relating to computing activity internal to the endpoint, including system configuration information, event information, and network, user, process, and file activity. This information may be reported to a network flow analyzer using an extensible flow data record format. The flow analyzer may then correlate this information with network flow data records received from flow collectors in the network to perform a security analysis. In various embodiments, the endpoint analysis agent may cache the collected information when the endpoint is offline. The agent may also perform data reduction operations (such as compression) on the collected information before reporting; data may be further reduced by reporting data only during specified time periods. An analysis agent may also be deployed in a cloud environment.

Abstract: The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. The system also obtains configuration information for the alert, wherein the configuration information identifies information associated with the search results, and also specifies a trigger condition for the alert. Next, when the trigger condition for the alert is met, the system uses the configuration information to generate a payload containing the identified information associated with the search results. The system then invokes alert-generating functionality and provides the payload as input to the alert-generating functionality. This enables the alert-generating functionality to use the information from the search results while performing one or more alert actions association with the alert.

Abstract: Systems and methods are provided for data security. A server system provides data security using one or more processor devices, one or more communication interfaces, and one or more memory devices including computer-executable instructions. Those instructions case the one or more processor devices to: monitor one or more requests or activities of a computing device and compare the monitored one or more requests or activities with a database of predetermined characteristics to determine whether the monitored one or more requests or activities indicates that the computing device (i) accessed or attempted to access sequentially more than A data files or objects in less than a predetermined period of time, where A is a positive integer greater than two, and (ii) downloaded X data files or objects, where X is a positive integer greater than two.

Abstract: Two wireless networks are established in a local network, one for less-secure IoT devices and one for more-secure conventionally networked devices, with a bridge establishing connectivity between the two networks. Message exchange between the two networks is tailored to reduce the risk of a security breach in the network with the less-secure IoT devices infecting the network with more-secure devices.

Abstract: The present disclosure provides techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B's cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.

Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.

Abstract: A computer system configured to improve security of server computers interacting with client computers, the system comprising: one or more processors executing instructions that cause the one or more processors to: select, from the plurality of detection tests, one or more first detection tests to be performed by a client computer; send, to the client computer, a first set of detection instructions that define the one or more first detection tests, and which when executed causes generating a first set of results that identifies a first set of characteristics of the client computer; receive the first set of results from the client computer; select one or more first countermeasures from a plurality of countermeasures based on the first set of characteristics identified in the first set of results; send, to the client computer, a first set of countermeasure instructions that define the one or more first countermeasures.

Abstract: Apparatus and methods for mitigating network attacks, such as by dynamically re-routing traffic. Various disclosed embodiments manipulate path-based routing of the backbone network to insert a scrubbing appliance within the backbone network topology, rather than using traditional network addressed tunnels in the edge network. In one implementation, traffic entering the backbone network ingress peer routers (from either another backbone network, or an edge network) is normally destination-address routed via the backbone to its appropriate egress router based on a path label; however, when a Distributed Denial of Service (DDoS) attack is detected, the ingress peer router inserts an additional hop into the path label that redirects dirty traffic to a substantially centralized scrubbing appliance. The benefits of the disclosed solutions include, among other things, significantly reduced attack response/recovery times without significant capital outlays.

Abstract: Some embodiments provide an origin whose content is distributed by a third party content distributor control over invoking attack protections from the third party content distributor. The origin independently monitors requests and messaging the content distributor passes to the origin as a result of the content distributor needing to retrieve content from the origin before redistribution or because requested content is dynamic or uncacheable. Upon detection of an attack, the origin signals the content distributor to perform one of several attack protections on its behalf. In this manner, the origin leverages the content distributor distributed platform architecture to shield itself from attack. Based on the origin signaling, the content distributor rate limits, blocks, redirects, or performs other attack protections to reduce the load on the origin server.

Abstract: A packet transfer method includes requesting a terminal apparatus for a physical address corresponding to a logical address of a transmission source of a packet; determining legality of a correspondence relationship between the physical address and the logical address by comparing a physical address indicated by a response from the terminal apparatus with the physical address of the transmission source of the packet; storing a first set of the physical address of the transmission source and the logical address of the transmission source of the packet, when it is determined that the correspondence relationship is legal; when a new packet is received, determining whether a second set of a physical address of a transmission source and a logical address of the transmission source of the new packet coincides with the first set; and transferring the new packet, when it is determined that the second set coincides with the first set.

Abstract: There is described a method for mitigating a power-denial of service attack on a first device by a second device, the method comprising: transmitting, from the first device to the second device, a first communication comprising a first task to be solved by the second device; receiving, at the first device from the second device, a second communication comprising one of a proposed solution to the first task and at least one trust credential; verifying, at the first device, the second communication; responsive to an unsuccessful verification of the second communication, transmitting, from the first device to the second device a third communication comprising a second task to be solved by the second device.

Abstract: A method, computer program product and/or system receives information pertaining to network data traffic from and/or to a network accessible resource, analyzes the information to determine whether a user is engaged in potential hacking transaction(s) with respect to the resource. On condition that the user is determined to be engaged in potential hacking transaction(s), a “scarecrow” message designed for display to the user, is generated and sent to the user.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: A first node of a networked computing environment initiates each of a plurality of different types of man-in-the middle (MITM) detection tests to determine whether communications between first and second nodes of a computing network are likely to have been subject to an interception or an attempted interception by a third node. Thereafter, it is determined, by the first node, that at least one of the tests indicate that the communications are likely to have been intercepted by a third node. Data is then provided, by the first node, data that characterizes the determination. In some cases, one or more of the MITM detection tests utilizes a machine learning model. Related apparatus, systems, techniques and articles are also described.

Abstract: A method and associated circuits protect data stored in a secure data circuit of a telecommunication device equipped with a near-field communication (NFC) router, a microcontroller, and the secure data circuit. In the method, each message received with the NFC router is parsed to retrieve a communication pipe identifier and an instruction code. The communication pipe identifier and the instruction code are compared to corresponding information in a filter table. Instruction codes of particular messages that attempt to modify a communication pipe by reassigning one end of the communication pipe from the port of the NFC router to a different circuit are acted upon. These messages are blocked from reaching the secure data circuit when the instruction code is not authorized in the filter table, and these messages are permitted when the instruction code is authorized in the filter table.

Abstract: A method for implementing online anti-phishing, related to the field of information security, comprising: a browser loads an online anti-phishing control, the control acquires a blacklist and a whitelist, if a received URL of the browser is in the blacklist, the browser is stopped from loading, if the URL is in the whitelist, the browser is notified to load, and if the URL is neither in the blacklist nor in the whitelist, a determination is made on whether or not the URL of the browser satisfies a preset fuzzy match criterion, if same is satisfied, then a user is prompted of danger, when the user chooses to proceed, a preset account combination is acquired, when received keypress information is numerals and an input focus is an input box control, the keypress information is compared with the preset account combination, if both are identical then the user is prompted of danger, and either stop or load as chosen by the user.

Abstract: The present invention relates to methods, network devices, and machine-readable media for an integrated environment for automated processing of reports of suspicious messages, and furthermore, to a network for distributing information about detected phishing attacks.

Abstract: A system and method is provided for analyzing media traffic having encrypted application-layer and payload data. The method includes determining from network traffic a media service provided to a network subscriber, application-layer and payload data of the network traffic providing the media service to the network subscriber being encrypted, detecting media traffic within the network traffic providing the media service to the network subscriber, associating application-layer data of the media traffic to a media session, determining a key performance indicator (KPI) associated with the media session, and outputting report data based on the KPI.

Abstract: A continuous security delivery fabric is disclosed. One or more security functions, comprising one or more tasks to be performed by a security tool, utility or service is encapsulated in a componentized security policy. The componentized security policies may be scheduled to run against one or more shadow environments, which are substantive copies of an information technology installation. One or more componentized security policies are scheduled as to run substantively continuously with results of the execution of the componentized security policies against the shadow aggregated. Based on automated analysis which may include machine learning, security issues in the actual information technology installation are inferred, and remediation either recommended or automatically executed. Various embodiments, including a microservices infrastructure embodiment are disclosed.

Abstract: A method for lawful interception in a communication network involving adulteration by colluding agent is disclosed.

Abstract: Disclosed herein are methods and systems for enabling legal-intercept mode for a targeted secure element.

Abstract: The subject matter described herein includes methods, systems, and computer readable media for clearing Diameter session information. According to one method, the method occurs at a Diameter routing agent (DRA) node. The method includes identifying an inactive Diameter session associated with a Diameter node. The method also includes generating a trigger message for triggering the Diameter node to delete session information associated with the inactive Diameter session. The method further includes sending the trigger message to the Diameter node.

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding IMS (Internet Protocol Multimedia Subsystem) restoration support for temporary GRUU (Globally Routable User Agent Uniform Resource Identifier). Certain aspects of the present invention include creating, at a registrar, a registration identified by a registration identifier, and storing, by the registrar, the registration identifier, a call identifier and an initial command sequence related to the registration identified by the registration identifier in a persistent database during the registration.

Abstract: Aspects relate to methods and apparatus for dedicated bearer (DB) establishment handling during call setup for long term evolution. According to aspects, a method is provided herein for wireless communications that may be performed, for example, by a user equipment (UE). The method generally includes establishing a connection with a first access point (AP) to perform a call set up procedure for a call; receiving from the first AP a message associated with handover to a second AP; delaying giving up the call setup procedure for a duration if the message includes or is associated with an indication to release a dedicated bearer; and allowing establishment of a DB with the second AP during the duration. Consequently, the DB can be established with the second AP, without the UE giving up the call setup, and the call can be performed, thus improving user experience. Numerous other aspects are provided.

Abstract: Methods and systems for mobile video communications may include using a wireless network for video communications when a wired network is unavailable by providing portable mobile communications equipment to enable video communications and collaborations over a cellular, satellite or other wireless network. The methods and systems may use two or more network connections to transmit data packets for the video communications or collaborations. In addition, the methods and systems may use machine learning and predictive switching technology to determine the data paths for transmission of the data for the video communications or collaborations.

Abstract: A system for managing online group chat and methods for making and using same. A server computer can create a topic in a chat group and receive a request from a user device for a member of the chat group to join the topic. The request can be in response to activation of a user interface for the topic on the user device. The member can be permitted in real time to join a topic subgroup associated with the topic upon determination that a membership of the topic subgroup is less than a maximum participant number. The maximum participant number can be at least partially based on a messaging service capacity of the server. A publish-subscribe messaging service can be offered for the topic subgroup. Advantageously, the topic subgroup can be dynamically updated based on operation on the user device to reduce server workload and improve user experience.

Abstract: A system and method for enhancing video communication among two or more users is provided. According to an aspect, a method is provided. The method comprises receiving user input of a subject, wherein the user input was captured by a user interface, and determining an interpretation of the captured user input of the subject. The method further comprises determining one or more commands for moving an avatar of the subject based on the interpretation and using the one or more commands for controlling movement of the avatar presented via a computing device.

Abstract: Various systems, mediums, and methods herein describe aspects of presentations of information from several different sources. In one implementation, a data system may generate a page and provide a plurality of users with access to the page. The page is configured to be modified by the plurality of users. The system may also determine a page view of a given user from the plurality of users and respective page views of other users from the plurality of users. The page view of the given user comprises at least a portion of the page; the respective page views of the other users are outside of the page view of the given user. The system may further provide in the page view of the given user an indication of at least one respective view of the respective views of the other users.

Abstract: Controlling aggregation of shared content from multiple presenters during an online conference session includes, at a server having network connectivity, at a server having network connectivity, identifying a master presenter at an endpoint among a plurality of endpoints participating in an online conference session in which at least one of the plurality of endpoints is sharing content with other participants among the plurality of participants at their respective endpoints. One or more assistant presenters are determined among the plurality of participants at their respective endpoints. A master user interface is generated to serve as the user interface on the endpoint of the master presenter and a command is received, via the master user interface, to designate a layout. The layout aggregates shared content from the endpoints of one or more of the assistant presenters to make the layout viewable at the plurality of endpoints.

Abstract: Aspects of the disclosed apparatuses, methods and systems provide sharing virtual elements between users of different 3-D virtual spaces. In another generation aspect, virtual elements may be sent, shared, or exchanged between different client devices whether the communication sharing the virtual element occurs synchronously or asynchronously.

Abstract: A system and method for providing dynamic quality-of-service (QoS) for Push-to-Talk (PTT) services in a wireless communications network. One or more servers interface to the wireless communications network to perform the PTT services for mobile units therein. Both the servers and the mobile units communicate with each other using control messages transmitted across bearers in the wireless communications network, and at least one of the servers transmits media streams comprised of voice messages for the PTT services between the mobile units across the bearers in the wireless communications network. At least one of the servers sets up a dedicated bearer in the wireless communications network for at least one of the mobile units, wherein the dedicated bearer has a specified quality of service (QoS) for transmission of at least the media streams to the mobile unit. The dedicated bearer may be static or dynamic.

Abstract: Methods for synchronizing a client application user interface (UI) state of content of a client application on a client device corresponding with a host application on a host device are presented, the method including: receiving an update on the host application; transmitting a request for remote notification to the client device to synchronize the UI state of content of the client application responsive to receiving the event; displaying a notification corresponding with the request for remote notification on the client device indicating content is available to the client device; selecting the notification; launching the client application on the client device; transmitting a synchronizing request by the client device to the host device; enabling a synchronization mode of the host application; determining a host application UI state; transmitting content data associated with the UI state of the host application to the client device; and displaying the client application UI state based on the content data fro

Abstract: A system for utilizing models derived from offline historical data in online applications is provided. The system includes a processor and a memory storing machine-readable instructions for determining a set of contexts of the usage data, and for each of the contexts within the set of contexts, collecting service data from services supporting the media service and storing that service data in a database. The system performing an offline testing process by fetching service data for a defined context from the database, generating a first set of feature vectors based on the fetched service data, and providing the first set to a machine-learning module. The system performs an online testing process by fetching active service data from the services supporting the media streaming service, generating a second set of feature vectors based on the fetched active service data, and providing the second set to the machine-learning module.

Abstract: Client device for playing media content, comprising: a connection interface for establishing a connection with a server and for receiving a media content from the server via the connection; a detector for detecting, whether the media content is to be continued beyond a termination of the connection with the server, and for providing a detection result in case it is determined that the media content is to be continued beyond a determination of the connection with the server; and a processor for taking an action to continue the media content beyond a termination of the connection with the server.

Abstract: A method includes receiving, via an input service running on a server, a transcoding request from a client, the transcoding request requesting a segment of digital content, the transcoding request containing a start time of the segment and a duration of the segment; requesting, via the input service, the segment from a source based on the transcoding request; receiving, via the input service, the segment and metadata from the source based on the requesting, the metadata being related to the start time and the duration; transcoding, via the input service, the segment based on the metadata in the transcoder service; and sending, via the input service, the segment from the transcoder service to the client based on the transcoding.