Methods, systems, and apparatuses are described herein for improving the security of personal information by preventing attempts at gleaning personal information from authentication questions. A computing device may receive a request for access to an account associated with a user. The request may comprise candidate authentication information. Based on comparing the candidate authentication information with the account data, the computing device may generate a synthetic authentication question. The synthetic authentication question may be generated as if the candidate authentication information is valid. A response to the synthetic authentication question may be received, and the request for access to the account may be denied.

Various automated techniques are described herein for protecting computing devices from malicious code injection and execution by providing a malicious process with incorrect information regarding the type and/or version and/or other characteristics of the operating system and/or the targeted program and/or the targeted computing device. The falsified information tricks the malicious process into injecting shellcode that is incompatible with the targeted operating system, program and/or computing device. When the incompatible, injected shellcode attempts to execute, it fails as a result of the incompatibility, thereby protecting the computing device.

Various automated techniques are described herein for the runtime detection/neutralization of malware executing on a computing device. The foregoing is achievable during a relatively early phase, for example, before the malware manages to encrypt any of the user's files. For instance, a malicious process detector may create decoy file(s) in a directory. The decoy file(s) may have attributes that cause such file(s) to reside at the beginning and/or end of a file list. By doing so, a malicious process targeting files in the directory will attempt to encrypt the decoy file(s) before any other file. The detector monitors operations to the decoy file(s) to determine whether a malicious process is active on the user's computing device. In response to determining that a malicious process is active, the malicious process detector takes protective measure(s) to neutralize the malicious process.

This technical solution relates to systems and methods of cyber attack detection, and more specifically it relates to analysis methods and systems for protocols of interaction of malware and cyber attack detection and control centers (servers). The method comprises: uploading the malware application into at least one virtual environment; collecting, by the server, a plurality of malware requests transmitted by the malware application to the malware control center; analyzing the plurality of malware requests to determine, for each given malware request: at least one malware request parameter contained therein; and an order thereof of the at least one malware request parameter. The method then groups the plurality of malware requests based on shared similar malware request parameters contained therein and order thereof and for each group of the at least one group containing at least two malware requests, generates a regular expression describing malware request parameters and order thereof of the group, which regular expression can be used as an emulator of the malware application.

Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user.

A circuit includes a first processing unit and a second identical processing unit. A first communication bus passes encrypted data between one of a plurality of functions and one or both of the first and second processing units. A selection circuit determines whether the encrypted bus is coupled to the first processing unit, the second processing unit, or both of the first and second processing units.

Two-dimensional face presentation attacks are one of most notorious and pervasive face spoofing types, causing security issues to facial authentication systems. To tackle these issues, a cost-effective face anti-spoofing (FAS) system based on acoustic modality, named as Echo-FAS, is devised, which employs a crafted acoustic signal to probe the presented face. First, a large-scale, high-diversity, acoustic-based FAS database, named as Echo-Spoof, is built. Based upon Echo-Spoof, we design a two-branch framework combining global and local frequency features of the presented face to distinguish live vs. spoofing faces. Echo-FAS has the following merits: (1) it only needs one speaker and one microphone; (2) it can capture three-dimensional geometrical information of the presented face and achieve a remarkable FAS performance; and (3) it can be handily allied with RGB-based FAS models to mitigate the overfitting problem in the RGB modality and make the FAS model more accurate and robust.

A method for operation of a deception management server, for detecting and hindering attackers who target containerized clusters of a network, including learning the network environment, including finding existing container instances, finding existing services and relationships, extracting naming conventions in the environment, and classifying the most important assets in the environment, creating deceptions based on the learning phase, the deceptions including one or more of (i) secrets, (ii) environment variables pointing to deceptive databases, web servers or active directories, (iii) mounts, (iv) additional container instances comprising one or more of file server, database, web applications and SSH, (v) URLs to external services, and (vi) namespaces to fictional environments, planting the created deceptions via a container orchestrator, via an SSH directly to the containers, or via the container registry, and issuing an alert when an attacker attempts to connect to a deceptive entity.

A computer-implemented method for securing a content server system is disclosed. The method includes identifying that a request has been made by a client computing device for serving of content from the content server system; serving, to the client computing device and for execution on the client computing device, reconnaissance code that is programmed to determine whether the client computing device is human-controlled or bot-controlled; receiving, from the reconnaissance code, data that indicates whether the client computing device is human-controlled or bot-controlled; and serving follow-up content to the client computing device, wherein the make-up of the follow-up content is selected based on a determination of whether the client computing device is human-controlled or bot-controlled.

Systems for detecting unauthorized user and controlling dynamic user interface functionality are provided. The system may receive a request to access functionality that may include login credentials of a user. The request may also include additional information associated with a computing device from which the request is received. The request and additional data may be analyzing using one or more machine learning datasets to determine whether a user requesting access is an authorized user or an unauthorized user. If the user is an authorized user, the user may be authenticated to the system an authentic user interface having enabled functionality may be generated. If the user is an unauthorized user, a decoy user interface having functionality disabled may be generated.