Techniques for determining and presenting security status are described herein. The disclosed techniques include collecting information associated with an item; determining a security status associated with the item by classifying the item into one of a plurality of classifications based on the information associated with the item; presenting on a first interface information indicative of the security status, wherein the first interface further comprises at least one selectable interface element in relation to the information indicative of the security status; and performing an operation related to the item in response to receiving input indicative of a selection by a user of the at least one selectable interface element.

A file is stored in a public cloud storage. A serverless computing platform receives an event notification that the file has been stored and, in response, creates an instance of an ephemeral environment wherein a security module is executed. The security module creates a memory-mapped space with memory locations that are mapped to the entire content of the file but does not allocate memory for all of the memory locations. Instead, the security module retrieves sections of the file from the public cloud storage as these sections are accessed in their designated memory locations in accordance with the memory mapping, allocates memory for the retrieved sections, stores the retrieved sections in their designated memory locations, and scans the retrieved sections in their designated memory locations for malicious code. The security module continues scanning the file in sections until relevant sections of the file have been scanned.

In method of identifying capabilities of a malware intrusion that has been detected by an intrusion detection system, a notification that the malware intrusion has been detected is received from the intrusion detection system. A memory image associated with the malware is then captured. The memory image is parsed and a prior execution context is reconstructed by loading a last central processing unit (CPU) state and memory state into a symbolic environment. Addresses and prototype summaries associated with the malware are extracted from the memory image from the symbolic environment. Paths that are possible for execution due to the malware based on the addresses and prototype summaries are determined. Each path is modeled and a probability of each path being executed with concrete data is assigned. Paths with a low probability of leaving a plurality of paths of interest are pruned. Application programming interfaces (APIs) detected in the plurality of paths of interest are matched to a repository of capability analysis plugins. Any application programming interface (API) that matches at least one plugin in the repository of capability analysis plugins is reported to an analyst.

Systems and method are provided for mitigating hacking of restricted access telecommunication services. In response to an authentication response from a user device, an authentication failure type and authentication failure frequency may be determined. Based on the authentication failure type and authentication failure frequency, the user device is blocked from accessing the telecommunication service for a predetermined period of time, preventing the service from being congested by recurring unauthorized users.

A system and method mediate transfer of encrypted data files between local applications and external computer systems. Application containers perform cryptographic operations using stored credentials to decrypt data coming from these external systems and configurably forward them to the local applications, and to encrypt data sent from the local applications to the external systems. Access to this encryption-as-a-service (EaaS) functionality is gated by a fingerprint service that classifies requests by security level, and detects anomalous requests. Security classification is performed by a supervised machine learning algorithm, while anomalous request detection is performed by unsupervised machine learning algorithm. Stored keys are monitored, and when they near expiration or are damaged, embodiments proactively undertake key renewal and key exchange with the external computer systems. Containerization enables key storage in multiple vaults, thereby making such storage vendor-agnostic.

A method of generating a predictive model for malware detection using federated learning includes transmitting, to each of a plurality of remote devices, a copy of the predictive model, where the predictive model is configured to predict whether a file is malicious; receiving, from each of the plurality of remote devices, model parameters determined by independently training the copy of the predictive model on each of the plurality of remote devices using local files stored on respective ones of the plurality of remote devices; generating a federated model by training the predictive model based on the model parameters received from each of the plurality of remote devices; and transmitting the federated model to each of the plurality of remote devices.

A system, method and computer program product for open innovation including an asset valuation device receiving asset information about tangible or non-tangible assets, and generating a valuation signal, based on the asset information; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based on the valuation signal; an air router device having both a low band radio channel, and an internet router channel for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based on the valuation signal; and a mesh network having a plurality of node devices receiving the node voting request signal, and generating vote confirmation signals, based on the node voting request signal. Computing devices are connected to the node devices to perform problem solving, smart contract processing, and/or cryptocurrency mining.

An optical code scanner being operated using an algorithm is provided. The scanner may scan an optical label. The label may include machine-readable code. The scanner may derive a single set of instructions from the code or multiple sets of instructions from the code. The scanner may process the code. The processing may upload a set of instructions from the code to the scanner and store the set of instructions in an instructions library. The scanner may also derive a picture associated with the instructions and store the picture in the library. The scanner may display a plurality of pictures. Each of the pictures may correspond to a set of uploaded instructions stored on the scanner. Each of the plurality of pictures may be selectable by a user. In response to a user selection of a picture, the scanner may be configured to execute the uploaded instructions that correspond to the selected picture.

An optical code scanner being operated using an algorithm is provided. The scanner may scan an optical label. The label may include machine-readable code. The scanner may derive a single set of instructions from the code or multiple sets of instructions from the code. The scanner may process the code. The processing may upload a set of instructions from the code to the scanner and store the set of instructions in an instructions library. The scanner may also derive a picture associated with the instructions and store the picture in the library. The scanner may display a plurality of pictures. Each of the pictures may correspond to a set of uploaded instructions stored on the scanner. Each of the plurality of pictures may be selectable by a user. In response to a user selection of a picture, the scanner may be configured to execute the uploaded instructions that correspond to the selected picture.

Systems and methods to detect malicious software include an application software repository including a stored header file associated with a driver, an executable, or both, and are operable to (i) receive a memory dump file upon an operating system crash including a driver copy, an executable copy, or both, (ii) verify the memory dump file is new for analysis, (iii) compress the verified memory dump file to generate a memory snapshot of the verified memory dump file, (iv) scan the memory snapshot for a memory dump header file associated with the driver copy, the executable copy, or both, and (v) identify and extract malicious software when the memory dump header file from the memory snapshot fails to match at least one stored header file in the application software repository.