An information processing device includes: a storage that stores determination criterion information indicating a determination criterion for determining whether or not a behavior of an application operating on a device provided to a vehicle is normal; and a detector that obtains behavior information indicating the behavior of the application, and detects an anomaly in the behavior of the application, based on (i) state information that indicates a state of the mobility and is obtained via the mobility network and (ii) the behavior information obtained and the determination criterion information stored in the storage.

There are disclosed devices, system and methods for feeding identification data of malicious creatives existing in internet advertisements to a supply side platform (SSP) by receiving reports of unwanted actions without user action by malicious creatives of internet advertisements (ads) requested from the SSP by webpages being displayed to users. The reports include a creative identification (ID), a malicious code chain of events, and a demand side platform (DSP) ID or a seat ID. The reports are pre-processed by classifying the unwanted action attempts based on the chain of events. The pre-processed reports are parsed to extract the creative IDs, the SSP IDs and the DSP IDs; and then stored in a searchable database. The stored parsed pre-processed reports are feed to SSPs based on the SSP identifications. The feed includes the creative IDs, the SSP IDs, the DSP IDs, timestamps of the unwanted action attempt and the classifications.

A super-shield system for protecting a computer from malicious software uses a whitelist to determine if a program is safe to run. As new malicious software is created, inadvertent attempts at execution of executables including such malicious software is prevented being that the new malicious software are not listed in the whitelist. When attempts are made to run unknown software, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software).

A discrete three-dimensional (3-D) processor comprises communicatively coupled first and second dice. The first die comprises 3-D memory (3D-M) arrays, whereas the second die comprises at least a non-memory circuit and at least an off-die peripheral-circuit component of the 3D-M arrays. The first die does not comprise said off-die peripheral-circuit component. The non-memory circuit on the second die is not part of a memory.

A system and method for backing up data is disclosed. In one embodiment, the method comprises receiving N data segments, the N of data segments together defining first backup data read from a processing device, receiving L data segments, the L data segments together defining second backup data read from the processing device temporally subsequent to the reading of the N data segments, determining if the L data segments comprise ransomware, preventing overwriting of the stored N data segments if the L data segments comprise ransomware, and storing the received L data segments if the L data segments do not comprise ransomware.

Provided herein are systems and methods for determining a likelihood that an executable comprises malware. A learning engine may determine a plurality of attributes of an executable identified in a computing environment, and a corresponding weight to assign to each of the plurality of attributes. Each of the plurality of attributes may be indicative of a level of risk for the computing environment. The learning engine may generate, according to the determined plurality of attributes and the corresponding weights, one or more scores indicative of a likelihood that the executable comprises malware. A rule engine may perform an action to manage operation of the executable, according to the generated one or more scores.

A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information for a computing platform to identify one or more deployed security-relevant subsystems; processing the consolidated platform information to identify one or more non-deployed security-relevant subsystems; generating a list of ranked & recommended security-relevant subsystems that ranks the one or more non-deployed security-relevant subsystems; and providing the list of ranked & recommended security-relevant subsystems to a third-party.

Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.

Anomalous or unexpected system permissions in applications in a computing environment are identified by generating a statistical model at least in part from application permissions granted across a plurality of application types. One or more of the application permissions granted across a plurality of application types are identified as potentially unexpected dangerous permissions. The statistical model is used to determine whether a target application has at least one potentially dangerous permission that is not statistically likely for a target application type of the target application.

Virus scanning of container images can be managed. For example, container images can be received in a sequential order. The container images can then be analyzed to determine the contents of the container images. The container images can be arranged in a virus-scanning queue in an order that is different from the sequential order in which the container images were received based on the contents of the container images. The container images can then be scanned for viruses in the order in which the container images are arranged in the virus-scanning queue.