A system and method detects and handles replay attacks using counters maintained for each of several different periods for various values of IP addresses and browser description attributes encountered.

The specification discloses a blockchain-based advertisement monitoring method and apparatus, and an electronic device. The method may include: obtaining, by a playing device, an advertisement resource; at each of a plurality of different time points while playing the advertisement resource, collecting, by the playing device, screenshots of the advertisement resource; generating, by the playing device, a plurality of signatures based on the collected screenshots, an device identifier of the playing device, and a private encryption key of the playing device; generating, by the playing device, verification information based on the plurality of signatures; and uploading, by the playing device, the verification information to a blockchain network.

Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an account lineage. A computing platform may receive a first account-change message from a source-level interceptor. The first account-change message may include information identifying a source account associated with a first computing device and identifying a first target account. The first target account may be associated with a target application configured to access the target database. The computing platform may receive a second account-change message from a database-level interceptor. The second account-change message may include information identifying the first target account as a database-level source account and identifying a second target account associated with one or more target databases. After receiving the first and second account-change messages, the computing platform may generate a notification comprising information associated with an account lineage between the source account and the second target account.

Systems and techniques for providing login from an alternate electronic device are presented. A system can receive hash data associated with first fingerprint data and a timestamp from a first electronic device in response to a determination that the first electronic device satisfies a defined criterion associated with a terminal computing request. The system can also form a correlation between the first electronic device and a second electronic device within a geographic area associated with the first electronic device based on the timestamp, first location data associated with the first electronic device, and second location data associated with the second electronic device. Furthermore, the system can initiate display of a graphical user interface on the second electronic device in response to a determination that second fingerprint data provided to the second electronic device within a timeframe associated with the timestamp matches the first fingerprint data associated with the hash data.

Systems and methods of managing fraudulent devices are provided. The system detects a request for a connection to communicatively couple a technician computing device with a receiver computing device. The system identifies connection data for the connection. The system requests, based on the connection data, a plurality of account values. Each of the plurality of account values is associated with an account that the technician computing device used to establish the connection. The system generates a score indicating a fraudulent level of the account based on the plurality of account values. The system terminates, responsive to a comparison of the score with a fraud threshold, the connection. The system transmits, to a ticketing system, a support ticket generated responsive to the comparison of the score with the fraud threshold.

A method, computer program product, and a system where a processor(s) determine that a user of a given computing device has been authenticated to initiate an application session, that the application session is open, and that the application session has a timeout mechanism triggered by inactivity (i.e., the session not receiving a selection within a first predefined period of time). The processor(s) determines that the application session will automatically timeout within a second predefined period of time based on the inactivity. The processor(s) monitors activities of the user during pendency of the application session with the application including physical and computing activities of the user. The processor(s) determines that at least one activity of the activities indicates engagement of the user with the application session. The processor(s) prevent the timeout mechanism from being triggered during a duration of the at least one activity.

A method for controlling the transfer of data through a firewall. The method includes one or more computer processors establishing a first communication channel between a first server and a second server. The method further includes transmitting, via the first communication channel, information related to a pending transmission of data from the first server to the second server. The method further includes receiving from the second server, via the first communication channel, a set of security information associated with accessing the second server via a second communication channel. The method further includes establishing the second communication channel between the first server and the second server based on the set of security information received from the second server. The method further includes transmitting the data from the first server to the second server utilizing the established second communication channel.

Example techniques detect incidents based on events from or at monitored computing devices. A control unit can detect events of various types within a time interval and aggregate the detected events into an incident. The control unit can detect patterns within the events based at least in part on predetermined criterion. In examples, the control unit can determine pattern scores for the patterns based on the probability of occurrence for the patterns and determine a composite score based on the pattern scores. The control unit can determine that an incident indicating malicious activity has been detected based in part determining that the composite score is above a predetermined threshold score. In some examples, the control unit can classify and rank the incidents. The control unit can determine if an incident indicates malicious activity including malware or targeted attack.

A building system includes heating ventilation or air conditioning (HVAC) devices configured for communication on a building automation network and a communication engine. The communication engine is configured to provide a diagnostic attribute. The diagnostic attribute indicates communications with the HVAC devices as being according to a first communication protocol or at least one different communication protocol. Systems and methods may detect insecure communications and/or upgrade in secure communication protocols in wireless or wired networks, such as, BACnet systems and/or subsystems

A method comprises receiving, from a first processing node of a distributed processing cluster, an indication of an attestation result and supporting data for a second processing node of the distributed processing cluster, transmitting the indication of attestation result and supporting data for the second processing node of the distributed processing cluster to at least one additional processing node of the processing cluster, and in response to a determination that the indication of an attestation result for the second processing node of the distributed processing cluster indicated that the second processing node of the distributed processing device is secure, establishing a secure communication connection with the second processing node of the distributed processing cluster using the supporting data.