Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may monitor a reception occasion for a short message that includes a system information change notification or a public warning system notification. The UE may initiate a mitigation action related to a radio link with a network based at least in part on non-reception by the UE of the short message in the reception occasion, failure of the short message to pass an integrity check, and/or the like. Numerous other aspects are provided.

A detection device configured to detect an unauthorized message in an in-vehicle network installed in a vehicle includes: a monitoring unit configured to monitor messages transmitted in the in-vehicle network; a calculation unit configured to, on the basis of a monitoring result by the monitoring unit, calculate a statistic value regarding target messages that have been transmitted in the in-vehicle network in a predetermined period and that are each a message having identification information provided for each kind of target information to be used in the vehicle; and a detection unit configured to perform a detection process of detecting the unauthorized message on the basis of the statistic value calculated by the calculation unit.

Methods and systems for threat monitoring and analysis are disclosed. Data is collected, over a protected network, from a data stream provided by at least one data source connecting to the protected network. Machine learning (ML) models are trained for the data stream utilizing the collected data. The ML models include a first ML model to establish a baseline value, an allowed threshold value range, and a threshold value for the data from the data source, and a second ML model to identify outlier data. The outlier data is outside of the allowed threshold value range from the baseline value and exceeds the threshold value in the data stream. The ML models are used to determine whether one or more anomalies indicating a cyber threat exist within the collected data. Responsive to determining that the anomalies exist, it is determined whether to provide a response action.

Techniques for identifying certain types of network activity are disclosed, including parsing of a Uniform Resource Locator (URL) to identify a plurality of key-value pairs in a query string of the URL. The plurality of key-value pairs may include one or more potential anonymous identifiers. In an example embodiment, a machine learning algorithm is trained on the URL to determine whether the one or more potential anonymous identifiers are actual anonymous identifiers (i.e., advertising identifiers) that provide advertisers a method to identify a user device without using, for example, a permanent device identifier. In this embodiment, a ranking threshold is used to verify the URL. A verified URL associate the one or more potential anonymous identifiers with the user device as actual anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic.

User alert systems, apparatus, and related methods for use with vehicles are disclosed. A disclosed alert system for a vehicle includes an intrusion detection system (IDS) operatively coupled to the vehicle. The alert system also includes a network access device (NAD) operatively coupled to the vehicle and control circuitry configured to detect, via the IDS, a malicious message transmitted through a controller area network (CAN) bus of the vehicle. The control circuitry is also configured to generate a primary alert indicative of the malicious message and transmit, via the NAD, the primary alert to a primary user device corresponding to a driver of the vehicle. The control circuitry is also configured to generate a secondary alert indicative of the malicious message and transmit, via the NAD, the secondary alert to one or more secondary user devices different from the primary user device.

An apparatus is provided, comprising: a volatile memory; a non-volatile memory; a first electronic circuit that is configured to operate as a wireless access point, the first electronic circuit including a wireless controller for accessing a wireless network; and a second electronic circuit that is operatively coupled to the first electronic circuit, the second electronic circuit including at least one processor configured to execute: (i) a first virtual machine that includes a wireless network authentication server, and (ii) a second virtual machine that includes a virtual private network (VPN) server, wherein the wireless network authentication server is configured to authenticate devices that attempt to join the wireless network; wherein the VPN server is arranged to encrypt data that is received at the apparatus to produce encrypted data, and forward the encrypted data to the wireless controller for transmission over the wireless network.

An apparatus is provided, comprising: a volatile memory; a non-volatile memory; a first electronic circuit that is configured to operate as a wireless access point, the first electronic circuit including a wireless controller for accessing a wireless network; and a second electronic circuit that is operatively coupled to the first electronic circuit, the second electronic circuit including at least one processor configured to execute: (i) a first virtual machine that includes a wireless network authentication server, and (ii) a second virtual machine that includes a virtual private network (VPN) server, wherein the wireless network authentication server is configured to authenticate devices that attempt to join the wireless network; wherein the VPN server is arranged to encrypt data that is received at the apparatus to produce encrypted data, and forward the encrypted data to the wireless controller for transmission over the wireless network.

The disclosed computer-implemented method for proactive call spam/scam protection may include intercepting network traffic by the at least one processor employing a network extension feature of an operating system of a computing device. The method may additionally include capturing, by the at least one processor employing the network extension feature, a phone number in the network traffic. The method may also include comparing, by the at least one processor employing the network extension feature, the phone number to a plurality of entries in a spam/scam repository. The method may further include performing, by the at least one processor, a security action in response to the comparison. Various other methods, systems, and computer-readable media are also disclosed.

The disclosed computer-implemented method for proactive call spam/scam protection may include intercepting network traffic by the at least one processor employing a network extension feature of an operating system of a computing device. The method may additionally include capturing, by the at least one processor employing the network extension feature, a phone number in the network traffic. The method may also include comparing, by the at least one processor employing the network extension feature, the phone number to a plurality of entries in a spam/scam repository. The method may further include performing, by the at least one processor, a security action in response to the comparison. Various other methods, systems, and computer-readable media are also disclosed.

A data-processing device includes a computing unit and an interface unit using a packet-based communication protocol, in particular PCI Express. The data-processing device also includes an intrusion detection unit that is connected via a signal connection to a filter device of the interface unit, and/or to a secure element, in the form of a Trusted Execution Environment, of an authentication arrangement related to the communication protocol. The intrusion detection unit evaluates input signals received via the signal connection for a rule infringement in a set of intrusion detection rules The filter device, at least part of which is hardware, is designed to forward only the communication data meeting an approval condition from the interface unit to an additional component of the data-processing device according to configuration information predetermined in the data-processing device and containing the approval condition. At least one intrusion detection rule relates to the infringement of the approval condition and/or to an authentication error.