Systems and methods are described for tailoring shareable content object reference model (SCORM)-compliant content to one or more users. A learning management system (LMS), configured to be SCORM-compliant, initiates shareable content object (SCO) to provide content to users. The LMS implements an instance of application programming interface (API) comprising a plurality of functions to be called by SCO during runtime to access data model elements accessible via LMS. The LMS is configured to support one or more data model elements undefined by SCORM. Further, LMS receives a call to a function of the plurality of functions of the API from SCO to access information about users. The call references a name of a data model element undefined by SCORM. The data model element identifies information about users. The LMS provides information about the users to SCO and the SCO tailors the content to the users based on the information.

Systems and methods for performing a simulated phishing attack are provided. A simulated attack server can send a simulated attack email including a unique identifier to a target. The simulated attack server can receive a reply email including the unique identifier from the target. The simulated attack server can extract the unique identifier from the reply email. The simulated attack server can determine a match between the unique identifier and an identity of the target. The simulated attack server can record a target failure, responsive to determining the match between the unique identifier and the identity of the target.

Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Aspects of the disclosure relate to detecting impersonation in email body content using machine learning. Based on email data received from user accounts, a computing platform may generate user identification models that are each specific to one of the user accounts. The computing platform may intercept a message from a first user account to a second user account and may apply a user identification model, specific to the first user account, to the message, so as to calculate feature vectors for the message. The computing platform then may apply impersonation algorithms to the feature vectors and may determine that the message is impersonated. Based on results of the impersonation algorithms, the computing platform may modify delivery of the message.

Systems and methods for performing graph-based analysis of computing system threats and incidents, and determining response and/or mitigation actions for the threats and incidents, are described. In some embodiments, the systems and methods generate node graphs of computing system threat artifacts, and perform actions to identify recommended resolutions to the threats, based on information derived from the generated node graphs.

Techniques herein attempt to provide actors with more flexible and satisfactory experiences regarding obtaining tickets for an event. A learning model may identify attributes indicative of whether a particular actor (e.g., attempting to purchase tickets to an event) possesses a desirable characteristic (e.g., is likely to attend the event). Each actor can then be evaluated to estimate whether she is a good actor (possesses the characteristic). If so, favored opportunities may be made available, such as the opportunity to buy high-demand tickets. An actor may further have the opportunity to hold or reserve tickets for a period time, during which other actors cannot purchase them. A fee for holding or reserving tickets (and/or maintaining the hold or reserve) can be dynamically set based on market factors. Opportunities to modify seat assignments to allow a group of friends to sit together may also be provided.

A method of dynamically adjusting access privileges of system identities. A set of access logs associated with a system are analyzed in order to generate a restricted access policy for an over privileged system identity. An initial access policy of the system identity is replaced with the restricted access policy and a continuous monitoring and access management (CMAM) service is initiated. Access logs are collected for a monitoring time window and an access denied error can be extracted from the access logs. The access denied error can be compared to an ignore list and/or the access denied error can be added to the ignore list. Authorization checks can be performed to determine if the action associated with the access denied error is authorized. If the action is authorized, the access policy is adjusted to allow for performance of the action.

Systems, apparatuses, methods, and computer program products are disclosed for processing third-party communications. In particular, a method includes: receiving, by communications hardware, a message to be transmitted to a message target device; determining, by a verification engine, that the message is legitimate; appending, by a badge generation engine, a verification badge to the message to obtain a verified message; and transmitting, by an in-application (in-app) messaging engine and via a secured in-app messaging channel, the verified message to the message target device to be displayed on the message target device via an application executing on the message target device.

External messaging attacks are detected using trust relationships. A profile is built for each target within an organization using extracted header data from multiple prior messages. Trust scores are derived for each sender of a message for each target profile, each trust score is derived from a degree and a quantity of communication between the respective sender and the target in the extracted header data. Incoming messages are received and a target and a sender of each incoming message is determined. A trust score is retrieved for the sender from the profile of the target for each incoming message, labels are generated for each of incoming message based on the respective trust score, and the respective label is applied to be visible to the target in association with the message for each respective message.

A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to recognize a user input field of a web site displayable in a browser, the website identified as a security risk based on a whitelist of website addresses; determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk; and prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the password by the web site. The determination may be performed in response to a count of characters in the sequence of characters exceeding a threshold.