Methods and systems are described herein for improvements for cybersecurity of telecommunication devices. For example, cybersecurity for telecommunication devices may be improved by analyzing activity log data of telecommunication devices for a candidate event (e.g., the uploading of malware) and disabling one or more services of a telecommunication device. By doing so, cybersecurity for telecommunication devices may be improved by detecting a possible malware intrusion attempt and disabling one or more services of the telecommunication devices. For example, activity log data of telecommunication devices may be obtained. A candidate event indicating malware may be detected in the activity log data. A number of proximate telecommunication devices satisfying a proximity threshold condition may be determined. The number of proximate telecommunication devices that satisfy a density threshold condition may be determined. Responsive to the number of telecommunication devices satisfying a density threshold condition, services of telecommunication devices may be disabled.

Methods and systems are described herein for improvements for cybersecurity of telecommunication devices. For example, cybersecurity for telecommunication devices may be improved by analyzing activity log data of telecommunication devices for a candidate event (e.g., the uploading of malware) and disabling one or more services of a telecommunication device. By doing so, cybersecurity for telecommunication devices may be improved by detecting a possible malware intrusion attempt and disabling one or more services of the telecommunication devices. For example, activity log data of telecommunication devices may be obtained. A candidate event indicating malware may be detected in the activity log data. A number of proximate telecommunication devices satisfying a proximity threshold condition may be determined. The number of proximate telecommunication devices that satisfy a density threshold condition may be determined. Responsive to the number of telecommunication devices satisfying a density threshold condition, services of telecommunication devices may be disabled.

A user device is associated with a dynamic trust score that may be updated as needed, where the trust score and the updates are based on various activities and information associated with the mobile device. The trust score is based on both parameters of the device, such as device type, registered device location, device phone number, device ID, the last time the device has been accessed, etc. and activities the device engages in, such as amount of transactions, dollar amount of transactions, amount of denied requests, amount of approved requests, location of requests, etc. Based on a transaction request from the user device, the trust score and a network reputation score is used to determine an overall trust/fraud score associated with the transaction request.

A user device is associated with a dynamic trust score that may be updated as needed, where the trust score and the updates are based on various activities and information associated with the mobile device. The trust score is based on both parameters of the device, such as device type, registered device location, device phone number, device ID, the last time the device has been accessed, etc. and activities the device engages in, such as amount of transactions, dollar amount of transactions, amount of denied requests, amount of approved requests, location of requests, etc. Based on a transaction request from the user device, the trust score and a network reputation score is used to determine an overall trust/fraud score associated with the transaction request.

A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Methods and systems for allowing software components that operate at a specific exception level (e.g., EL-3 to EL-1, etc.) to repeatedly or continuously observe or evaluate the integrity of software components operating at a lower exception level (e.g., EL-2 to EL-0) to ensure that the software components have not been corrupted or compromised (e.g., subjected to malware, cyberattacks, etc.) include a computing device that identifies, by a component operating at a higher exception level (“HEL component”), at least one of a current vector base address (VBA), an exception raising instruction (ERI) address, or a control and system register value associated with a component operating at a lower exception level (“LEL component”). The computing device may perform a responsive action in response to determining that the current VBA, the ERT address, or control and system register value do not match the corresponding reference data.

In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

A method, apparatus, electronic device, storage medium and program product of code management are provided. In response to a request for building an executable file, corresponding developed code is obtained from a code library. The developed code is compiled into intermediate code to determine security of the intermediate code. In response to determining that the intermediate code is secure, an executable file is generated based on the intermediate code.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.