Techniques for determining and presenting security status are described herein. The disclosed techniques include collecting information associated with an item; determining a security status associated with the item by classifying the item into one of a plurality of classifications based on the information associated with the item; presenting on a first interface information indicative of the security status, wherein the first interface further comprises at least one selectable interface element in relation to the information indicative of the security status; and performing an operation related to the item in response to receiving input indicative of a selection by a user of the at least one selectable interface element.

A method for providing a software based secure, robust, flexible, usable, and auditable single method that can practically eliminate threat occurring from phishing, man-in-middle theft, pharming/channel redirection, piggybacking of spyware, and application modification in client applications. These can be very strongly achieved using dynamic virtualization technology. This virtualization technology entirely protects applications from such threats is by creating highly dynamic virtual images of real data that are private, relative, one-time use, and short-lived. These virtual images are strongly made private and relative by creating virtual device id of the client device, virtual application signature of the client application, virtual private network of the network and virtual certificate of the server.

A financial institution computing system associated with a financial institution includes a network interface configured to communicate data over a network, and a processing circuit comprising a memory and a processor. The memory has instructions stored thereon that cause the processor to receive, by the network interface, a content request from a user computing device associated with a user, the content request requesting content from a network destination, determine if the network destination is associated with a trusted entity, determine that the requested content prompts the user to input sensitive information, and transmit, by the network interface substitution content to the user computing device responsive to determining that the network destination is illegitimate and to determining that the requested content includes at least one field into which the user may input sensitive information, the substitution content including at least one prompt requesting the user to input sensitive information.

An endpoint protection system is provided. The system comprises: an endpoint agent deployed to an endpoint device, wherein the endpoint agent is built-into one or more existing applications running on the endpoint device and is configured to capture network session activity between the endpoint device and one or more internet servers to detect a phishing attack using a set of machine learning algorithm trained classifiers, and block the phishing attack; and an endpoint management system in remote communication with the endpoint agent, wherein the endpoint management system is configured to train and develop the set of classifiers, and receive information about the detected phishing attack and an incident report from the endpoint agent, the endpoint agent provides a graphical user interface running on the endpoint device allowing an end user to configure one or more protections provided by the endpoint agent.

Embodiments of the present disclosure disclose a method, apparatus, device, and storage medium for processing a network request. The method comprises: activating a domain name server proxy based on local socket service in a preset application; in accordance with a determination that the preset application invokes a preset connect function, acquiring the preset connect function and replacing a destination file path in the preset connect function with a target file path corresponding to the domain name server proxy to establish a connection between the preset application and the domain name server proxy, wherein the target file path is pre-written in the preset application; receiving via the domain name server proxy a network request from the preset application, and parsing a domain name of the network request, and determining a first processing way of the network request based on a result of the parsing of the domain name. With the above technical solution, the domain name server proxy is implemented inside the application, and all network requests are taken over from the parsing of the domain name, which facilitates comprehensive detection and control of network traffic and avoidance of omissions.

A method of detecting manipulation of data on a Controller Area Network (CAN) bus, and a device performing the method. In an aspect, the method includes detecting manipulation of data on a CAN bus to which the device is connected. The method comprises detecting that bus impedance is below a threshold bus impedance value, detecting whether or not CAN node arbitration currently may occur on the CAN bus upon detecting that the bus impedance is below the threshold bus impedance value, and if not determining that an attempt to manipulate data on the CAN bus has occurred.

At least one of a measure of trust or a measure of spoofing risk associated with a sender of a message is determined. A measure of similarity between an identifier of the sender of the message and an identifier of at least one trusted contact of a recipient of the message is determined. The measure of similarity is combined with at least one of the measure of trust or the measure of spoofing risk to at least in part determine a combined measure of risk associated with the message. Based at least in part on the combined measure of risk associated with the message, a verification action is performed including by automatically providing an inquiry message that requests a response to be provided.

Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include identifying first webpage content comprises phishing content, determining, using a reinforcement learning (RL) agent, at least one action, generating, based on the determined at least one action and the identified first webpage content, altered first webpage content, identifying that the altered first webpage content is benign, generating, based on the determined at least one action and second webpage content, altered second webpage content, and training, based on the altered second webpage content and a corresponding label of phishing, a phishing detector.

Certain embodiments of the present invention provide methods and systems for dynamic classification of electronic vendors. Certain embodiments provide a method for dynamic vendor classification. The method includes analyzing a vendor based on a comparison of vendor features; categorizing the vendor based on the analysis; and permitting access to the vendor according to the categorization of the vendor. The categorization may include trusted, not trusted, or unsure, for example. Analysis may include comparing a first outlet of the vendor with a second outlet of the vendor, for example. Analysis may include comparing an outlet of the vendor with an outlet of a second vendor, for example. A vendor may be defined as a particular outlet for a vendor and/or all outlets associated with a vendor (a vendor entity).

Methods, systems, and apparatus for communicating over a radio link by devices with broadband connectivity are disclosed. In one aspect, a telecommunications device includes a first transceiver, a second transceiver, and a state monitor. The first transceiver communicates over a broadband link. The second transceiver communicates over a radio link. The radio link is a Low-Power Wide-Area Network (LPWAN) link. The state monitor includes one or more processes that monitor a state of the telecommunications device, and in response to the state of the telecommunications device being one of a plurality of pre-specified states, transmit, using the second transceiver, data specifying the state of the telecommunications device over the radio link.