December 5, 2016

Presidential Commission on Enhancing National Cybersecurity: Prioritize mobile security now

The Presidential Commission on Enhancing National Cybersecurity released its report on securing and growing the digital economy  in which one message is clear: de-prioritizing mobile security is no longer an option.

New priorities for a new mobile workplace

The days of employees working only at an office using an organization-issued desktop computer fully managed by the organization are largely over. Market forces and employee demands have made “bring your own device” the de facto option in many workplaces. … Organizations no longer have the control over people, locations, networks, and devices on which they once relied to secure their data. Mobile technologies are heavily used by almost every organization’s employees, yet security for mobile devices is often not considered as high a priority as security for other computing platforms. In short, the classic concept of the security perimeter is largely obsolete.” – Excerpt from the Commission on Enhancing National Cybersecurity report

Employees in the public sector are using mobile devices every day to get their jobs done, whether government agencies know about it or not. Today, having a secured mobile workforce — which includes protection against risky applications, network attacks, and malicious intrusions — is a necessary element of an agency’s overall security architecture.

Read More

December 1, 2016

Ghost Push and Gooligan: One and the same

You may have seen headlines about a new family of malware called “Gooligan.” This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014. Lookout customers have been protected against this threat since then.

Google released a blog post on the threat called, “The fight against Ghost Push continues.” In it, the company reveals that is has been tracking the malware and acknowledges a problem anyone, especially enterprises, should be watching for: malware evolves and becomes more sophisticated over time.

Read More

December 1, 2016

It starts now: 2017 mobile security predictions from Gartner

Gartner just published its “Predicts 2017: Endpoint and Mobile Security” report that includes findings and recommendations. I believe three of these to be significant for mobile security and for InfoSec and technology leaders heading into the new year. My take on these findings is below.

Read More

November 22, 2016

Business travel: The mobile risks to your corporate data

The holidays bring a season heavy with travel plans. That might include your employees.

Lookout Chief Product Officer Santosh Krishnan recently published an article in Help Net Security that outlines the potential mobile risks to your corporate data while your employees are on the go.

Krishnan specifically addresses targeted attacks, such as the Pegasus malware; network attacks, such as man-in-the-middle attacks; the rare, but concerning “juice-jacking” attack, and other things to consider.

He also discusses how to keep your corporate data safe. The bottom line? Make sure you can remotely:

  • Detect and remediate mobile malware
  • Detect and remediate compromised operating systems
  • Detect and remediate network-based man-in-the-middle attacks.

Read it on Help Net Security today and share with any of your employees who may soon be headed out of town.

November 21, 2016

Fake apps, identity theft, and 7 tips to keep your data safe this holiday shopping season

Man mobile shopping during the holidays

If the twinkle lights on trees and the familiar tunes of carols emanating from coworkers’ earbuds haven’t given it away already: we’ve officially entered holiday shopping season.

This means you may be likely to use your mobile device to purchase presents for your family and friends. It’s more important than ever to be vigilant while making purchases on your mobile device in order to avoid mobile scams.

IBM quotes the rise in mobile shopping on Black Friday 2015 saying, “Mobile shopping habits shifted noticeably … marking the first time smartphones generated more sales than tablets, mainly by stealing device share from desktops.”

While people are seeing the benefits of mobile shopping — ease of price comparisons in-store, convenience to shop anywhere anytime — opportunistic criminals are seeing potential benefits, as well.

Read More

November 15, 2016

Secure your identity and your device in one app with expanded protection from Lookout Personal

Today, Lookout is adding two new tools to our Personal app for individuals who are concerned about the safety of their digital identity and financial data.

In today’s mobile world our personal information is stored in many services on our devices and across the internet, which is a great thing for our daily digital lives. Criminals see value in this information, too, especially if it’s information associated with our identities, and may attempt to breach the services we use to obtain it.

Identity Theft Protection helps you detect and recover from identity theft, and Breach Report notifies you with clear, actionable information about corporate data breaches that may impact you. These new features, coupled with our time-tested security technology, make the Lookout Personal app the only all-in-one app for mobile security, identity theft protection, and device theft prevention.

Want to check it out?

Screen Shot 2016-11-14 at 11.50.47 AM

Read More

November 2, 2016

Trident vulnerabilities: All the technical details in one place

Today, Lookout is releasing the technical details behind “Trident,” a series of iOS vulnerabilities that allow an attacker to remotely jailbreak a target user’s device and install spyware.

In August, Lookout, in conjunction with Citizen Lab, discovered “Pegasus,” a sophisticated piece of mobile spyware used by nation state actors to surveil high-value targets. The so-called “cyber arms dealer,” NSO Group created the spyware, which, at the time, relied on the three Trident vulnerabilities to remotely and silently compromise a device. Lookout and Citizen Lab worked directly with Apple to close the holes and cripple this attack vector used by Pegasus for the compromise.

In the process, Lookout and Citizen Lab also identified a related vulnerability Mac OS, which Apple quickly patched as well.

Below you can find the full technical details behind the vulnerabilities. Want more background on the Pegasus malware? Microsoft noted in a blog, “Many security firms described it as the most sophisticated attack they’ve seen on any endpoint.” Check out our coverage of the Pegasus attack and Trident vulnerabilities, including our original technical report and analysis for CSOs and CIOs.

Read More

November 1, 2016

DirtyCow and Drammer vulnerabilities let attackers root or hijack Android devices

Two especially critical flaws that  allow an attacker to root or completely compromise a device have just been added to the litany of vulns on Android devices.

The vulnerabilities are known colloquially as DirtyCow (CVE-2016-5195) and Drammer (CVE-2016-6728). While they are unrelated, they both represent a real risk to Android users as individuals have already published proof-of-concept exploit code online for both vulnerabilities, thus minimizing the time attackers would need  to understand and develop their own exploits from scratch. Additionally, industry researchers have already seen attackers using DirtyCow  to exploit Linux-based systems in the wild.

Read More

October 28, 2016

A new look for Lookout, designed by you

blog-hero

To the people whose data, devices, and digital lives we protect every day:

Lookout has just released a brand new design for the Lookout app for Android, all based on your feedback.

We recently completed a comprehensive customer-insights initiative with you, our users. In it, we learned that you need:

  • Strong protection from the real threats to your devices and data
  • Timely and easy-to-understand information about active threats
  • Peace of mind that your mobile security app protects you automatically
  • Knowledge and education that empowers you
screen-shot-2016-10-12-at-1-20-06-pm“The goal of this redesign was to empower users with clear, straightforward, and actionable information about their device and data, all the while providing them peace of mind knowing that Lookout is always watching out for them.” – Sachin Kansal, vice president of consumer product, Lookout

Read More

October 25, 2016

Holistic mobile security means protection from threats, data leakage, and your own applications

Securing mobile devices and the data they access is a huge challenge. This is because of three key technology trends happening today:

1) Mobile apps have become the primary way that data is accessed and stored. Mobile apps account for over half of internet use, according to a 2016 study from Andreessen Horowitz. Enterprises, however, rarely know what apps are being used on an employee’s mobile device and whether that app is collecting sensitive information.

2) Individual employees have tremendous control over their mobile environment. They have freedom to choose whatever apps they would like to use to get their work done. This isn’t inherently a bad thing — every company wants productive employees — but it can inadvertently put corporate data at risk if an employee chooses the wrong app..

3) Mobile apps creators range from Forbes 500 companies to a few guys in a garage. The problem is, app developers of any size do not know your company’s specific data protection sensitivities, government compliance regulations, industry standards, or data sovereignty laws. The apps are not always built to meet these sensitivities and may leak corporate data despite being otherwise “benign.”

Mobile apps introduce a new layer of complexity to an enterprise’s security strategy as IT now has to protect against everything from malicious apps to risky app behaviors.

Read More