August 17, 2016

Gartner Market Guide for Mobile Threat Defense Solutions – what you need to know

gartner-market-guide-bl-2x

Gartner published its “Market Guide for Mobile Threat Defense Solutions” a few weeks ago, and in my view it offers three key takeaways for security and IT leaders facing the challenge of securing mobility in your organizations.

In the guide, Gartner establishes a clear definition for Mobile Threat Defense (MTD), outlines the market’s direction through 2018, and provides the capabilities an MTD solution should have.

Let’s take a closer look at what I see as the “must know” takeaways from this report:

Read More

August 15, 2016

Linux flaw that allows anyone to hijack Internet traffic also affects 80% of Android devices

Lookout recently discovered a serious exploit in TCP reported this week also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista. The vulnerability lets attackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims.

The issue should be concerning to Android users as attackers are able to execute this spying without traditional “man-in-the-middle” attacks through which they must compromise the network in order to intercept the traffic.

Researchers from University of California, Riverside and the U.S. Army Research Laboratory recently revealed a vulnerability in TCP at the USENIX Security 2016 conference, specifically pertaining to Linux systems. The vulnerability allows an attacker to remotely spy on people who are using unencrypted traffic or degrade encrypted connections. While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack.

We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem.

Read More

August 10, 2016

Now available: The Practical Guide to Enterprise Mobile Security

EBook_Social_Day1_3x

The Practical Guide to Enterprise Mobile Security is a one-stop shop for enterprise IT teams looking to enable mobile productivity in their organizations, while simultaneously reducing the risks inherent to mobile devices. In it, you’ll get actionable information on every element of mobile security from what threats look like on mobile to how to buy a mobile security solution.

If you have any of the following questions, you need to read this guide:
  • What is mobile security?
  • What are mobile threats?
  • Have you seen mobile threats in real-life enterprises?
  • What features should mobile security solutions have?
  • How do I sell the idea of mobile security to my internal stakeholders?
  • How do I evaluate vendors?
  • How do I get my employees to use it without seeming like Big Brother?
  • How do I know if it’s really working?

Screen Shot 2016-08-10 at 9.43.55 AM

Read More

August 5, 2016

Security week-in-review: Bugs be gone, Apple announces bounty program

27766206_0e78247e88_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore bug bounty programs, bug fixes, and healthcare breaches. Check back every Friday to learn about the latest in security news.

Read More

August 5, 2016

August Android Security Bulletin: a year of patches

One year into Google’s monthly patching for Android, the August 2016 bulletin contains 103 patches, just short of the high of 108 from last month. This makes a total of 373 vulnerabilities reported via the monthly Android security bulletin for 2016 and a total of 454 since Google started publicly publishing these monthly reports a year ago.

Read More

July 29, 2016

Security week-in-review: President introduces schema for rating cyber incidents

6730231949_1886f71498_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore a new cybersecurity incident response plan from the U.S. government, the FBI most wanted list for cyber criminals, and more. Check back every Friday to learn about the latest in security news.

Read More

July 29, 2016

Black Hat conference updates app to address privacy and social engineering concerns

Update: 2016-07-29 11:00am PT
Black Hat confirmed with Lookout an hour before we published our findings that they have taken measures to disable the social components found within the Black Hat USA 2016 conference app. This addresses the major privacy and social concerns brought to Black Hat by Lookout during the disclosure period. Users of the existing app do not need to do anything as the update is controlled by Black Hat and is pushed out automatically to the app.


The technical details of the issues that were found before the fixes were implemented can be found in the rest of this blog.

“On the Internet, nobody knows you’re a dog” – Peter Steiner

Ahead of this year’s Black Hat conference, Lookout checked out the event’s app and found a concerning flaw. The app, which would allow people to sign up, build a profile, and communicate with other attendees, was set up in such a way that anyone could sign up as anyone else, impersonating that person.

Black-Hat-App-USA-2016

The Black Hat conference app enabled attackers to become anyone or spy on attendees

Read More

July 22, 2016

Security week-in-review: The Oracle vulnerability enterprises should know about

3772015_7a4a5c0b73_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore patches to Oracle’s SDKs, Google’s Chrome browser, Apple’s iOS, and more . Check back every Friday to learn about the latest in security news.

Read More

July 20, 2016

A closer look at iOS 9.3.3: Apple patches 43 security vulnerabilities

Apple released the latest version of iOS version 9.3.3 on July 18 including patches for 43 security vulnerabilities. Industry watchers have been anticipating this update as one of the final patch cycles for iOS 9 before iOS 10 is released in the fall.

For enterprises with iOS deployments, regardless if they are corporately- or personally-provided, it’s important to know about the vulnerabilities and the latest patches and encourage users to update their devices.

Since it launched in September 2015, Apple has issued 334 security patches to iOS 9. This is already a little ahead of iOS 8, which only had 273 patches during its lifetime.

Screen Shot 2016-07-20 at 3.19.05 PM

Read More

July 15, 2016

Security week-in-review: Connected cars finally see bug bounty love

5624884225_f76b7de3e1_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore car hacking, Pokemon Go, and data breach investigations. Check back every Friday to learn about the latest in security news.

Read More