Lookout

February 3, 2017

Where to find Lookout at RSA 2017

After a year full of headlines about data breaches and cyber war, it’s clear people want to know about the targeted attacks facing them. That’s what we’re providing at this year’s RSA.

We’ve planned a talk, a happy hour, and a great booth for all RSA attendees, especially those interested in learning about targeted mobile threats to corporate data.

February 2, 2017

Everything you need to know about data breaches in January 2017

Lookout tracks breaches related to companies and services that may impact customers with our Breach Report feature. Breach Report looks at the largest companies globally, and reports on those to give customers the most relevant information to them. It also provides remediation actions to help keep them safe. Interested in getting Breach Report? Upgrade to Premium now.

Though we are only one month into the new year, attackers have already breached over six million user accounts or personal records, according to data from Breach Report, a new feature in Lookout Personal for iOS and Android that tracks data breaches around the world.

Breaches are a commonly occurring problem into today’s digital world. The Identity Theft Resource Center reports that 36,601,939 records were exposed in 2016 alone. Criminals steal data from companies and individuals to make money selling identities and payment information, hijack accounts to send spam, or perform espionage. Most often, the end goal is financially motivated.

January 26, 2017

Mobile devices are the future of work

Mobile-beating-PCs

Enterprise employees are using their mobile devices to do their jobs today, but the day when these devices usurp PCs as the preferred device for work is coming faster than you think, if the significant delta between PC and mobile devices sales is any indication.

Mobile devices are the way people work now. Today, enterprises are used to handing out PCs upon a person’s first day at the office. As an employee gets set up, though, businesses will quickly find that work is leaving those protected environments and happening, instead, on mobile devices.

December 22, 2016

2016 data breaches: A look back at a big year of data loss

Though we still have a little less than a month left in 2016, this year has proven to be one of the most significant years for breaches.

We dove into the data using Breach Report, Lookout’s new feature that tracks and alerts users about such incidents, to bring you a deeper look at what breaches really looked like in 2016. Of course, criminals also put name brands in their crosshairs, including Yahoo, Twitter, LinkedIn, Tumblr, and Myspace. But we also observed a new trend out of 2016. Attackers seemed to concentrate attacks around three kinds of data: healthcare records, voting data, and credit card data.

Check out our breakdown of a year in data breaches:

December 21, 2016

Mobile threats 2016: targeted attacks, major vulns, and innovative malware

This year was a prolific one for threat actors, who focused on writing sophisticated code and building on existing threat families, and used familiar distribution techniques.

We’ve boiled down 2016 into five significant mobile threat-types that enterprises and individuals alike should know about. We look at a serious, targeted iOS threat; malware that roots victims’ devices; a particularly “risky” app; threats that put on a mask to trick individuals; and the litany of mobile vulnerabilities we saw this year.

Check out the recap of the most important 2016 mobile threats:

December 1, 2016

Ghost Push and Gooligan: One and the same

You may have seen headlines about a new family of malware called “Gooligan.” This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014. Lookout customers have been protected against this threat since then.

Google released a blog post on the threat called, “The fight against Ghost Push continues.” In it, the company reveals that is has been tracking the malware and acknowledges a problem anyone, especially enterprises, should be watching for: malware evolves and becomes more sophisticated over time.

November 22, 2016

Business travel: The mobile risks to your corporate data

The holidays bring a season heavy with travel plans. That might include your employees.

Lookout Chief Product Officer Santosh Krishnan recently published an article in Help Net Security that outlines the potential mobile risks to your corporate data while your employees are on the go.

Krishnan specifically addresses targeted attacks, such as the Pegasus malware; network attacks, such as man-in-the-middle attacks; the rare, but concerning “juice-jacking” attack, and other things to consider.

He also discusses how to keep your corporate data safe. The bottom line? Make sure you can remotely:

  • Detect and remediate mobile malware
  • Detect and remediate compromised operating systems
  • Detect and remediate network-based man-in-the-middle attacks.

Read it on Help Net Security today and share with any of your employees who may soon be headed out of town.

November 21, 2016

Fake apps, identity theft, and 7 tips to keep your data safe this holiday shopping season

Man mobile shopping during the holidays

If the twinkle lights on trees and the familiar tunes of carols emanating from coworkers’ earbuds haven’t given it away already: we’ve officially entered holiday shopping season.

This means you may be likely to use your mobile device to purchase presents for your family and friends. It’s more important than ever to be vigilant while making purchases on your mobile device in order to avoid mobile scams.

IBM quotes the rise in mobile shopping on Black Friday 2015 saying, “Mobile shopping habits shifted noticeably … marking the first time smartphones generated more sales than tablets, mainly by stealing device share from desktops.”

While people are seeing the benefits of mobile shopping — ease of price comparisons in-store, convenience to shop anywhere anytime — opportunistic criminals are seeing potential benefits, as well.

November 15, 2016

Secure your identity and your device in one app with expanded protection from Lookout Personal

Today, Lookout is adding two new tools to our Personal app for individuals who are concerned about the safety of their digital identity and financial data.

In today’s mobile world our personal information is stored in many services on our devices and across the internet, which is a great thing for our daily digital lives. Criminals see value in this information, too, especially if it’s information associated with our identities, and may attempt to breach the services we use to obtain it.

Identity Theft Protection helps you detect and recover from identity theft, and Breach Report notifies you with clear, actionable information about corporate data breaches that may impact you. These new features, coupled with our time-tested security technology, make the Lookout Personal app the only all-in-one app for mobile security, identity theft protection, and device theft prevention.

Want to check it out?

Screen Shot 2016-11-14 at 11.50.47 AM

November 2, 2016

Trident vulnerabilities: All the technical details in one place

Today, Lookout is releasing the technical details behind “Trident,” a series of iOS vulnerabilities that allow an attacker to remotely jailbreak a target user’s device and install spyware.

In August, Lookout, in conjunction with Citizen Lab, discovered “Pegasus,” a sophisticated piece of mobile spyware used by nation state actors to surveil high-value targets. The so-called “cyber arms dealer,” NSO Group created the spyware, which, at the time, relied on the three Trident vulnerabilities to remotely and silently compromise a device. Lookout and Citizen Lab worked directly with Apple to close the holes and cripple this attack vector used by Pegasus for the compromise.

In the process, Lookout and Citizen Lab also identified a related vulnerability Mac OS, which Apple quickly patched as well.

Below you can find the full technical details behind the vulnerabilities. Want more background on the Pegasus malware? Microsoft noted in a blog, “Many security firms described it as the most sophisticated attack they’ve seen on any endpoint.” Check out our coverage of the Pegasus attack and Trident vulnerabilities, including our original technical report and analysis for CSOs and CIOs.