Collaborate Disseminate
Researchers have brought to light a longstanding phishing campaign aimed at the UN and its various networks, and a variety of humanitarian organizations, NGOs, universities and think tanks. Some of these phishing pages are still up and are still not fl… Continue reading Phishers have been targeting UN, UNICEF, Red Cross officials for months – and still do
For more than a century, the United States Forest Service has employed men and women to monitor vast swaths of wilderness from isolated lookout towers. Armed with little more than a pair of binoculars and a map, these lookouts served as an early warning system for combating wildfires. Eventually the …read more
A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications, according to mobile security company Lookout. The malware allegedly developed by the contractor, St. Petersburg-based Special Technology Center (STC), is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient. “This ability is something that Lookout researchers have never seen in the wild before,” Lookout’s Adam Bauer, Apurva Kumar, Christoph Hebeisen said Wednesday. The so-called “Monokle” malware is extremely invasive, according to Lookout. It can record a target device’s screen while the user is unlocking it, capturing the user’s PIN. It abuses Android’s accessibility features to harvest data from third-party apps. And it uses “predictive-text dictionaries” to figure out what a […]
The post A Russian military contractor has a new, shady Android malware kit appeared first on CyberScoop.
Continue reading A Russian military contractor has a new, shady Android malware kit
Maybe we should have seen this one coming. Scammers are trying to dupe smartphone owners into turning over their personal information by clicking on push notifications that look like legitimate messages from well-known companies. The messages actually direct recipients to phishing pages, where they’ll be asked to enter their credentials, according to a new scam technique the mobile security company Lookout has detected in recent months. Researchers are still examining the phishing technique, says David Richardson, senior director of product management at Lookout, but he says it’s clear hackers are taking advantage of people’s willingness to trust their mobile devices. Lookout detected one phishing campaign in which attackers created what appeared to be a Chrome notification alerting them to a missed call. They also pointed to an example of how hackers could illicitly use logos from trustworthy companies like Slack to make a push notification look legitimate. Still have to […]
The post That push notification on your phone might be a phishing attempt appeared first on CyberScoop.
Continue reading That push notification on your phone might be a phishing attempt
Michael Murray is the Chief Security Officer at Lookout. Michael joins us today to talk about Post-perimeter Security. Full Show Notes Hosts Announcements Register for our upcoming webcasts with LogRhythm and Recorded Future by going to securityweekly…. Continue reading Post-Perimeter Security , Lookout – Business Security Weekly #123
The kit’s authors demonstrate a knowledge of Verizon’s infrastructure. Continue reading Mobile-First Phishing Kit Targets Verizon Customers
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay. Continue reading Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
A majority of RSA attendees plan to spend more on mobile security in the coming year, Lookout has discovered. Since critical data has moved to the cloud, employees are able to access it from any network, wherever they are in the world. In fact, 76 perc… Continue reading Growing mobile cybersecurity incidents spur plans for increased security investment
Lookout, the leader in securing the post-perimeter world, announced the launch of the Post-Perimeter Security Alliance to address a pressing challenge for enterprises: how to integrate security capabilities across endpoint, cloud, and identity to prote… Continue reading Lookout forms alliance to deliver pre-integrated post-perimeter solutions
The companies that make advanced surveillance software are quiet by design. They generate enough press to let the market (i.e., governments) know their products exist, but it’s not as if there’s an app store for mobile spyware. They do make mistakes, though. And thanks to two researchers from Lookout, the public now has more information on how these companies operate. In the course of investigating a new kind of Android-focused mobile malware, Lookout’s Andrew Blaich and Michael Flossman uncovered text conversations among members of a nation-state’s surveillance program. Those files, which were stored on a server that was part of the malware’s command-and-control infrastructure, represented a trove of insight about how much money the particular government budgeted for its program, whether its spies decided to buy exploits or build their own, and why it’s easier than ever for countries to leverage surveillance technology. It started when Blaich and Flossman were analyzing how a single malware sample had manipulated data within the popular […]
The post How sloppy OPSEC gave researchers an inside look at the exploit industry appeared first on CyberScoop.
Continue reading How sloppy OPSEC gave researchers an inside look at the exploit industry