Lookout
Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.
My Articles
Chrome & Firefox Vulnerabilties
Google and Mozilla have both recently disclosed critical vulnerabilities in their respective Chrome and Firefox web browsers.
CVE-2024-8904, 9602, & 9603
Google has reported two new vulnerabilities in Chromium based browsers tracked as CVE-2024-8904 and CVE-2024-9602
CVE-2024-7971
Researchers at Microsoft recently discovered and reported a new zero day vulnerability in Google’s Chrome browser, which is tracked as CVE-2024-7971
CVE-2024-36971
Google recently disclosed a new zero-day affecting all devices running its Android operating system. It exists in the Linux kernel’s network route management capabilities.
EvilVideo Telegram Exploit
Researchers recently disclosed their discovery of a zero-day vulnerability in the Telegram app for Android.
Four Chrome Zero Days
Google recently disclosed eight new mobile vulnerabilities in Chrome including four zero-days
CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack
Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the FCC via mobile devices.
CVE-2023-7024
Google recently disclosed a critical vulnerability in Chromium that adversely affects both Google Chrome and Microsoft Edge browsers across desktop and mobile devices.
Qualcomm Vulnerabilities in Android Devices
Qualcomm released a security bulletin acknowledging three critical vulnerabilities in multiple chipsets that it produces.
iOS 17.1.1
Apple recently disclosed two critical zero-day vulnerabilities in iOS 17.1.1 relating to the WebKit engine that supports Safari.
CVE-2023-6345
Google recently disclosed a critical vulnerability that has known active exploits in the wild.
Arid Viper
Arid Viper targets high-profile individuals with targeted malware across Android, iOS, and Windows devices using DesertScorpion and FrozenCell.
RedAlert - Rocket Alerts
iOS 16.7 & 17.0.2
Apple released iOS 16.7.1 and 17.0.3 to patch vulnerabilities that were reportedly being exploited in the wild.
iOS 16.6.1 and iOS 17.0
Apple recently released two software updates for iOS and iPad OS for vulnerabilities that can form an exploit chain and are also known to install Predator spyware.
CVE-2023-4863
Google released a patch for a new zero-day vulnerability in Chrome tracked as CVE-2023-4863, which CISA also listed in their database.
ASPL 2023-09-01 / CVE-2023-35674
An Android framework privilege escalation vulnerability, was recently discovered being exploited in the wild, and has since been fixed by the 2023-09-01
Scattered Spider
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
BlastPass - iOS 16.6 and 15.7.8
Apple released two security updates, 16.6.1 and 15.7.9 for iOS and iPadOS to address the vulnerabilities exploited by the BlastPass exploitation chain.
iOS 16.5.1
Apple released Rapid Security Response (RSR) late last week to cover for a vulnerability which is affecting all iPhones and iPads.
Samsung & Android Security Fixes
CISA announced 7 actively exploited vulnerabilities recently which were fixed by the vendors over the time.
iOS 16.5
Apple released two new iOS versions, iOS 16.5.1 and iOS 15.7.7, last week. In a recently released Lookout threat guidance for Operation Triangulation, we described the severity of the Triangulation malware.
Operation Triangulation
Triangulation malware is now known to be in use against Kaspersky employees for at least four years.
Multiapp-CVE-2023-3079
Google released an emergency patch for a new zero-day vulnerability tracked as CVE-2023-3079 on June 5th.
iOS 15.7.5/ iOS 16.4
Apple recently released two critical updates for iOS with heavy security implications.
Exynos Modems
Google Project Zero listed 18 vulnerabilities in Samsung Exynos modems produced by Samsung Semiconductor.
Pinduoduo App
Pinduoduo, a large Chinese online retailer, recently had their app removed from both the Google Play Store and iOS App Store because of malicious activity in their app.
iOS 16.3 Vulnerability Fixes
Apple recently released iOS 16.3.1, which includes a number of critical security fixes for vulnerabilities including CVE-2023-23514 and CVE-2023-23529.
iOS 16.1.1 and 16.1.2 Vulnerability Fixes
Apple recently released two software updates with security fixes: iOS 16.1.2 and iOS 16.2.
Chrome 9th Zero Day | CVE-2022-4262
Google released an emergency patch for a new zero-day vulnerability tracked as CVE-2022-4262. The CVE is found in the V8 Javascript engine of Chromium
ChromeHeap | CVE-2022-4135
Google patched a new zero-day found in the GPU component of the Chromium open-source web browser causing a heap buffer overflow.
Samsung Devices | CVE-2021-25337/369/370
Google TAG under Project Zero revealed an active kill chain that exploits vulnerabilities in Samsung devices.
Chrome Zero Day | CVE-2022-3723
Google recently released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind popular web browser
iOS 16 Zero Day
Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827
CVE-2022-3075
Google released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind some popular web browsers.
iOS 15.6.1 Zero-Day
Apple released a software update to iOS and iPadOS 15.6.1 to patch a zero-day kernel vulnerability identified as CVE-2022-32917.
iOS 15.6 Vulnerabilities
Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit).
iOS 15.5 Vulnerabilities
Apple released a software update to iOS and iPadOS 15.5 to patch 35 issues, including two critical vulnerabilities identified by Lookout which grant control of the device.
Spyware in the Enterprise
The Lookout Threat Intel team's recent discovery of Hermit, a mobile surveillanceware tool, shows how mobile surveillanceware could adversely affect enterprise organizations
CVE-2022-1633 – 1641
Researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are CVE-2022-1633 through CVE-2022-1641.
CVE-2022-1364
Google's Threat Analysis Group recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1364.
CVE-2022-1096
A researcher recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1096 in the V8 Javascript Engine component.
CVE-2022-0609
Google recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-0609.
iOS 15.3 Vulnerabilities
Apple released an urgent software update to iOS 15.3 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to execute arbitrary code remotely.
Adobe Acrobat for Android
There has been a critical vulnerability in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device.
AbstractEmu: Mobile Rooting Malware
Mobile rooting malware found on Google Play, Amazon Appstore, and the Samsung Galaxy Store.
iOS 15.0.1 Vulnerabilities
Apple released an urgent software update for iOS 15.0.1, in response to the latest zero-day vulnerability in the IOMobileFrameBuffer.
iOS 14.8 Update
Apple released an urgent software update for iOS 14.7 to patch a vulnerability that was found to be exploitable by attackers using the surveillanceware known as Pegasus.
NSO Group & Pegasus
A data leak of more than 50,000 phone numbers revealed a list of identified persons of interest by clients of NSO, developers of the Pegasus malware, since 2016.
REvil Ransomware Attack on Kaseya
Kaseya recently fell victim to a ransomware attack executed by the REvil group. In all between 800 and 1,500 businesses down the chain were affected by this attack.
BitScam & CloudScam: Crypto Scamming Apps
Dozens of crypto apps in the Play Store have scammed money from over 93,000 individuals
Preinstalled Android Apps
A number of apps that come preinstalled on Android devices were found to have vulnerabilities that could be exploited on any Samsung device.
EA Games Credentials Leaked via Slack Cookies
Attackers were able to gain access to EA's infrastructure with employee credentials in cookies from Slack and exfiltrate almost 1TB of data.
Colonial Pipeline Ransomware Attack
The Colonial Pipeline ransomware attack demonstrated how cybercrime groups exploit diminishing visibility, legacy security systems, and mobile devices to extort money.
Pulse Secure VPN
Several vulnerabilities discovered in the Pulse Secure VPN are being exploited by threat actors to bypass authentication and install malware in enterprise infrastructure.
Flubot Smishing
Attackers are using phone numbers leaked from Facebook to socially engineer mobile users into downloading malicious apps infected with the FluBot banking trojan
BancaMarStealer
A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.
iOS WebKit Vulnerabilities
Apple released an urgent software update to iOS 14.4 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to perform arbitrary cross-scripting.
Mobile Phishing Attacks on Australian Government
Australian government officials were targeted by a mobile phishing campaign through Telegram and WhatsApp, where attackers could send messages on their behalf.
Office 365 Account Takeovers
The expanded remote workforce has increased organizations’ threat surface in the cloud, which resulted in a surge of attacks and breaches on Microsoft Office 365 services.
Hornbill and Sunbird - Android Surveillanceware/RAT
Novel Android surveillanceware developed by pro-India APT group Confucius targeting Pakistani officials
SolarWinds: Software Supply Chain Attack
Solarwinds showed the effectiveness of a software supply chain attack, an effective tactic for compromising a high volume of devices with a single infected software update.
Goontact: iOS and Android Malware
A blackmail and sextortion campaign targeting individual users on both iOS and Android
Chrome for Android Vulnerabilities
This vulnerability affects Chrome for Android v86.0.4240.185 and below. In the event of a successful exploit, the actor could access any capability that the browser has.
AndroidOS/MalLocker.B Ransomware
This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.
Firefox for Android Vulnerabilities
Vulnerability in Firefox for Android, found in the app's SSDP protocols, allows an attacker to trigger actions on a victim’s device if connected to the same Wi-Fi network.
Instagram for Android Vulnerabilities
This vulnerability in Instagram for Android app versions prior to 120.0.0.26.128 could allow attackers to take control of Instagram's functionality and permissions.
Mintegral SDK (SourMint)
The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.
Twitter Phone Spear Phishing Attack
This Twitter phone spear phishing attack compromised the accounts of influential individuals and exemplifies the effectiveness of voice phishing, also known as vishing.
Chinese Surveillanceware
The Lookout Threat Intelligence team discovered four Android surveillanceware tools used to target the Uyghur ethnic minority group.
Tiktok Pro
Lookout conducted an in-depth analysis of the fake TikTok Pro app and has classified it as toll fraud malware.
unc0ver Jailbreak
Unc0ver is a widely used jailbreak present in the market for some time, and more recently started taking advantage of an iOS kernel vulnerability discovered in 2019.
Cerberus Distributed Via MDM
This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.
iOS Mail Exploit
A vulnerability in the native iOS Mail app allowed an attacker to execute an attack with zero or one-click.
LightSpy
LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.
Voatz App Security Flaws
The Voatz vulnerability, discovered by researchers at MIT, could allow hackers to see someone’s vote or even change their vote.
ReboundRAT
This attackers behind this remote access trojan (RAT) attack used social engineering to target Israeli Defense Force (IDF) soldiers.
iOS 14.3 Vulnerabilities
Apple announced three exploitable vulnerabilities in iOS 14.3. Two of them were tied to the Apple WebKit, while the third was a vulnerability of the device kernel.
Mobile APT Attack on Amazon CEO
Amazon's CEO was targeted by a mobile advanced persistent threat (APT) that enabled the attacker to steal data with a compromised video file sent to the victim via WhatsApp.
Tiktok
In January 2020, two US military organizations banned TikTok because of communication with servers in China and Russia.
ToTok
ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.
Strandhogg Vulnerability | Android OS Safeguards
Promon, a Lookout partner, reported on Strandhogg, a vulnerability in the Android OS that allows for one app to display an Activity in the UI context of another app.
xHelper
This malware can deploy second-stage malware payloads which can steal user login information, keylog, deploy ransomware, and bypass MFA with SMS interception.
Lookout Security Intelligence Team Discovery of AzSpy
AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.
Lookout Phishing AI Discovers Campaign Targeting UN and Humanitarian Orgs
This campaign targeted non-governmental organizations around the world, including but not limited to UN and humanitarian organizations.
Lookout Security Intelligence Team Discovery of ArmaSpy
ArmaSpy was a surveillance family, which appears to have been targeting Iranian users since late 2016 with new samples discovered as recently as mid-2019
Lookout Phishing AI Discovers Campaign Targeting Verizon Employees
Phishing AI discovered this campaign targeting Verizon employees on mobile devices.
Joker Trojan
Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.
SimJacker
SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.
Monokle RTD
Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of unique capabilities for stealing data from Android devices
InfectedAds/AgentSmith RTD
This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.
Lookout Security Intelligence Team's Discovery of BeiTaAd RTD
BeiTaAd is a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.
Government Impersonator Targeting Small Businesses
Lookout Phishing AI detected a phishing campaign impersonating local government websites, including the City of San Mateo, City of Tampa, and Dallas County.
Attack Targeting AT&T Corporate Employees
Phishing AI discovered this campaign targeting AT&T employees on mobile devices.
eSurvAgent RTD
eSurvAgent is a sophisticated Android surveillanceware agent.
mAPT ViperRAT Found in Google Play
Lookout researchers discovered samples belonging to the ViperRAT malware family, a known mobile advanced persistent threat (mAPT), in the Google Play Store.
Pegasus for Android: The Other Side of the Story Emerges
Lookout and Google are releasing research into the Android version of one of the most sophisticated and targeted mobile attacks we’ve seen in the wild: Pegasus.
Ghost Push and Gooligan: One and the Same
This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014.
Trident Vulnerabilities: All the Technical Details in One Place
Today, Lookout released the technical details behind “Trident,” a series of iOS vulnerabilities that allow attackers to jailbreak a user’s device and install spyware.
Pegasus and Trident: Your Questions Answered
Pegasus is a highly sophisticated piece of spyware that uses three previously unknown vulnerabilities called “Trident.” This is the most sophisticated mobile attack seen.
The 7 Most Common Types of Cyber Attacks During the Holiday Season
Phishing, ransomware, and other common types of cyber attacks typically increase during the holiday season. Here’s what to look out for.
Understanding How NIST Shapes the Zero Trust Security Framework
Learn about the NIST zero trust model’s guidelines for how modern organizations should strengthen their cybersecurity posture and protect their IT infrastructure.
Replacing Traditional Security Models: Why the Shift to Zero Trust Matters
Explore why zero trust security solutions replaced the perimeter-based approach in response to modern cyber threats and business realities.
Leverage Threat Intelligence Feeds to Level Up Your Security Strategy
Learn how to leverage threat intelligence platforms to protect your organization’s mobile devices from vulnerabilities, malware, and social engineering.
Enhancing Security Posture: What Is Threat Hunting?
Cyber attackers are using more sophisticated methods. Here’s how threat hunting addresses attacks and what your organization can do to improve.
From Phishing to Malware: How to Defend Against a Modern Kill Chain
Mobile devices and the cloud have created a new, modern kill chain for attackers to target. Read this guide for cutting-edge ways to protect your organization.
Understanding the Zero Trust Framework
Learn how to build a zero trust framework in your organization by implementing continuous verification, least privilege principles, and microsegmentation.
Mobile Device Management: What Is It and Why Isn't It Enough?
Learn how mobile device management works and why it alone isn’t enough to secure your network.
Using Endpoint Detection and Response (EDR) in Mobile Defense
Traditional endpoint detection and response isn’t complete without a mobile component. Read to learn how mobile EDR software helps protect your organization.
The Role of Digital Forensics and Incident Response (DFIR) in Cybersecurity
Learn how to develop a comprehensive digital forensics and incident response (DFIR) strategy, which can help your organization recover after a data breach.
Why Multifactor Authentication (MFA) Alone Isn't Enough to Stay Secure
Looking to strengthen your organization’s cybersecurity posture? Here’s why multifactor authentication isn’t enough by itself and what to look for next.
Boosting Mobile Defense: A Comprehensive Guide to Mobile Security
Develop a comprehensive mobile security strategy for your organization by managing vulnerabilities, analyzing threats, and implementing mobile EDR solutions.
Security Service Edge (SSE): The Ultimate Guide to Enhancing Data Protectio
Security service edge helps organizations manage and secure an increasingly complex cloud-based infrastructure. Learn more inside.
The 7 Essential Steps for Ensuring Mobile App Security
Protect your organization's smartphones and tablets with a robust mobile app security strategy. Vetting new apps and enforcing access controls are vital steps.
Mobile Endpoint Security: Why Enhancing EDR for Mobile is Critical
Does your organization take mobile endpoint security seriously? Find out why mobile-forward EDR is a critical part of protecting modern infrastructure.
Mastering the Mobile Vulnerability Management Process
Improve your organization’s mobile vulnerability management process by assessing common smartphone and tablet threats, then prioritizing the most urgent fixes.
CMMC Mobile Security: A Guide to Compliance for Enterprise Organizations
Ensure that your organization complies with CMMC mobile security standards. Enforce smart mobile device policies and maintain a strong cybersecurity framework.
How to Apply the NIST Framework to Your Mobile Security Strategy
Safeguard your day-to-day workflows, your employees’ mobile devices, and your organization’s sensitive data by following the NIST framework for cybersecurity.
From Detection to Remediation: Securing Cloud Data with Lookout
While cloud storage allows for easy data sharing and collaboration, it also opens up potential vulnerabilities that must be addressed.
How to Use a Risk-Based Vulnerability Management Model to Secure Mobile Dev
Learn how to apply risk-based vulnerability management to your organization’s mobile endpoints and strengthen your cybersecurity posture.
Mobile Threat Defense: Safeguarding Your Data on the Go
Discover how mobile threat defense systems can improve your security stance across managed, unmanaged, and BYO devices.
Top Strategies for Preventing Accidental Data Shares in Real Time
DLP, encryption, and access controls are just a few of the most important methods for avoiding accidental data shares. Read this guide for more key strategies
Data Security Best Practices: 7 Tips to Crush Bad Actors
Learn about data security best practices and how to secure your data from bad actors with seven simple techniques.
The Rise of ZTNA: A Seamless Path to Remote Access
Adopting ZTNA might seem daunting — but it doesn’t have to be difficult.
What Is a Modern Breach and How Can It Be Prevented?
As cyberattacks become more sophisticated, protecting your data becomes harder. Here’s how to identify breaches and implement security policies to prevent them.
Remote Access Security: 5 Best Practices for Remote Workers
Lock down your organization’s remote access security with multi-factor authentication, zero trust principles, and sophisticated user analytics.
Safeguarding Sensitive Information in the Age of Generative AI
Discover the risks of generative AI tools and learn how to protect your organization from data leaks with Lookout Secure Internet Access.
ZTNA Use Cases: Real-World Examples for Modern Enterprises
These ZTNA use cases show why it’s critical to protect your data by implementing a strong zero-trust network access strategy at your organization.
SaaS Security: Understanding Modern Threats and How to Guard Against Them
With so much data spread across the cloud, SaaS security should be a top priority for your company.
7 CASB Use Cases to Protect Cloud-Based Resources
CASB use cases range from detecting malware to analyzing user behavior to keep your organization safe — even when using cloud applications and storage.
CASB Requirements: What You Need to Know to Secure Your Cloud
Modern cloud environments call for CASBs — but how do you find the right platform? These five essential CASB requirements will point you in the right direction.
The Cloud Security Confidence Gap: What Leaders Need to Know
Discover key findings from our survey of 100 executives on cybersecurity priorities, challenges, and evolving solutions.
Detect and Defend: 5 Tips for Guarding Against Insider Threats
Whether it’s malice or negligence, an insider threat can cost your organization millions of dollars. Here are five strategies to prevent that.
5 Zero Trust Remote Access Solutions Your IT Team Needs to Know
Implement zero trust remote access solutions at your workplace by requiring stringent identity checks, limiting permissions, and analyzing user behavior.
Account Takeover Protection: What It Is and How It Combats ATO Fraud
Protect your organization from account takeovers by recognizing common attacks, educating your staff, and implementing the right software solutions.
SaaS Security Best Practices for Modern Organizations
Discover the 5 most important SaaS security best practices organizations should implement to protect data and resources in the cloud.
The Impact of AI and Machine Learning on Cloud Data Protection
AI and ML can help your organization achieve better cloud data protection. But finding real results requires going much deeper than a helpful chatbot.
Understanding Data Exfiltration Prevention
Discover common data theft techniques and learn data exfiltration prevention strategies to combat them in our guide.
Understanding Cloud Misconfiguration: Risks, Prevention, and Solutions
Learn how to detect and prevent the common cloud misconfiguration issues that introduce critical security risks at modern cloud-based organizations.
Insider Risk Management Strategies to Protect Sensitive Data
Learn about today’s most common insider threats and discover the insider risk management strategies that will keep your organization secure.
The Comprehensive Guide to Enterprise Mobile Security
Hybrid and bring-your-own-device work models bring new efficiencies as well as new vulnerabilities. Here’s how to improve your enterprise mobile security.
Enhancing Security With Zero Trust Adoption
Discover how a zero trust approach can improve your security stance, as well as key challenges to achieving zero trust adoption at your organization.
Choosing the Right VPN Alternatives for Secure Remote Access
Discover powerful VPN alternatives that provide secure remote access while addressing emerging threats and supporting modern digital infrastructure.
Best Practices for Effective Vulnerability Management
Explore the seven most important vulnerability management best practices that will help any organization build a more robust security posture.
Privacy vs. Mobile Security: Why MSPs Don’t Have to Choose
Many people are resistant to putting an employer-mandated security app on their phone, but organizations don't have to sacrifice security for privacy.
Security Made Easy: Mobile Security Purpose-Built for MSPs
Discover how Lookout simplifies mobile security with easy deployment and management.
How to Stop Data Leaks in Their Tracks
Keep your organization’s sensitive data protected against cyber attacks by learning how to prevent data leaks and fix their most common causes.
Cybersecurity Is Not Complete Without EDR for Mobile
Businesses are increasingly turning to mobility solutions to increase productivity. You need mobile EDR to provide visibility across all of your mobile endpoints.
9 Social Engineering Attack Examples to Watch Out For
Uncover nine examples of social engineering attacks and learn how to protect yourself from these deceptive tactics.
Cloud Security Compliance: Ensuring Data Safety in the Cloud
Discover essential strategies for cloud security compliance, from understanding regulations to leveraging key data security tools.
Top Remote Work Security Risks Every Organization Should Know
Learn about the top remote work security risks and how to mitigate them to protect your organization’s assets.
ChatGPT Security: Tips for Safe Interactions with Generative AI
Learn ChatGPT security tips to protect your data from data leakage while benefiting from this generative AI tool.
7 Top Mobile Security Threats: Safeguard Your Device
Learn about the top mobile security threats and how to defend against them. Keep devices — and sensitive data — safe with these helpful insights.
The Rising Threat of Mobile Phishing and How to Avoid It
As mobile devices become integral to work, the threat of mobile phishing grows. Learn how these sophisticated attacks work, their impact, and how to protect your data.
Crafting a Robust Cloud Security Strategy in 2024
Discover key components and best practices for creating a modern cloud security strategy.
Three Questions to Ask About Your Cloud Security Posture
As your organization transforms its digital infrastructure, cybersecurity needs to go through the same transformation.
Credential Theft Protection: Defending Your Organization's Data
Credential theft is one of the most common ways for threat actors to get into your systems. Learn what it is and how to protect against it.
How CASB and DLP Work Together to Safeguard Data
Enhance data security with CASB and DLP working in tandem. Learn how these solutions protect your sensitive information.
Security Made Easy: Mobile Security That Won’t Stretch Your IT Team
Discover how Lookout simplifies mobile security with easy deployment and management, enhancing IT efficiency without added strain.
ZTNA vs VPN: Decoding the Best Remote Work Security Option
Learn how to choose between ZTNA and VPN for securing remote workers.
7 Essential Tips to Prevent Social Engineering
To prevent social engineering, you should educate your employees on common red flags and keep your hardware and software up to date.
Navigating BYOD Security: Proven Strategies and Best Practices for Success
Employees rely on their personal devices to get work done. A sensible BYOD security policy can help safeguard your organization’s data.
Privacy vs. Mobile Security: Why You Don’t Have to Choose
Many people are resistant to putting an employer-mandated security app on their phone, but organizations don't have to sacrifice security for privacy.
Top 10 Tips for Creating a Data Loss Prevention Policy
Data loss prevention policies provide a framework for responding to malicious activity, system failure, and accidental exposure
The Ultimate Guide to Enterprise Data Protection Solutions
Staying ahead of bad actors requires taking a comprehensive view of data security, integrity, and availability.
Safeguarding Users From Sites Unknown: Secure Internet Access with RBI
There’s an option that goes beyond allowing or denying access to risky web resources: remote browser isolation.
Don’t Forget Mobile Security: How Mobile Devices Serve as Keys to the Cloud
To modern threat actors, mobile devices are the keys to the kingdom, providing a pathway for attackers to compromise your entire organization.
Mobile EDR for Security Professionals by Security Professionals
Our industry-leading mobile EDR solution gives organizations the comprehensive capability to detect and respond to mobile threats, stopping attacks in their tracks.
5 Trends That Are Changing the Landscape of Cybersecurity
If you want your organization to remain secure, it’s not enough to keep up with the trends — you need to be one step ahead.
3 Things To Know About Securing Remote Work with VPN
It's been two decades since the introduction of VPN technology, but in the intervening years, remote work requirements have changed dramatically
Are Your Private Apps Secure? 3 Questions To Ask
While VPNs used to be the go-to solution for extending access to private apps to remote users, they aren't a sufficient solution for securing a hybrid workforce.
Busting 6 Myths About Mobile Device Security
While most organizations have a robust cybersecurity strategy in place to protect their laptops and corporate networks, mobile devices are often left underprotected.
Cloud Data Protection: How 5 Organizations Stay Secure With Lookout
To enforce cloud data protection policies across SaaS apps, a cloud access security broker (CASB) has become a necessity.
4 Best Practices for Protecting Against Cloud Security Risks
SaaS apps are essential in driving efficiency and promoting collaboration, but securing your organization against cloud security threats can be a unique challenge.
Cloud Application Security: Protecting Data in SaaS Apps
IT teams must find a way to secure SaaS apps, and existing security solutions simply aren’t designed to protect sensitive data in the cloud.
Meet Lookout SAIL: A Generative AI Tailored For Your Security Operations
With the introduction of Lookout SAIL, we radically change how people interact with the information on our platform and conduct cybersecurity analysis.
The Work-Life Mix-up: How to Stay Secure in the Hybrid Work Era
Workers’ attitudes toward work and technology have shifted, and with this, the security landscape has also changed.
Office 365 and Azure Exploited in Massive U.S Government Hack
According to SolarWinds filings with the SEC, the involved attackers were able to compromise the company’s Microsoft Office 365 emails with forged SAML tokens.
Q&A: Why Diversity in Cybersecurity Is So Important
In anticipation of the Day of Shecurity happening on December 8th, we sat down with Staff Security Intelligence Engineer, Kristina Balaam to get her take on diversity.
Symmetric vs. Asymmetric Encryption – Which is Best?
One of the basic questions in considering encryption is to understand the differences between symmetric and asymmetric encryption methods, and where to apply each method.
Critical Mobile Security Capabilities Everyone Needs
While away from the office, your workers are using their mobile devices to stay productive. So how do you secure your data in this new reality?
Four Best Practices for Securing Microsoft 365 Against Risks
Let's tackle security gaps across Office 365 and other connected clouds that are typically missed by traditional cloud security and data protection controls.
Framing ZTNA & Security Parameters: Risks Tenets & Best Practices
The prolific adoption of all things cloud (IaaS, PaaS, and SaaS) continues to drive massive fragmentation in security strategies and tooling used to address these challenges.
The Cloud, the Breach, and the Increased Role of CSPM
Cloud adoption has reached stratospheric levels causing increased volume of workloads & applications usage. Enter Cloud Security Posture Management (CSPM).
Three Key Takeaways From Our ‘Security in Motion’ Summit
As the leader in mobile security, we hosted a summit to help professionals around the world unpack the challenges related to today's mobile reality.
Securing SAP SuccessFactors – Protecting Human Capital
Organizations require tighter controls to protect their multi-cloud environments and data from potential data leaks or breaches due to misconfigurations.
Gartner 2020 CASB Magic Quadrant - Visionary Performance
We’re extremely pleased to note that the Lookout CASB platform has successfully captured the title of “Visionary” from industry analysts Gartner.
Advancing Cloud DLP Through Smarter Policies
In the world of data loss prevention (DLP), the issue of policy effectiveness is similarly a critical aspect of ensuring overall success.
Improving Data Security for SaaS Apps | CASB
Today’s security practitioners need practical guidelines and technical capabilities that support their expanding SaaS usage.
4 Best Practices for Securing Enterprise Data in Microsoft Office 365
How to address O365 and Teams security issues.
Q&A: Michael Kaiser on State of Election Campaign Security
According to Tech for Campaigns, 90% of presidential campaigns’ 2018 digital campaign ad spend was delivered to mobile devices.
Securing the Multi-Cloud Environment through CSPM and SSPM
With the growing cloud popularity and adoption, organizations migrating their business-critical applications to the cloud are overlooking a simple cloud security question.
Five Step UEBA to Detect and Stop Insider Attacks
While organizations invest substantially into security solutions, one thing overlooked is the communication between apps and devices in the cloud-mobile environment.
CASB for Box
Easily enable data loss prevention and data protection without compromising Box ease-of-use
CASB for Microsoft 365
Lookout CASB safeguards your Microsoft 365 data while boosting cloud productivity
CASB for SAP SuccessFactors
Leverage SAP SuccessFactors to its fullest potential, meet strict privacy and data protection requirements.
CASB for Slack
Collaborate on Slack without compromising your data, empower digital communication without sacrificing security.
Cloud Data Encryption
Encrypt your data in the cloud and keep the keys to assure security and compliance.
Lookout Data Loss Prevention
Full Visibility and Data Protection for Email, SaaS and IaaS Applications
Q&A: With Christoph Hebeisen, Head of Threat Intelligence
We sat down with our Head of Threat Intelligence, Christoph Hebeisen, to learn what it means to be a security researcher in a world of constantly evolving threats.