My Articles
Chrome & Firefox Vulnerabilties
Google and Mozilla have both recently disclosed critical vulnerabilities in their respective Chrome and Firefox web browsers.
CVE-2024-8904, 9602, & 9603
Google has reported two new vulnerabilities in Chromium based browsers tracked as CVE-2024-8904 and CVE-2024-9602
CVE-2024-7971
Researchers at Microsoft recently discovered and reported a new zero day vulnerability in Google’s Chrome browser, which is tracked as CVE-2024-7971
CVE-2024-36971
Google recently disclosed a new zero-day affecting all devices running its Android operating system. It exists in the Linux kernel’s network route management capabilities.
EvilVideo Telegram Exploit
Researchers recently disclosed their discovery of a zero-day vulnerability in the Telegram app for Android.
Four Chrome Zero Days
Google recently disclosed eight new mobile vulnerabilities in Chrome including four zero-days
CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack
Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the FCC via mobile devices.
CVE-2023-7024
Google recently disclosed a critical vulnerability in Chromium that adversely affects both Google Chrome and Microsoft Edge browsers across desktop and mobile devices.
Qualcomm Vulnerabilities in Android Devices
Qualcomm released a security bulletin acknowledging three critical vulnerabilities in multiple chipsets that it produces.
CVE-2023-6345
Google recently disclosed a critical vulnerability that has known active exploits in the wild.
iOS 17.1.1
Apple recently disclosed two critical zero-day vulnerabilities in iOS 17.1.1 relating to the WebKit engine that supports Safari.
Arid Viper
Arid Viper targets high-profile individuals with targeted malware across Android, iOS, and Windows devices using DesertScorpion and FrozenCell.
RedAlert - Rocket Alerts
iOS 16.7 & 17.0.2
Apple released iOS 16.7.1 and 17.0.3 to patch vulnerabilities that were reportedly being exploited in the wild.
iOS 16.6.1 and iOS 17.0
Apple recently released two software updates for iOS and iPad OS for vulnerabilities that can form an exploit chain and are also known to install Predator spyware.
CVE-2023-4863
Google released a patch for a new zero-day vulnerability in Chrome tracked as CVE-2023-4863, which CISA also listed in their database.
ASPL 2023-09-01 / CVE-2023-35674
An Android framework privilege escalation vulnerability, was recently discovered being exploited in the wild, and has since been fixed by the 2023-09-01
Scattered Spider
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
BlastPass - iOS 16.6 and 15.7.8
Apple released two security updates, 16.6.1 and 15.7.9 for iOS and iPadOS to address the vulnerabilities exploited by the BlastPass exploitation chain.
iOS 16.5.1
Apple released Rapid Security Response (RSR) late last week to cover for a vulnerability which is affecting all iPhones and iPads.
Samsung & Android Security Fixes
CISA announced 7 actively exploited vulnerabilities recently which were fixed by the vendors over the time.
iOS 16.5
Apple released two new iOS versions, iOS 16.5.1 and iOS 15.7.7, last week. In a recently released Lookout threat guidance for Operation Triangulation, we described the severity of the Triangulation malware.
Multiapp-CVE-2023-3079
Google released an emergency patch for a new zero-day vulnerability tracked as CVE-2023-3079 on June 5th.
Operation Triangulation
Triangulation malware is now known to be in use against Kaspersky employees for at least four years.
iOS 15.7.5/ iOS 16.4
Apple recently released two critical updates for iOS with heavy security implications.
Pinduoduo App
Pinduoduo, a large Chinese online retailer, recently had their app removed from both the Google Play Store and iOS App Store because of malicious activity in their app.
Exynos Modems
Google Project Zero listed 18 vulnerabilities in Samsung Exynos modems produced by Samsung Semiconductor.
iOS 16.3 Vulnerability Fixes
Apple recently released iOS 16.3.1, which includes a number of critical security fixes for vulnerabilities including CVE-2023-23514 and CVE-2023-23529.
iOS 16.1.1 and 16.1.2 Vulnerability Fixes
Apple recently released two software updates with security fixes: iOS 16.1.2 and iOS 16.2.
Chrome 9th Zero Day | CVE-2022-4262
Google released an emergency patch for a new zero-day vulnerability tracked as CVE-2022-4262. The CVE is found in the V8 Javascript engine of Chromium
ChromeHeap | CVE-2022-4135
Google patched a new zero-day found in the GPU component of the Chromium open-source web browser causing a heap buffer overflow.
Samsung Devices | CVE-2021-25337/369/370
Google TAG under Project Zero revealed an active kill chain that exploits vulnerabilities in Samsung devices.
Chrome Zero Day | CVE-2022-3723
Google recently released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind popular web browser
iOS 16 Zero Day
Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827
CVE-2022-3075
Google released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind some popular web browsers.
iOS 15.6.1 Zero-Day
Apple released a software update to iOS and iPadOS 15.6.1 to patch a zero-day kernel vulnerability identified as CVE-2022-32917.
iOS 15.6 Vulnerabilities
Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit).
iOS 15.5 Vulnerabilities
Apple released a software update to iOS and iPadOS 15.5 to patch 35 issues, including two critical vulnerabilities identified by Lookout which grant control of the device.
Spyware in the Enterprise
The Lookout Threat Intel team's recent discovery of Hermit, a mobile surveillanceware tool, shows how mobile surveillanceware could adversely affect enterprise organizations
CVE-2022-1633 – 1641
Researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are CVE-2022-1633 through CVE-2022-1641.
CVE-2022-1364
Google's Threat Analysis Group recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1364.
CVE-2022-1096
A researcher recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1096 in the V8 Javascript Engine component.
CVE-2022-0609
Google recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-0609.
iOS 15.3 Vulnerabilities
Apple released an urgent software update to iOS 15.3 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to execute arbitrary code remotely.
Adobe Acrobat for Android
There has been a critical vulnerability in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device.
AbstractEmu: Mobile Rooting Malware
Mobile rooting malware found on Google Play, Amazon Appstore, and the Samsung Galaxy Store.
iOS 15.0.1 Vulnerabilities
Apple released an urgent software update for iOS 15.0.1, in response to the latest zero-day vulnerability in the IOMobileFrameBuffer.
iOS 14.8 Update
Apple released an urgent software update for iOS 14.7 to patch a vulnerability that was found to be exploitable by attackers using the surveillanceware known as Pegasus.
NSO Group & Pegasus
A data leak of more than 50,000 phone numbers revealed a list of identified persons of interest by clients of NSO, developers of the Pegasus malware, since 2016.
REvil Ransomware Attack on Kaseya
Kaseya recently fell victim to a ransomware attack executed by the REvil group. In all between 800 and 1,500 businesses down the chain were affected by this attack.
BitScam & CloudScam: Crypto Scamming Apps
Dozens of crypto apps in the Play Store have scammed money from over 93,000 individuals
EA Games Credentials Leaked via Slack Cookies
Attackers were able to gain access to EA's infrastructure with employee credentials in cookies from Slack and exfiltrate almost 1TB of data.
Preinstalled Android Apps
A number of apps that come preinstalled on Android devices were found to have vulnerabilities that could be exploited on any Samsung device.
Colonial Pipeline Ransomware Attack
The Colonial Pipeline ransomware attack demonstrated how cybercrime groups exploit diminishing visibility, legacy security systems, and mobile devices to extort money.
Pulse Secure VPN
Several vulnerabilities discovered in the Pulse Secure VPN are being exploited by threat actors to bypass authentication and install malware in enterprise infrastructure.
Flubot Smishing
Attackers are using phone numbers leaked from Facebook to socially engineer mobile users into downloading malicious apps infected with the FluBot banking trojan
iOS WebKit Vulnerabilities
Apple released an urgent software update to iOS 14.4 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to perform arbitrary cross-scripting.
BancaMarStealer
A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.
Mobile Phishing Attacks on Australian Government
Australian government officials were targeted by a mobile phishing campaign through Telegram and WhatsApp, where attackers could send messages on their behalf.
Office 365 Account Takeovers
The expanded remote workforce has increased organizations’ threat surface in the cloud, which resulted in a surge of attacks and breaches on Microsoft Office 365 services.
Hornbill and Sunbird - Android Surveillanceware/RAT
Novel Android surveillanceware developed by pro-India APT group Confucius targeting Pakistani officials
SolarWinds: Software Supply Chain Attack
Solarwinds showed the effectiveness of a software supply chain attack, an effective tactic for compromising a high volume of devices with a single infected software update.
Goontact: iOS and Android Malware
A blackmail and sextortion campaign targeting individual users on both iOS and Android
Chrome for Android Vulnerabilities
This vulnerability affects Chrome for Android v86.0.4240.185 and below. In the event of a successful exploit, the actor could access any capability that the browser has.
AndroidOS/MalLocker.B Ransomware
This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.
Instagram for Android Vulnerabilities
This vulnerability in Instagram for Android app versions prior to 120.0.0.26.128 could allow attackers to take control of Instagram's functionality and permissions.
Firefox for Android Vulnerabilities
Vulnerability in Firefox for Android, found in the app's SSDP protocols, allows an attacker to trigger actions on a victim’s device if connected to the same Wi-Fi network.
Mintegral SDK (SourMint)
The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.
Twitter Phone Spear Phishing Attack
This Twitter phone spear phishing attack compromised the accounts of influential individuals and exemplifies the effectiveness of voice phishing, also known as vishing.
Chinese Surveillanceware
The Lookout Threat Intelligence team discovered four Android surveillanceware tools used to target the Uyghur ethnic minority group.
Tiktok Pro
Lookout conducted an in-depth analysis of the fake TikTok Pro app and has classified it as toll fraud malware.
unc0ver Jailbreak
Unc0ver is a widely used jailbreak present in the market for some time, and more recently started taking advantage of an iOS kernel vulnerability discovered in 2019.
Cerberus Distributed Via MDM
This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.
iOS Mail Exploit
A vulnerability in the native iOS Mail app allowed an attacker to execute an attack with zero or one-click.
LightSpy
LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.
Voatz App Security Flaws
The Voatz vulnerability, discovered by researchers at MIT, could allow hackers to see someone’s vote or even change their vote.
ReboundRAT
This attackers behind this remote access trojan (RAT) attack used social engineering to target Israeli Defense Force (IDF) soldiers.
iOS 14.3 Vulnerabilities
Apple announced three exploitable vulnerabilities in iOS 14.3. Two of them were tied to the Apple WebKit, while the third was a vulnerability of the device kernel.
Mobile APT Attack on Amazon CEO
Amazon's CEO was targeted by a mobile advanced persistent threat (APT) that enabled the attacker to steal data with a compromised video file sent to the victim via WhatsApp.
Tiktok
In January 2020, two US military organizations banned TikTok because of communication with servers in China and Russia.
ToTok
ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.
Strandhogg Vulnerability | Android OS Safeguards
Promon, a Lookout partner, reported on Strandhogg, a vulnerability in the Android OS that allows for one app to display an Activity in the UI context of another app.
xHelper
This malware can deploy second-stage malware payloads which can steal user login information, keylog, deploy ransomware, and bypass MFA with SMS interception.
Lookout Security Intelligence Team Discovery of AzSpy
AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.
Lookout Phishing AI Discovers Campaign Targeting UN and Humanitarian Orgs
This campaign targeted non-governmental organizations around the world, including but not limited to UN and humanitarian organizations.
Lookout Security Intelligence Team Discovery of ArmaSpy
ArmaSpy was a surveillance family, which appears to have been targeting Iranian users since late 2016 with new samples discovered as recently as mid-2019
Lookout Phishing AI Discovers Campaign Targeting Verizon Employees
Phishing AI discovered this campaign targeting Verizon employees on mobile devices.
SimJacker
SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.
Joker Trojan
Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.
Monokle RTD
Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of unique capabilities for stealing data from Android devices
InfectedAds/AgentSmith RTD
This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.
Lookout Security Intelligence Team's Discovery of BeiTaAd RTD
BeiTaAd is a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.
Government Impersonator Targeting Small Businesses
Lookout Phishing AI detected a phishing campaign impersonating local government websites, including the City of San Mateo, City of Tampa, and Dallas County.
Attack Targeting AT&T Corporate Employees
Phishing AI discovered this campaign targeting AT&T employees on mobile devices.
eSurvAgent RTD
eSurvAgent is a sophisticated Android surveillanceware agent.
mAPT ViperRAT Found in Google Play
Lookout researchers discovered samples belonging to the ViperRAT malware family, a known mobile advanced persistent threat (mAPT), in the Google Play Store.
Pegasus for Android: The Other Side of the Story Emerges
Lookout and Google are releasing research into the Android version of one of the most sophisticated and targeted mobile attacks we’ve seen in the wild: Pegasus.
Ghost Push and Gooligan: One and the Same
This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014.
Trident Vulnerabilities: All the Technical Details in One Place
Today, Lookout released the technical details behind “Trident,” a series of iOS vulnerabilities that allow attackers to jailbreak a user’s device and install spyware.
Pegasus and Trident: Your Questions Answered
Pegasus is a highly sophisticated piece of spyware that uses three previously unknown vulnerabilities called “Trident.” This is the most sophisticated mobile attack seen.
What Is the MITRE ATT&CK Framework? Mapping to Today's Defensive Controls
What is the MITRE ATT&CK framework? Read to learn how this database of threat actor tactics helps organizations stay safe and meet federal standards.
Navigating FedRAMP Compliance: Why It’s Crucial for Mobile Security
Learn how ensuring FedRAMP compliance can protect mobile devices and foster strong relationships between private organizations and the U.S. federal government.
Understanding How NIST Shapes the Zero Trust Security Framework
Learn about the NIST zero trust model’s guidelines for how modern organizations should strengthen their cybersecurity posture and protect their IT infrastructure.
From Phishing to Malware: How to Defend Against a Modern Kill Chain
Mobile devices and the cloud have created a new, modern kill chain for attackers to target. Read this guide for cutting-edge ways to protect your organization.
Enhancing Security Posture: What Is Threat Hunting?
Cyber attackers are using more sophisticated methods. Here’s how threat hunting addresses attacks and what your organization can do to improve.
Leverage Threat Intelligence Feeds to Level Up Your Security Strategy
Learn how to leverage threat intelligence platforms to protect your organization’s mobile devices from vulnerabilities, malware, and social engineering.
Using Endpoint Detection and Response (EDR) in Mobile Defense
Traditional endpoint detection and response isn’t complete without a mobile component. Read to learn how mobile EDR software helps protect your organization.
Mobile Device Management: What Is It and Why Isn't It Enough?
Learn how mobile device management works and why it alone isn’t enough to secure your network.
Why Multifactor Authentication (MFA) Alone Isn't Enough to Stay Secure
Looking to strengthen your organization’s cybersecurity posture? Here’s why multifactor authentication isn’t enough by itself and what to look for next.
The Role of Digital Forensics and Incident Response (DFIR) in Cybersecurity
Learn how to develop a comprehensive digital forensics and incident response (DFIR) strategy, which can help your organization recover after a data breach.
Boosting Mobile Defense: A Comprehensive Guide to Mobile Security
Develop a comprehensive mobile security strategy for your organization by managing vulnerabilities, analyzing threats, and implementing mobile EDR solutions.
Mastering the Mobile Vulnerability Management Process
Improve your organization’s mobile vulnerability management process by assessing common smartphone and tablet threats, then prioritizing the most urgent fixes.
Mobile Endpoint Security: Why Enhancing EDR for Mobile is Critical
Does your organization take mobile endpoint security seriously? Find out why mobile-forward EDR is a critical part of protecting modern infrastructure.
How to Apply the NIST Framework to Your Mobile Security Strategy
Safeguard your day-to-day workflows, your employees’ mobile devices, and your organization’s sensitive data by following the NIST framework for cybersecurity.
CMMC Mobile Security: A Guide to Compliance for Enterprise Organizations
Ensure that your organization complies with CMMC mobile security standards. Enforce smart mobile device policies and maintain a strong cybersecurity framework.
Mobile Threat Defense: Safeguarding Your Data on the Go
Discover how mobile threat defense systems can improve your security stance across managed, unmanaged, and BYO devices.
How to Use a Risk-Based Vulnerability Management Model to Secure Mobile Dev
Learn how to apply risk-based vulnerability management to your organization’s mobile endpoints and strengthen your cybersecurity posture.
Account Takeover Protection: What It Is and How It Combats ATO Fraud
Protect your organization from account takeovers by recognizing common attacks, educating your staff, and implementing the right software solutions.
Security Made Easy: Mobile Security Purpose-Built for MSPs
Discover how Lookout simplifies mobile security with easy deployment and management.
Privacy vs. Mobile Security: Why MSPs Don’t Have to Choose
Many people are resistant to putting an employer-mandated security app on their phone, but organizations don't have to sacrifice security for privacy.
9 Social Engineering Attack Examples to Watch Out For
Uncover nine examples of social engineering attacks and learn how to protect yourself from these deceptive tactics.
Cybersecurity Is Not Complete Without EDR for Mobile
Businesses are increasingly turning to mobility solutions to increase productivity. You need mobile EDR to provide visibility across all of your mobile endpoints.
7 Top Mobile Security Threats: Safeguard Your Device
Learn about the top mobile security threats and how to defend against them. Keep devices — and sensitive data — safe with these helpful insights.
The Rising Threat of Mobile Phishing and How to Avoid It
As mobile devices become integral to work, the threat of mobile phishing grows. Learn how these sophisticated attacks work, their impact, and how to protect your data.
Credential Theft Protection: Defending Your Organization's Data
Credential theft is one of the most common ways for threat actors to get into your systems. Learn what it is and how to protect against it.
Security Made Easy: Mobile Security That Won’t Stretch Your IT Team
Discover how Lookout simplifies mobile security with easy deployment and management, enhancing IT efficiency without added strain.
5 Essential Tips to Prevent Social Engineering
Social engineering, unlike traditional hacking that targets technical vulnerabilities, manipulates human psychology
Navigating BYOD Security: Proven Strategies and Best Practices for Success
Employees rely on their personal devices to get work done. A sensible BYOD security policy can help safeguard your organization’s data.
Privacy vs. Mobile Security: Why You Don’t Have to Choose
Many people are resistant to putting an employer-mandated security app on their phone, but organizations don't have to sacrifice security for privacy.
Mobile EDR for Security Professionals by Security Professionals
Our industry-leading mobile EDR solution gives organizations the comprehensive capability to detect and respond to mobile threats, stopping attacks in their tracks.
Busting 6 Myths About Mobile Device Security
While most organizations have a robust cybersecurity strategy in place to protect their laptops and corporate networks, mobile devices are often left underprotected.
Meet Lookout SAIL: A Generative AI Tailored For Your Security Operations
With the introduction of Lookout SAIL, we radically change how people interact with the information on our platform and conduct cybersecurity analysis.
Q&A: Why Diversity in Cybersecurity Is So Important
In anticipation of the Day of Shecurity happening on December 8th, we sat down with Staff Security Intelligence Engineer, Kristina Balaam to get her take on diversity.
Critical Mobile Security Capabilities Everyone Needs
While away from the office, your workers are using their mobile devices to stay productive. So how do you secure your data in this new reality?
Four Best Practices for Securing Microsoft 365 Against Risks
Let's tackle security gaps across Office 365 and other connected clouds that are typically missed by traditional cloud security and data protection controls.
Three Key Takeaways From Our ‘Security in Motion’ Summit
As the leader in mobile security, we hosted a summit to help professionals around the world unpack the challenges related to today's mobile reality.
Q&A: Michael Kaiser on State of Election Campaign Security
According to Tech for Campaigns, 90% of presidential campaigns’ 2018 digital campaign ad spend was delivered to mobile devices.
Q&A: With Christoph Hebeisen, Head of Threat Intelligence
We sat down with our Head of Threat Intelligence, Christoph Hebeisen, to learn what it means to be a security researcher in a world of constantly evolving threats.
Lookout Partners With Google To Protect Users From App Risk
With this partnership, Lookout can stop malicious apps before they become a threat by scanning apps submitted to the Google Play Store before they are available for download.
5 Steps in the Mobile Phishing Kill Chain
In order for enterprises to protect their users and corporate data from modern phishing attacks, they must first understand how mobile phishing attacks work.
The Government IT Problem: The Security Perimeter Has Disappeared
Government work has changed. Critical data needed for employees to work has moved to the cloud and needs to be accessible from any device, wherever employees are.
Q&A: A Candid Conversation With Women Working in Cybersecurity
In anticipation of the Day of Shecurity San Francisco, happening on October 11, we sat down with a few of our security intelligence engineers.
Schneider Electric Secures 50k Devices with Lookout MES
By selecting Lookout Mobile Endpoint Security, Schneider Electric gained immediate visibility into the mobile security and risk posture of its mobile users.
Q&A: Update on FISMA Mobility Metrics for Federal Agency Leaders
Victoria Mosby, Federal Sales Engineer for Lookout, shares insights and talks about what needs to be done to strengthen the government’s overall mobile security posture.
Mobile Phishing Protection: Defend Against HTTPS Phishing Attacks
With Lookout deployed, enterprises have comprehensive mobile phishing protection, ensuring that their corporate data is secure in today’s mobile-first world.
Lookout & Trustonic: Enhanced Mobile Security for Banking Apps
Lookout and Trustonic join to provide customers with protection from cyberthreats targeting banking, payment and other critical mobile transactions
Partnership with DXC Technology | Post-Perimeter Security
In order to support and secure the ever-evolving workplace, DXC Technology is introducing DXC Mobile Threat Defense, combining forces with Lookout.