Over 60% of the world’s population relies on technology to navigate their daily lives — that’s over 5 billion people! Unfortunately, with such a large audience online, bad actors have turned to technology to deploy scams and make a profit. Scammers use an array of channels to target people with phishing and social engineering scams that appear real, in order to trick them into handing over valuable personal information.

In today’s digital world, we rely on our mobile devices to navigate much of our daily lives. Beyond making calls and sending text messages, we use our phones for online shopping, banking, work, personal reminders, photos, videos, and so much more. While this technology offers great possibilities and convenience, it also can put your personal data at risk.

Researchers from Lookout Threat Lab have uncovered two new surveillance campaigns targeting Uyghurs in the People’s Republic of China and abroad. One campaign introduces a novel Android surveillance tool we named BadBazaar that shares infrastructure with other previously encountered Uyghur-targeted tooling — as outlined in a 2020 whitepaper from the Lookout Threat Intelligence team.

Telework has become a mainstay, and with it, so has employee reliance on personal mobile devices. These devices are difficult to monitor and keep up to date, presenting a unique security challenge for U.S. local, state, and federal government organizations.

To streamline networking management and modernize IT operations organizations are deploying software-defined wide area network (SD-WAN) systems. But as networking becomes cloud-delivered, security often lags behind. With data and applications moving to the cloud, you need an efficient way to secure the activities that are going on between branch locations and the cloud.

In the early days of internet security, an access-centric security model made sense. Access lists on routers were complemented by firewalls and, later, intrusion detection systems. Given the processing capacity available at the time, this was absolutely adequate and appropriate for protecting a website, even with e-commerce. But that was the 1990s, and the internet has become so much more than websites with some shopping capabilities. Now, it’s the backbone of our society.

The internet is now your default corporate network. This has some major perks — it means that your employees can access whatever they need from wherever they need it. But using the internet like this has also made your organization's security posture more complex. People are using networks and devices your IT doesn't manage, and they are accessing data that is scattered across countless apps.

Business email compromise (BEC) is big business for malicious actors. According to the 2021 FBI Internet Crime Report, BEC was responsible for nearly $2.4 billion in cyber crime losses in 2021. At its root, it’s a type of phishing attack. And with the rise of smartphones and tablets, attackers are expanding well beyond email. They now leverage other platforms such as SMS messages, messaging apps like Signal and WhatsApp, and social media apps to target and compromise their targets.

In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools per enterprise, according to a 2021 survey from Panaseer. You may have a lot of tools, but that doesn’t mean your information is protected.

With most of us working from anywhere, smartphones and tablets have become a big part of how we stay productive. At the same time, the average cost of data breaches continues to rise, averaging $4.35 million in 2022. While there are numerous threat vectors organizations have to juggle, this got me thinking about how applications and device vulnerabilities are currently managed.