The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

Chris Handscomb, EMEA Solutions Engineer at Centripetal: 

Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.

In the U.K., there was a 35% increase in the average number of mobile devices exposed to at least one malicious phishing attack per quarter between 2020 and 2022. In the last two years, 20-30% of mobile devices in the U.K. have been exposed to at least one malicious phishing attack every quarter.

Lookout also found that users on all devices – whether personal or work provided – are tapping more on mobile phishing links in comparison to just two years ago. The report estimates the potential annual financial impact of mobile phishing to an organisation of 5,000 employees is nearly $4 million. Enterprises operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were found to be the most heavily targeted.

“Mobile as a threat surface will continue to grow, and hybrid work continues to grow in tandem, introducing huge numbers of unmanaged devices into the enterprise environment,” said Aaron Cockerill, chief strategy officer at Lookout. “It is more important now than ever for organizations to evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack vectors for threat actors, often serving as a starting-point for more advanced attacks, mobile phishing protection should be a top priority for organizations of any size.”

In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter, with the percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.

Users, endpoints and applications are now so closely connected that threat actors can initiate advanced attacks simply by stealing user credentials. Mobile phishing is one of the most effective tactics to steal login credentials, which means that mobile phishing itself poses significant security, compliance, and financial risk to organizations in every industry. It is likely that the rise of remote work has contributed to this, as organizations relax bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter.

Lookout also claim mobile phishing attacks are also growing more sophisticated. The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications.

The post UK sees 35% increase in mobile phishing exposures – Global State of Mobile Phishing Report appeared first on IT Security Guru.

This cloud-based solution is now available as an integrated add-on to Ivanti Neurons for Unified Endpoint Management (UEM) and the new add-on is fully embedded into the current UEM client, allowing customers to activate the add-on easily and seamlessly without creating friction for their end users.

This latest announcement comes after Ivanti and Lookout recently joined forces to help organisations accelerate cloud adoption and mature their Zero Trust security posture in the “Everywhere Workplace.” The joint solution – which includes Ivanti Neurons for Zero Trust Access (ZTA), Lookout Cloud Access Security Broker (CASB) and Lookout Secure Web Gateway (SWG) – helps customers achieve complete threat prevention and data security both on-premises and in the cloud, inside and outside the network, while following Zero Trust Access security principles.

The two companies are expanding their strategic partnership to now include Lookout Mobile Endpoint Security, powered by the Lookout Cloud Security Platform, which provides advanced mobile security for Android, iOS and Chrome OS devices. The solution embeds Lookout functionality into the Ivanti Go app, consolidating endpoint management and security functions for simple and seamless deployment and administration. Management functions such as locating lost devices, remotely wiping data and applying access control policies now sit alongside security that protects corporate data and credentials from compromise, resulting from mobile phishing attacks, device-level exploits, application malware and network threats.

Together, the joint Ivanti/Lookout solution enables companies to proactively protect all devices – PCs, mobile devices and cloud workloads – from vulnerabilities and attacks. One of the key features of the solution includes protection from web-based and sophisticated attacks that are typically unmonitored and unprotected by traditional solutions.

Key benefits outlines from the Ivanti+Lookout partnership include:

• Enhanced detection and mitigation of cyber threats targeting mobile devices
• More insight and control into mobile devices to meet privacy and compliance requirements
• Simplified cloud adoption with secure access to SaaS apps from mobile devices
• The ability to allow the hybrid workforce to work securely from any mobile device

“We are thrilled to partner with Lookout to provide more options for our customers as they secure an increasingly mobile workforce​,” said Srinivas Mukkamala, chief product officer at Ivanti. “With Ivanti Neurons for MTD, machine learning algorithms provide immediate and ongoing visibility into malicious threats across all protected devices. The combination of unified endpoint management and mobile threat defense enables organisations to proactively manage and secure mobile devices against the broadest array of attacks and defend against web-based and sophisticated attacks.”

“Our partnership with Ivanti continues to go from strength to strength – we couldn’t be prouder of our collective commitment to help customers simplify their cloud adoption and secure their hybrid workforce from anywhere, at any time, from any device,” said Jim Dolce, Lookout CEO. “Regardless of an organisation’s access or hosting method, our joint solution addresses the challenges and realities of data protection today, ensuring that CISOs and CIOs have the most seamless, robust solution for securing their data, regardless of where it flows and where it resides.”

For more information, click here

The post Ivanti and Lookout Announce Extension on Partnership To Protect Mobile Devices appeared first on IT Security Guru.

The apps, which were found across countries in Africa, Southeast Asia and South America, including India, Colombia, Nigeria and Mexico, purportedly offer quick, fully-digital loan approvals with reasonable loan terms. The research revealed 251 were Android and 35 iOS lending apps were downloaded a combined total of 15 million times.

In reality, they exploit victims’ desire for quick cash in an attempt to ensnare borrowers into predatory loan contracts and require them to grant access to sensitive information on their device such as contacts, phone history, and SMS messages — information that would not be required in a valid loan application process.

In addition to predatory requests for excessive permissions, many of the loan operators display scam-like actions. Victims have reported that their personal and installment loans came with hidden fees, high interest rates, and repayment terms that were much less favorable than what was posted on the app stores. Lookout Threat Lab also found evidence that the data exfiltrated from devices was sometimes used to pressure the customer for repayment – a common threat tactic to disclose a borrower’s debt or other personal information to their network of contacts.

“Mobile apps have made managing our lives a lot easier and are a convenient way to interact with businesses such as financial institutions. However, when entrusting any app with sensitive personal information, it is extremely important to stop and ask yourself if the information being requested makes sense and if the business behind the app is a trusted entity,” said Ruohan Xiong, senior security intelligence researcher, Lookout.

“As these predatory loan apps have demonstrated, app permissions could easily be abused if users are not careful. While there are likely dozens of independent operators involved, all of these loan apps have a very similar business model – to trick victims into unfair loan terms and then extort payment.”

Lookout informed Google and Apple about the discovery of these apps which were quickly removed from the respective stores.

The post Predatory loan apps on Apple App Store and Google Play extorting victims appeared first on IT Security Guru.

In early 2019, Lookout joined the BeyondCorp Alliance, a group of Google Cloud partners that share its Zero Trust vision. Lookout delivers essential requirements of the BeyondCorp security model, including device inventory, state and security posture. These are essential to making context-aware Zero Trust access decisions.

The customer benefits include The Lookout BeyondCorp Alliance Integration with Google Workspace and Google Cloud BeyondCorp Enterprise Solution to Deliver Zero Trust Security From Endpoint to Cloud.

For an organization to fully protect its data, it must assume that no endpoint is trustworthy until its security posture is verified. Failing to verify and continuously assess an endpoint’s security posture can lead to corporate data leaks and breaches.

“Our strategic partnership with Google Cloud will deliver industry-leading endpoint-to-cloud security,” said David Richardson, Vice President of Product, Lookout. “Enabling productivity from any endpoint in any location is critical in today’s remote-work environment. We are proud to deliver on the BeyondCorp mission to accelerate and simplify the adoption of a Zero Trust model that enables organizations to stay secure, agile and productive.”

“We’re committed to providing customers with the technology, support, and partner solutions they need to ensure they have choice when it comes to security,” said Manvinder Singh, Director of Technology Partnerships at Google Cloud. “We’re delighted that Lookout will expand its integrations with Google Cloud and make its Mobile Endpoint Security solution available on Google Cloud Marketplace, bringing customers additional choice and security capabilities as they expand their cloud footprints.”

The Lookout and Google relationship began in 2008 when Lookout Mobile Endpoint Security became available on the Google Play store. In 2019, Lookout became a member of the Google App Defense Alliance to protect users from potentially harmful applications by stopping them before they ever make it onto the Google Play Store.

The post Lookout expands partnership with Google Cloud to deliver endpoint to cloud security appeared first on IT Security Guru.

The post Exploits on Smartphones Makes Hackers Over $500,000 appeared first on IT Security Guru.

More than half of smart device users keep private files and documents on their personal computer or laptop (61 percent), according to the same study. However, 4 out of 10 UK smartphone users don’t have a security solution installed, nor do they perform firmware updates for their devices. This exposes them to data theft and malware, especially since downloaded apps don’t always come from official marketplaces. However, in terms of concerns about smart device security, 49 percent are afraid that their user identity can be stolen.

The same study found that 7 out of 10 UK smartphone or tablet users claim that they changed their passwords on these devices over 3 months ago. With an average of 9 smart devices/accessories in a UK user’s home, only 6 out of 10 smart device users claim that they have different passwords for each device or accessory. However, 3 out of 10 have some passwords that they randomly use, and less than 1 out of 10 use only one password for all their smart devices.

Malware for smartphones has skyrocketed during the past couple of years and regardless of the type of mobile operating system you might be using, whether Android or iOS, there are also phishing or fraudulent websites out there gunning for your private information and credentials. Viruses and phishing are among the top three concerns for smart device users, with 60 and 50 percent respectively of respondents claiming to be wary of them.

Because a large number of German smartphone users don’t have a security solution, according to a recent Bitdefender survey*, and because users often install applications from untrusted or third-party marketplaces, there is a high likelihood that they will be infected. With 643,476 new Android malware programs emerging in June 2017 alone according to independent testing organization AV-TEST, having a mobile security solution with the capability to detect threats and protect your smartphone is no longer optional, but mandatory.

Whilst iOS might not be as prone to malicious apps being downloaded from third-party marketplaces, users are still vulnerable to phishing or fraudulent websites aiming to collect personal or financial data. To that end, it is also vital to have a security solution installed that is able to protect your browsing activity from malicious websites.

Having a mobile security solution that is able to protect both Android and iOS operating systems from these types of threats is vital, especially since half of all smartphone users keep their private information stored on these devices. Whether it’s malware aiming for your data or other online threats targeting your credit card information or e-banking credentials, a mobile security solution that’s able to identify all these threats is essential for protecting your privacy and personal data.

*Note: The study consisted of a survey performed by iSense Solutions at Bitdefender’s request during April 2017, and is based on 502 interviews. The sample used in this report is representative of Smart device users, with WI-FI connection in UK (at age, gender and region level), 18+ y.o.. Error degree is +/-4.37% at a confidence interval of 95%.

The post Bitdefender research shows personal information stored on smartphones by 45 percent of UK users appeared first on IT Security Guru.

The post Vulnerabilities in mobile networks opens bitcoin wallets to hackers appeared first on IT Security Guru.

The post Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors appeared first on IT Security Guru.

The post 'Virtual kidnapping' phone scams claim victim's family members have been abducted appeared first on IT Security Guru.