Researchers from Lookout Threat Lab have uncovered two new surveillance campaigns targeting Uyghurs in the People’s Republic of China and abroad. One campaign introduces a novel Android surveillance tool we named BadBazaar that shares infrastructure with other previously encountered Uyghur-targeted tooling — as outlined in a 2020 whitepaper from the Lookout Threat Intelligence team.

Telework has become a mainstay, and with it, so has employee reliance on personal mobile devices. These devices are difficult to monitor and keep up to date, presenting a unique security challenge for U.S. local, state, and federal government organizations.

To streamline networking management and modernize IT operations organizations are deploying software-defined wide area network (SD-WAN) systems. But as networking becomes cloud-delivered, security often lags behind. With data and applications moving to the cloud, you need an efficient way to secure the activities that are going on between branch locations and the cloud.

In the early days of internet security, an access-centric security model made sense. Access lists on routers were complemented by firewalls and, later, intrusion detection systems. Given the processing capacity available at the time, this was absolutely adequate and appropriate for protecting a website, even with e-commerce. But that was the 1990s, and the internet has become so much more than websites with some shopping capabilities. Now, it’s the backbone of our society.

The internet is now your default corporate network. This has some major perks — it means that your employees can access whatever they need from wherever they need it. But using the internet like this has also made your organization's security posture more complex. People are using networks and devices your IT doesn't manage, and they are accessing data that is scattered across countless apps.

Business email compromise (BEC) is big business for malicious actors. According to the 2021 FBI Internet Crime Report, BEC was responsible for nearly $2.4 billion in cyber crime losses in 2021. At its root, it’s a type of phishing attack. And with the rise of smartphones and tablets, attackers are expanding well beyond email. They now leverage other platforms such as SMS messages, messaging apps like Signal and WhatsApp, and social media apps to target and compromise their targets.

In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools per enterprise, according to a 2021 survey from Panaseer. You may have a lot of tools, but that doesn’t mean your information is protected.

With most of us working from anywhere, smartphones and tablets have become a big part of how we stay productive. At the same time, the average cost of data breaches continues to rise, averaging $4.35 million in 2022. While there are numerous threat vectors organizations have to juggle, this got me thinking about how applications and device vulnerabilities are currently managed.

Having lived and worked in Dubai early in my career, I have a great affinity with the Middle East. So when the opportunity to present at Gitex, the region’s premier technology event, and support our local Lookout team, I jumped at it. You might not think of the Middle East as being at the forefront of technological innovation, but if you stroll around Gitex, you’ll find everything from flying cars, robotics, and environment controls to IT and security.

Love them or hate them, passwords are often the only thing standing between attackers and your sensitive personal and financial information. Despite their importance, less than 50% of people feel very confident that their passwords are secure from compromise, according to a 2021 Security.org survey of password habits. There’s probably a good reason many are worried about their passwords.