QuaDream | Breaking Cybersecurity News | The Hacker News

Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper  Calcalist , citing unnamed sources, adding the company "hasn't been fully active for a while" and that it "has been in a difficult situation for several months." The company's board of directors are looking to sell off its intellectual property, the report further added. QuaDream, which specializes in hacking Apple devices that don't require any action on the part of the victim, is also said to have fired all its employees, with the firm undergoing significant downsizing, according to Haaretz and The Jerusalem Post . News of the purported shutdown comes as the firm's spyware framework – dubbed REIGN – was outed as  having been used  against journalists, political opposition figures, and NGO workers across...

A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by  Reuters , citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into iPhones [and] compromise Apple phones without an owner needing to open a malicious link." The zero-click exploit in question is  FORCEDENTRY , a flaw in iMessage that could be leveraged to  circumvent iOS security protections  and install spyware that allowed attackers to scoop up a wealth of information such as contacts, emails, files, messages, and photos, as well as access to the phone's camera and microphone. Google Project Zero, which studies zero-day vulnerabilities in hardware and software systems such as operating systems, web browsers, and open source libraries...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...