VOIP Archives - Security Affairs

Pierluigi Paganini July 16, 2022

Threat actors exploit a flaw in Digium Phone Software to target VoIP servers

Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […]

Pierluigi Paganini December 27, 2021

Experts found backdoors in a popular Auerswald VoIP appliance

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. The backdoors were discovered as part of penetration testing, they allow attackers to gain full […]

Pierluigi Paganini May 12, 2021

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

Thousands of public-facing devices can be accessed anywhere in the world, from the US to Russia, from London to Johannesburg. Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list. As with many inventions of the 20th century, the internet has drastically changed using the phone. Once a vital necessity […]

Pierluigi Paganini September 10, 2020

CDRThief Linux malware steals VoIP metadata from Linux softswitches

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment. […]

Pierluigi Paganini August 11, 2019

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security researchers at McAfee have discovered that a vulnerability patched ten years ago is still affecting several Avaya phones. Security experts at McAfee discovered that a stack-based buffer overflow flaw in the Dynamic Host Configuration Protocol (DHCP) client discovered and fixed ten years ago is still affecting several Avaya phones. The vulnerability, tracked as CVE-2009-0692, could […]

Pierluigi Paganini June 17, 2015

Cyber attacks against VOIP systems on the rise

Security experts at Nettitude reported that VoIP (Voice over IP) infrastructures worldwide are targeted by a growing number of cyber attacks. A new wave of attacks against Voice over IP (VoIP) systems is targeting UK businesses, security experts believe that a surge was advantaged by the greater availability of hacking tools in the criminal underground. […]

Pierluigi Paganini March 23, 2015

Some models of Cisco IP Phones vulnerable to eavesdropping

Chris Watts discovered a security flaw affecting some models of Cisco IP Phones that could be exploited to eavesdrop on conversations and make phone calls. Some models of Cisco IP phones for small businesses are affected by a vulnerability, coded as CVE-2015-0670 that could be exploited by a remote attacker to eavesdrop on conversations and make phone calls […]

Pierluigi Paganini September 28, 2014

ShellShock could be used to hack VoIP systems

Jaime Blasco at AlienVault Labs explained that ShellShock vulnerability could be exploited to hack Voice over IP systems worldwide. The Shellshock Bash is monopolizing the debate on the Internet security in these days, every vendor is assessing its product to verify the impact of the critical vulnerability Bash Bug (CVE-2014-6271). Apple recently announced that its Mac OS X based […]

Pierluigi Paganini January 30, 2014

Exploring the Telephony Denial of Service (TDoS) Q&A

Interviewed with Mark Collier, CTO and VP of Engineering at Securelogix to better understand the topic of Telephony Denial of Service (TDoS). I briefly interviewed Mark Collier, CTO and VP of Engineering at SecureLogix (Www.securelogix.com) on the topic of Telephony Denial of Service (TDoS). Mark just completed the Hacking Exposed: UC and VoIP book, which covers […]

Pierluigi Paganini January 09, 2014

VSAT terminals are opened for targeted cyber attacks

Security researchers at IntelCrawler, a Los-Angeles based cyber intelligence company, discovered that VSAT terminals are opened for targeted cyber attacks. VSAT terminals (very-small-aperture terminal) used for satellite communications are vulnerable to external cyber attacks, the discovery was made by security researchers at IntelCrawler, a Los-Angeles based cyber intelligence company. The VSAT vulnerability appears serious and […]

VOIP

Threat actors exploit a flaw in Digium Phone Software to target VoIP servers

Experts found backdoors in a popular Auerswald VoIP appliance

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

CDRThief Linux malware steals VoIP metadata from Linux softswitches

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Cyber attacks against VOIP systems on the rise

Some models of Cisco IP Phones vulnerable to eavesdropping

ShellShock could be used to hack VoIP systems

Exploring the Telephony Denial of Service (TDoS) Q&A

VSAT terminals are opened for targeted cyber attacks

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

QUICK LINKS

VOIP

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!