RTC security
Newsletter
Curated VoIP and WebRTC security news, research and updates by Enable Security.
Subscribe
Commentary: security fixes in PJSIP, Zyxel, BIG-IP, Vicidial and others
Published on Feb 25, 2022
Welcome to the February edition of the RTCSec Newsletter! Please do reply and tell me what you think - this will help us make future editions better. In this edition, we cover: The SIPVicious PRO workshop, adapted for security teams Ribbon’s EdgeMarc SBCs used to launch DDoS attacks (news from November) RTC @Scale security talks Release of a new SIP tool called sipexer Vulnerabilities in various critical software, including PJSIP Smart Probes by Intuitive Labs RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »STIR/SHAKEN DoS, Cisco phone passwords, Zoom and Yealink
Published on Jan 26, 2022
Welcome to the very first RTCSec newsletter of 2022! It has been a busy month for us so far, and we’re very grateful for that. Q1 appears to be booked and we’re looking forward to planning our Q2 as well now. Get in touch if you think we can be of help. In this edition, we cover: We’re launching a new mailing list called Offense and Defense: RTC security tips SIPit 33 participation and STIR/SHAKEN tests How URL parsing issues may affect SIP implementations All 4 RTC advisories that came out in the past month or so A US Government centric report about Yealink phones New tool to exploit CUCM environments Google Project Zero’s work that led to 2 Zoom security fixes (or more) RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »DDoS, SIPit33, log4j and plans for 2022
Published on Dec 21, 2021
Welcome to the last RTCSEC newsletter of the year! In this edition, we cover: Best wishes for the new year NPR reports on VoIP DDoS Our TADSummit talk about the relationship between DDoS and RTC New video demo showing different types of DDoS SIPit33 participation The log4j vulnerability and RTC security CommCon RTC security talks Enable Security’s plans for 2022 Writeup about two of the FreeSWITCH vulnerabilities More vulnerabilities and short news with no commentary this time RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »Vulnerabilities, honeypots, STIR/SHAKEN, DDoS and more
Published on Nov 22, 2021
Welcome to the second RTCSEC newsletter! Please do reply and tell me what you think - this will help us make future editions better. In this edition, we cover: FreeSWITCH security fixes and the story behind them OpenSIPit'02 and progress in STIR/SHAKEN and RFC8760 support Booking us for pentesting in 2022 and the latest in SIPVicious hair styling Upcoming public work including TAD Summit presentation and SIPit33 Quick summaries of presentations of interest at various online or hybrid events/conferences New security tools of interest: sipcmdbeat and SentryPeer Vulnerabilities in FusionPBX and Yealink phones VoIP provider DDoS news Short news and commentary RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »VoIP DDoS, the OpenSIPS security audit and more
Published on Oct 20, 2021
Welcome to the first RTCSEC newsletter! Please do reply and tell me what you think - this will help us make future editions better. In this edition, we cover: The OpenSIPS security audit The DDoS attacks on VoIP providers My upcoming talk at ClueCon 2021 Fred Posner’s talk from Kamailio World 2021 Two presentations of interest from OpenSIPS Summit 2021 Short news and commentary RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »