Cisco VoIP phone | Breaking Cybersecurity News | The Hacker News

A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability ( CVE-2015-0670 ) actually resides in the default configuration of certain Cisco IP phones is due to " improper authentication ", which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request. Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity. AFFECTED DEVICES The devices affects the Cisco's small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these

Mozilla is planning to provide a new feature that will allow free audio and video calls between its Firefox web browser , thereby ending the need of any third-party client service or plugin. Mozilla will soon release a new experimental version of Firefox Nightly , which will include an open source and Peer-to-peer communication protocol called WebRTC that enables Real-Time Communications (RTC) capabilities between two web browsers via simple Javascript APIs. NO PLUGINS REQUIRED WebRTC is not a web browser plugin, and its components run in the browser sandbox. Its components do not require separate installation or any separate process to run and it will receive its updates along with the web browser updates. " No plugins, no downloads. If you have a browser, a camera and a mic, you'll be able to make audio and video calls to anyone else with an enabled browser ." reads the blog post and when the camera or microphone are running, this is clearly shown by the Fire

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP (VoIP) phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui demonstrated was based on work he did over the last year on what he called ' Project Gunman v2 ', where a laser printer firmware update could be compromised to include additional, and potentially malicious, code. The latest vulnerability is based on a lack of input validation at the syscall interface. Cui said, " allows arbitrary modification of kernel memory from userland, as well as arbitrary code execution within the kernel. This, in turn, allows the attacker to become root, gain control over the DSP , buttons, and LEDs on the phone. " While he did not specify the precise vulnerability, Cui said it allowed him to patch the phone's software with arbitrary pieces of code, and that this a