#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Cisco VoIP phone | Breaking Cybersecurity News | The Hacker News

Cisco IP Phones Vulnerable To Remote Eavesdropping

Cisco IP Phones Vulnerable To Remote Eavesdropping

Mar 23, 2015
A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability ( CVE-2015-0670 ) actually resides in the default configuration of certain Cisco IP phones is due to " improper authentication ", which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request. Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity. AFFECTED DEVICES The devices affects the Cisco's small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these
Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Jun 01, 2014
Mozilla is planning to provide a new feature that will allow free audio and video calls between its Firefox web browser , thereby ending the need of any third-party client service or plugin. Mozilla will soon release a new experimental version of Firefox Nightly , which will include an open source and Peer-to-peer communication protocol called WebRTC that enables Real-Time Communications (RTC) capabilities between two web browsers via simple Javascript APIs. NO PLUGINS REQUIRED WebRTC is not a web browser plugin, and its components run in the browser sandbox. Its components do not require separate installation or any separate process to run and it will receive its updates along with the web browser updates. " No plugins, no downloads. If you have a browser, a camera and a mic, you'll be able to make audio and video calls to anyone else with an enabled browser ." reads the blog post and when the camera or microphone are running, this is clearly shown by the Fire
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

Apr 15, 2024Secure Coding / Artificial Intelligence
Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a
Cisco VoIP phone vulnerability allow eavesdropping remotely

Cisco VoIP phone vulnerability allow eavesdropping remotely

Dec 15, 2012
Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP (VoIP) phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui demonstrated was based on work he did over the last year on what he called ' Project Gunman v2 ', where a laser printer firmware update could be compromised to include additional, and potentially malicious, code. The latest vulnerability is based on a lack of input validation at the syscall interface. Cui said, " allows arbitrary modification of kernel memory from userland, as well as arbitrary code execution within the kernel. This, in turn, allows the attacker to become root, gain control over the DSP , buttons, and LEDs on the phone. " While he did not specify the precise vulnerability, Cui said it allowed him to patch the phone's software with arbitrary pieces of code, and that this a
cyber security

Today's Top 4 Identity Threat Exposures: Where To Find Them and How To Stop Them

websiteSilverfortIdentity Protection / Attack Surface
Explore the first ever threat report 100% focused on the prevalence of identity security gaps you may not be aware of.
Cybersecurity Resources