Security News
Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. On September 16th, 2021, VoIP.ms became the victim of a distributed denial-of-service attack targeting their infrastructure, including DNS name servers.
Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a "Colossal ransom demand" after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil.
According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol servers. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records," ESET researchers said in a Thursday analysis.
A malware dubbed CDRThief is targeting voice over IP softswitches inside the networks of large telecom carriers. According to ESET researchers, the malware was custom-developed to attack the Linknat VOS2009 and VOS3000 softswitches, which run on standard Linux servers.
UPDATE. Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to medium-sized businesses, looking to connect their analog telephone devices to a VoIP network, unified communications system or other IP-based communications infrastructure.
December 2019: the FTC sued a VoIP service provider in FTC v. Educare, where it alleged that defendant Globex Telecom Inc. facilitated a bunch of telemarketers allegedly selling sham credit card interest rate reduction services. Three VoIPs allegedly provided autodialers used to place billions of illegal robocalls, as well as allegedly supplying the technology used by robocallers in at least eight prior FTC cases.
An attacker whose motives are unclear compromised an Asterisk server in a highly targeted campaign.
Points to the Need to Make IoT Devices More SecureMicrosoft warned on Monday that Russia-linked attackers are gaining access to corporate networks through poorly configured devices, such as office...