RTC security
Newsletter
Curated VoIP and WebRTC security news, research and updates by Enable Security.
Subscribe
June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx
Published on Jun 28, 2024
Welcome to the June 2024 edition of the RTCSec newsletter, covering VoIP and WebRTC security news and related topics. In this edition, we cover: Our latest publication on our blog about WebRTC vulnerabilities Cisco WebEx’s seemingly obvious vulnerabilities and their effect on military and political entities Security fixes in Chrome, affecting WebRTC Vulnerabilities in Mitel phones, sngrep, and… iTunes? And more! The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities
Published on May 31, 2024
It is already the end of May, and we have a packed newsletter this month! In this edition, we cover: Our upcoming presentation about the DTLS ClientHello DoS vulnerability Vulnerabilities fixed in Asterisk, ALU and Cisco phones and more RCS phishing attempts and a Pre-War Reality Check and VoIP resilience New features from Kwanlabs SIP Open Relay tester A talk about STIR/SHAKEN privacy concerns Short news covering fax, physical access control vulnerabilities and honeypots The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more
Published on Apr 30, 2024
Welcome to the April edition of the VoIP and WebRTC security monthly newsletter. In this edition, we cover: Kamailio World 2024 review Our short and longer presentation on insecure Kamailio configuration patterns Changes to the newsletter Updates to T-Pot honeypot, sngrep security fixes, Mitel IP Phone vulnerabilities New security course on WebRTC by BlogGeek.me And some more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities
Published on Mar 28, 2024
Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. This one’s a short one. In this edition, we cover: German military phone call leak and Webex WhatsApp’s past VoIP stack vulnerabilities and preventing future exploits Security fixes in Apple’s WebRTC framework and baresip WebRTC podcast covers security with Tsahi Levent-Levi RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security
Published on Feb 29, 2024
Special day today, being a leap year! In other news, this month brought quite a bit of written content of interest to the VoIP and WebRTC security community, which we’re covering here: Generative AI on live audio conversations (sorry!) Vulnerabilities affecting Yealink, WebRTC and OpenScape Hardening WhatsApp’s VoIP library and new mobile malware using CPaaS WebRTC related security content courtesy of Staex, Mozilla and Fonoster FCC rules affecting VoIP providers and telcos RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »January 2024: Critical WebRTC, CUCM and SIP ALG security fixes - fuzz it all and disable stuff
Published on Jan 31, 2024
Fresh new year, fresh VoIP and WebRTC security news! Welcome to this newsletter, write back if you find it useful. In this edition, we cover: TLS key logs, Kamailio and security tools Chromium’s WebRTC vulnerability CVE-2023-7024 The usual warning about SIP ALG Critical vulnerabilities fixed in Cisco’s Unified Communications products RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…
Read more »December 2023: Round-up of this year’s VoIP and WebRTC security news, and DTLS hello race flaw
Published on Dec 22, 2023
It’s the end of the year and if you are still reading your emails, make sure to read this one! Wish you all restful holidays and a happy New Year! In this edition, we cover: our community contributions for 2023 and our new security advisories the best and the worst of 2023 Asterisk and 3CX vulnerabilities and a few more news items but not that much this time! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »November 2023: Advisories for VoIP systems and devices, WebRTC privacy and spying on your calls
Published on Nov 30, 2023
Welcome to the November edition of your favorite IP Communications Security Newsletter! In this edition, we cover: Asterisk fixing a PPE in their Github Cyber-criminals listening on telecommunications systems to learn how they were caught ARM’s MTE is going to protect your smartphones - Google Project Zero’s blog post about it Privacy and security of video conferencing on WebRTC LIVE And much more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »October 2023: security theatre and PBX hacking, plus last month’s advisories
Published on Oct 26, 2023
It’s the moment you’ve eagerly anticipated, that special time of the month. Yes, end of the month means salary time for many, and Halloween - but also - your favorite newsletter is out and about! In this edition, we cover: A presentation by good pseudonym at DEF CON about PBX and UC hacking The drama that ensued with regards to FreePBX vulnerabilities How our customers are enjoying access to the Attack Platform Security fixes in WebRTC and Skype for business Short news including MiTM attacks on XMPP, monthly vulnerability fixes and much more!…
Read more »September 2023: Security advisories, SIP & DTLS-SRTP interoperability and 5G infra attacks
Published on Sep 29, 2023
Welcome to the September edition of the VoIP and WebRTC security newsletter, RTCSec news! In this edition, we cover: our news, including the WebRTC & Video Delivery presentation we gave at CommCon, OpenSIPIt and our Attack Platform security fixes in FreeSWITCH, OpenScape, Stormshield and DLINK phones GPRS Tunneling Protocol user-plane (GTP-U) abuse, Signal upgraded for quantum computing and SBOMs RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »