Security news aggregator

Latest coverage for VoIP

VoIP is voice communication over IP networks, where exposed services and flawed configurations can enable interception, fraud, or service disruption.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Voice over Internet Protocol (VoIP) carries voice and related communications as IP network traffic, typically separating call signaling—often SIP—from audio or video media—often RTP. It includes internet calling services and enterprise phone systems such as IP-PBXs, session border controllers, handsets, and management portals.

Its security depends on both the VoIP applications and the networks they use. Internet-exposed SIP services and weakly protected accounts can enable unauthorized calling (toll fraud), call-routing changes, or denial-of-service; unencrypted or misconfigured media can expose conversations. Practitioners should restrict and authenticate signaling and administration, patch PBX and session-border software, use TLS and SRTP where supported, segment voice systems, and monitor registrations, call records, and unusual destinations. Vulnerability management must cover phones, servers, web interfaces, and integrations, while logs and call-routing data require appropriate privacy controls.

Volume over time

Weekly headline count for the current query.

Showing 1 most recent headlines Filtered view
Krebs on Security 3 years, 2 months ago

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.