home.social

#telephonysecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #telephonysecurity, aggregated by home.social.

  1. VoIP for E-commerce and Dropshipping 🌍

    Online business needs constant communication with customers — across time zones and devices.
    VoIP keeps that connection reliable, fast, and easy to manage.

    In simple terms:
    Every order starts with a call — make sure yours always gets through.

    Key takeaway:
    Reliability builds customer trust and increases retention. 🔁

    #voiptower #voipsolutions #telephonysecurity #SIPTrunking #dropshipping

  2. Cisco Duo Telephony Partner Phishing Incident Exposes MFA Message Logs

    Date: April 1, 2024
    CVE: N/A
    Vulnerability Type: Security bypass
    CWE: [[CWE-290]], [[CWE-200]]
    Sources: BleepingComputer, Cisco Talos

    Issue Summary

    On April 1, 2024, a telephony provider partnered with Cisco Duo was compromised via a phishing attack, leading to the unauthorized access of SMS and VoIP MFA message logs. The breach exposed sensitive data for a period from March 1 to March 31, 2024. This incident was part of a broader trend of targeted attacks against multi-factor authentication (MFA) systems to bypass security measures.

    Technical Key findings

    Attackers used stolen employee credentials to access and download message logs from the telephony provider's systems. These logs included phone numbers, carriers, location data, timestamps, and types of messages sent for authentication purposes.

    Vulnerable products

    The incident specifically affected Cisco Duo's MFA service, which utilizes SMS and VoIP messages for secure user authentication.

    Impact assessment

    The stolen data includes information that could be exploited in further targeted phishing or social engineering attacks, posing risks of broader access to secured corporate networks and systems.

    Patches or workaround

    Following the breach, the affected provider invalidated the compromised credentials and implemented additional security measures. Users are advised to be vigilant for phishing attempts using the stolen data.

    Tags

    #Cisco #Duo #MFA #Phishing #TelephonySecurity #DataBreach