Your favourite VoIP and WebRTC security newsletter for this month is out! My favorite this time was the presentation by Meta on hacking Messenger, given at Hexacon 2024. 🤓 Contributions to RTC security: Max Moser, Vivek Ramachandran, @[email protected], Shawn Merdinger, Pascal Zenker, Willy R. Vasquez (@[email protected]) and more!

From the VOIP community on Reddit: Grandstream sends notice of GDMS security incident buff.ly/41wYE6i

🔐 2024 in #WebRTC & #VoIP Security: Great progress with increased research focus, OWASP coverage & conference talks, but concerns remain around conferencing platforms & VoIP vulnerabilities. Read our year-end newsletter wrap-up! enablesecurity.com/newsletter/202…

From Grandstream GDMS compromise to Mitel vulnerabilities - crucial insights for anyone working with WebRTC & VoIP. Great summary by Enable Security. Subscribe here: enablesecurity.com/subscribe

After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet. These vulnerable servers can be abused as proxies to launch DDoS attacks and access internal networks.

January 2025 RTCSec newsletter out now! Covers Cisco BroadWorks SIP vulnerability, Asterisk fixes, Wordpress plugin, Samsung Galaxy S24, VoIP and WebRTC security updates. Read it at enablesecurity.com/newsletter/202….

The latest edition of RTCSec newsletter is out. Subscribe at enablesecurity.com/subscribe/. You can now listen to the newsletter with the player from ElevenLabs, giving that a try and seeing if people find that useful.

If you're not subscribed to our newsletter and need to know your VoIP and WebRTC security fu, you're missing out. Here's the link to fix that now: enablesecurity.com/subscribe/.

RTCSec News for March - VoIP and WebRTC Security Updates: upcoming presentations at Kamailio World and OpenSIPS Summit, WebRTC vulnerabilities from OWASP Global AppSec, and a FreeSWITCH security vulnerability. Visit enablesecurity.com/newsletter/202…

Anyone who should subscribe, its here: enablesecurity.com/subscribe/

Kamilio World 2025 is live streamed: youtube.com/live/p4ZrY2Dxm… #kamailioworld. Come say hello if you're around 🙂

Sandro Gauci from Enable Security with a talk on how to tackle security pitfalls around the OpenSIPS project config file! #opensipssummit2025

Pleasure presenting at #opensipssummit2025! Great bunch of guests / community!

June RTCSec Newsletter is live! Covering: OWASP ASVS v5 with WebRTC security chapter Critical Yealink vulnerabilities (worse than reported) Meta's Android WebRTC privacy exploit exposed Multiple CVEs: AudioCodes, Qualcomm, Cisco enablesecurity.com/newsletter/202… #VoIP #CyberSecurity

As usual, lots of commentary on all topics VoIP and WebRTC security - out on the RTCSec newsletter. Subscribe for the next one ;)

Been some months in the making but our advisory for rtpengine vis-a-vis RTP Bleed and RTP Inject is out. It describes security fixes that aim to fully address or at least mitigate these RTP Bleed and RTP Inject attacks. Fix requires upgrade and config changes.

Last post for today .. I already went over my 1 post a month limit. Please enjoy the RTC Sec newsletter for July .. or subscribe for the next one :-) enablesecurity.com/newsletter/202…

In case you missed my Black Hat Arsenal or DEF CON Demo Labs presentation, here’s a pre-recorded talk covering our new OAuthSeeker utility, released during hacker summer camp in Las Vegas 🎥 youtube.com/watch?v=MfvWi9…