Page 57 - Cyber Defense eMagazine September 2022
P. 57
software with an organization’s cloud telephony system. Those who answer to the phone ID would
receive a pre-recorded message, thereby compelling them to do specific things.
• Spoofing: The majority of people use their caller IDs, however, it might not be the ideal way to
know from where a particular call is coming from. Sometimes, an attacker can call an organization
by using a fake caller ID and take advantage of the trust that an employee places on a familiar
phone number. Attackers can then use the fake ID with another hacking technique like social
engineering.
• Eavesdropping: Adoption of insecure networks, which is characterized by the lack of Transport
Layer Security (TLS) and Real-time Transport Protocol (SRTP), could enable hackers to keep
their eyes on an organization’s network. It would help them to gather crucial information about the
organization, its clients, and other aspects. By gaining the information, they can sell the
organization’s intellectual properties to rivals, access its customers’ data for selling, and blackmail
the organization with sensitive data.
Renowned and start-up companies operating in the global cloud telephony space are striving to develop
cutting-edge technological tools and services to help protect organizations against the aforementioned
hacking techniques. Besides, some of the leading organizations are placing their own security teams to
perform cybersecurity services, including the protection of cloud calling features.
Checkmarx Launches Checkmarx API Security for Protecting APIs
In August 2022, Checkmarx, a pioneer in the field of software security based in Israel, launched a new
API security solution named Checkmarx API Security. It correlates and prioritizes vulnerable data from
various AppSec engines. Every cloud-hosted, modern web, or connected mobile application exposes
and uses APIs. These are used to call application functionality and to gain access to data.
It further creates a large attack surface, thereby leading to a rising number of publicized API breaches
and attacks. The new solution addresses numerous issues related to security in the software
development lifecycle, including cloud calling. It helps in discovering zombie and shadow APIs, eliminates
the requirement of additional API-specific tools, and finds out APIs in source code to fix and identify
problems.
FCC Chairwoman Jessica Rosenworcel Proposes Restrictions on Ringless Voicemails
Jessica Rosenworcel, chairwoman of the Federal Communications Commission (FCC), proposed
restrictions on ringless voicemails in February 2022. The new norm would require callers to gain a
consumer’s consent before providing a ringless voicemail, which is referred to as a message left in the
mailbox without ringing their phones.
As per Rosenworcel, ringless voicemail can lead to frauds like robocalls, as well as be invasive. Thus, it
needs to be put under stringent consumer protection norms. The proposal came in after phones in the
U.S. received more than 50 billion robocalls back in 2021. The number was significantly higher than that
of 2020, in which only 4 billion robocalls were received by consumers.
Cyber Defense eMagazine – September 2022 Edition 57
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.