software with an organization’s cloud telephony system. Those who answer to the phone ID would
                   receive a pre-recorded message, thereby compelling them to do specific things.
               •  Spoofing: The majority of people use their caller IDs, however, it might not be the ideal way to
                   know from where a particular call is coming from. Sometimes, an attacker can call an organization
                   by using a fake caller ID and take advantage of the trust that an employee places on a familiar
                   phone number. Attackers can then use the fake ID with another hacking technique like social
                   engineering.
               •  Eavesdropping: Adoption of insecure networks, which is characterized by the lack of Transport
                   Layer Security (TLS) and Real-time Transport Protocol (SRTP), could enable hackers to keep
                   their eyes on an organization’s network. It would help them to gather crucial information about the
                   organization,  its  clients,  and  other  aspects.  By  gaining  the  information,  they  can  sell  the
                   organization’s intellectual properties to rivals, access its customers’ data for selling, and blackmail
                   the organization with sensitive data.

            Renowned and start-up companies operating in the global cloud telephony space are striving to develop
            cutting-edge technological tools and services to help protect organizations against the aforementioned
            hacking techniques. Besides, some of the leading organizations are placing their own security teams to
            perform cybersecurity services, including the protection of cloud calling features.



            Checkmarx Launches Checkmarx API Security for Protecting APIs

            In August 2022, Checkmarx, a pioneer in the field of software security based in Israel, launched a new
            API security solution named Checkmarx API Security. It correlates and prioritizes vulnerable data from
            various AppSec engines. Every cloud-hosted, modern web, or connected mobile application exposes
            and uses APIs. These are used to call application functionality and to gain access to data.

            It further creates a large attack surface, thereby leading to a rising number of publicized API breaches
            and  attacks.  The  new  solution  addresses  numerous  issues  related  to  security  in  the  software
            development lifecycle, including cloud calling. It helps in discovering zombie and shadow APIs, eliminates
            the requirement of additional API-specific tools, and finds out APIs in source code to fix and identify
            problems.



            FCC Chairwoman Jessica Rosenworcel Proposes Restrictions on Ringless Voicemails

            Jessica  Rosenworcel,  chairwoman  of  the  Federal  Communications  Commission  (FCC),  proposed
            restrictions  on  ringless  voicemails  in  February  2022.  The  new  norm  would  require  callers  to  gain  a
            consumer’s consent before providing a ringless voicemail, which is referred to as a message left in the
            mailbox without ringing their phones.

            As per Rosenworcel, ringless voicemail can lead to frauds like robocalls, as well as be invasive. Thus, it
            needs to be put under stringent consumer protection norms. The proposal came in after phones in the
            U.S. received more than 50 billion robocalls back in 2021. The number was significantly higher than that
            of 2020, in which only 4 billion robocalls were received by consumers.




            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         57
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.