I saw this, but never posted anything on it, so I guess better late than never. I didn't see any mention on other VoIP security blogs.
Back in December, the FBI posted a vague warning talking about how Asterisk could be used to perform vishing attacks. The warning generated a ton of coverage. First of all, any decent PBX, including Asterisk, can be used for vishing attacks. You simply need to set it up to make calls, leave voice mails with a 1-800 number, and then answer calls an try to trick people into giving away confidential information. It looks like the warning was generated as a result of an old vulnerability, that was fixed in early 2008. Here is an article, with links to other articles, that covers the story:
Here is a link to Digiums list of Asterisk vulnerabilities and fixes: