telecommunications

LF Europe’s Project Sylva wants to create an open source telco cloud stack • ZebethMedia

By zebethcontrolPosted on November 15, 2022Posted in cloud, Enterprise, Europe, linux foundation, open source, telco, telecommunicationsNo Comments

The Linux Foundation Europe (LF Europe) — the recently launched European offshoot of the open source Linux Foundation — today announced the launch of Project Sylva, which aims to create an open source telco cloud framework for European telcos and vendors. This is the first project hosted by LF Europe and is a good example of what the organization is trying to achieve. The project aims to create a production-grade open source telco cloud stack and a common framework and reference implementation to “reduce fragmentation of the cloud infrastructure layer for telecommunication and edge services.” Currently, five carriers (Telefonica, Telecom Italia, Orange, Vodafone and Deutsche Telekom) and two vendors (Ericsson and Nokia) are working on the project. “There’s a whole bunch of Linux Foundation networking projects already that have taken telecommunications into the open source era,” Arpit Joshipura, the general manager for Networking, Edge and IoT at the Linux Foundation, told me. “All those projects are under what is called the [LF] Networking foundation. […] So whatever that work is that is done by the telcos, Sylva is going to leverage and build on top of it with these European vendors to solve EU specific requirements. Those are security, energy, federated computing, edge and data trust.” At the core of Sylva is a framework for a compute platform that can be agnostic to whether a workload is running on the telco access network, edge or in the core. The project aims to build a reference implementation, leveraging all of the work already being done by LF Networking, the Cloud Native Computing Foundation (the home of Kubernetes and other cloud-native infrastructure projects), LF Energy and others. All of this, of course, is done with a focus on the EU’s goals around security, data privacy and energy management, but even though the project has this EU focus, the overall ambition is broader and goes well beyond the European Union. Many of these regulations, after all, will make it to other markets as well. “Linux Foundation, Europe allows us to focus more on specific regional requirements, but without those siloes and fragmentation that foster that techno-nationalism, if you want to call it that, by really being able to foster local collaboration and then, pushing that stuff upstream gives us this amazing conduit to go across borders,” explained Gabriele Columbro, the general manager of the Linux Foundation Europe. The vendors joining the project all argue that they are doing so in order to reduce fragmentation as the industry moves to a cloud-centric model and to enable interoperability between different platforms. “The Telco Cloud ecosystem today is fragmented and slowing down our operational model transformation. Despite a transition to cloud native technologies, a real interoperability between workloads and platforms remains a challenge,” said Laurent Leboucher, group CTO and SVP, Orange Innovation Networks. “Indeed, operators have to deal with a lot of vertical solutions that are different for each vendor, leading to operational complexity, lack of scalability and high costs. Sylva, by providing a homogenous telco cloud framework for the entire industry, should help all the ecosystem to use a common technology, which will be interoperable, flexible and easy to operate.”

Twilio hack investigation reveals second breach, as the number of affected customers rises • ZebethMedia

By zebethcontrolPosted on October 28, 2022Posted in cybersecurity, data breach, Security, telecommunications, TwilioNo Comments

U.S. messaging giant Twilio confirmed it was hit by a second breach in June that saw cybercriminals access customer contact information. Confirmation of the second breach — carried out by the same “0ktapus” hackers that compromised Twilio again in August — was buried in an update to a lengthy incident report that Twilio concluded on Thursday. Twilio said the “brief security incident,” which occurred on June 29, saw the same attackers socially engineer an employee through voice phishing, a tactic whereby hackers make fraudulent phone calls impersonating the company’s IT department in an effort to trick employees into handing over sensitive information. In this case, the Twilio employee provided their corporate credentials, enabling the attacker to access customer contact information for a “limited number” of customers. “The threat actor’s access was identified and eradicated within 12 hours,” Twilio said in its update, adding that customers whose information was impacted by the June Incident were notified on July 2. When asked by ZebethMedia, Twilio spokesperson Laurelle Remzi declined to confirm the exact number of customers impacted by the June breach and declined to share a copy of the notice that the company claims to have sent to those affected. Remzi also declined to say why Twilio has only just disclosed the incident. Twilio also confirmed in its update that the hackers behind the August breach accessed the data of 209 customers, an increase from 163 customers it shared on August 24. Twilio has not named any of its impacted customers, but some — like encrypted messaging app Signal — have notified users that they were affected by Twilio’s breach. The attackers also compromised the accounts of 93 Authy users, Twilio’s two-factor authentication app it acquired in 2015. “There is no evidence that the malicious actors accessed Twilio customers’ console account credentials, authentication tokens, or API keys,” Twilio said about the attackers, which maintained access to Twilio’s internal environment for two days between August 7 and August 9, the company confirmed. The Twilio breach is part of a wider campaign from a threat actor tracked as “0ktapus,” which targeted at least 130 organizations, including Mailchimp and Cloudflare. But Cloudflare said the attackers failed to compromise its network after having their attempts blocked by phishing-resistant hardware security keys. As part of its efforts to mitigate the efficacy of similar attacks in the future, Twilio has announced that it will also roll out hardware security keys to all employees. Twilio declined to comment on its rollout timeline. The company says it also plans to implement additional layers of control within its VPN, remove and limit certain functionality within specific administrative tooling, and increase the refresh frequency of tokens for Okta-integrated applications.