How Edge Computing avoids latency problems

Carlos Rebato    30 July, 2021

Every day we seek better connectivity. And this improvement comes from streamlining processes. For example, the time that elapses from the moment you send a packet of files to the moment it reaches its recipient. This time is known as end-to-end latency or simply latency.

Latency, since it is a unit of time, is measured in milliseconds or microseconds.

What are the influencing factors

There are several factors that can make the latency of your Internet connectivity higher or lower. One of them is the network access technology you use for your connection: fibre, ADSL, 4G and, since last year, 5G.

Likewise, the distance between the point that sends and the point that receives the information or the jumps that the data must overcome on the way, influences. Also the capacity of your device, whether it is your computer, tablet, smartphone, etc.

Advantages of 5G: greatly reduced latency

5G is already a reality. This mobile technology allows latency to be incredibly reduced. Just picture every appliance in your home being connected to your phone and to each other.

What will 5G enable? You will be able to surf at up to 10 Gbps. This speed is so amazing that you will be able to download an entire movie in a matter of seconds. And the best part: latency will be as low as 5 milliseconds and even lower in the future.

With 5G, we will be able to connect industrial robots, urban furniture and household appliances, and share information in real time .

Latency in ADSL and fibre

Latency has been greatly improved in recent years, especially with the introduction of fibre. In Spanish ADSL, 60 milliseconds of latency has been achieved, which is quite low compared to the 330 milliseconds found in some Asian countries.

Fibre has improved latency enormously in Spain, with values that can be below 1 millisecond and with the additional advantage that high bandwidths can be achieved, more than 100 times higher than those of ADSL.

Edge Computing will reduce latency in the next-generation networks

What we call Edge Computing (here we explain what Edge Computing is in simple terms) is what revolutionise latency. The idea is to provide responses in almost real time. It will be very useful for the Internet of Things (IoT), as collected data will no longer have to travel long distances to reach a data processing centre.

The idea is that Edge Computing will do the data processing as close as possible to the user or the source that produced it. If you’re in your 5G-connected electric car, for example, you need that connection to provide real-time responses.

Edge computing will make this possible. And it will be the same with devices in companies (especially in industry) or at home.

Benefits of Edge Computing

  • Increased speed in IoT devices.
  • Ability to manage large volumes of data and store it close to the end user
  • Real-time processing of information.
  • There will be more security in many cases and guarantees of data residency

Optimising and reducing costs, as well as moving towards greater efficiency, is the premise of new technologies. Reducing the latency period aims to generate benefits in all areas

Kubernetes Vulnerability Discovered That Allows Access to Restricted Networks (CVE-2020-8562)

Javier Provecho    28 July, 2021

Kubernetes is an open-source system for automating container operations, used by a multitude of companies in top-level services. Today, it has become the benchmark technology in the industry, which has allowed it to be used in scenarios far beyond its original purpose.

Part of its success and popularity is due to the adoption of the system by public cloud suppliers who offer it as a managed solution, better known as Kubernetes as a Service.

In most cases, Kubernetes as a Service corresponds to the deployment, maintenance and operation of the components belonging to the control plane of the system, such as the “apiserver”, the “scheduler” or the “controller”. The rest of the cluster topology is the responsibility of the client or user of the solution, although sometimes these suppliers offer their infrastructure services as a service to facilitate the integration.

There are also projects such as OneInfra that offer an open source Kubernetes control plane hosting system, equivalent to those proprietary ones that run the main Kubernetes managed services such as Google GKE, AWS EKS, or Azure AKS.

There are shared responsibilities in the architecture of a Kubernetes managed service and therefore security measures must be in place to ensure separation between different instances of Kubernetes clusters. For this reason, these suppliers do not provide administrative access to the control plane components or their network environment.

This is especially important when putting a Kubernetes managed service into production, as one of its components, the “apiserver”, can act as a reverse proxy in certain scenarios. Let’s have a look at an example:

The log sub-resource within a pod resource is meant to access the logs of its containers, allowing granular control by means of access control policies such as RBAC. This same operation can be performed by the proxy sub-resource within node resources (it is also available in pod resources) in the following way:

Access to node resources and their sub-resources like proxy resources are permitted operations for users of a Kubernetes managed service, since nodes are instances under the direct control of the nodes.

This raises an interesting opportunity to do some research, that of “tricking” the Kubernetes managed service supplier with a fake node, which would have an arbitrary network address. This possibility can allow access to control plane components of our Kubernetes cluster (and other clients/users).

The most important targets are usually accessible on a pair of network address pools, known as “localhost” (127.0.0.0/8) or “linklocal” (169.254.0.0/16). An example in the case of public cloud providers is the Infrastructure Metadata Service as a Service, accessible at http://169.254.169.254:80. This service is responsible for serving specific data to each instance for proper configuration, typically including access credentials to other resources and/or services.

In the case of Kubernetes managed services, the metadata service contains the Kubernetes cluster configuration and some Infrastructure-as-a-Service credentials, used when automating operations external to the Kubernetes cluster, such as configuring a network balancer or mounting a data volume.

When we try to create a node with the following definition and access its port 80 (the metadata service), the apiserver denies the request thanks to the restricted address filter implemented in the pull request “pull request” #71980.


The solution implemented consists of resolving the domain name of the resource or obtaining its network address to check that it does not correspond to a “localhost” (127.0.0.0/8) or “linklocal” (169.254.0.0/16) address. If this check is successful, the request is then made to the indicated address or domain name.

It is easy for an inquisitive eye to notice that in case the request uses a domain name, this domain name is resolved twice during the execution of this filter. The first time, when it is resolved to an IP that can be used by the filter, and the second time, when the domain name is resolved to an IP to make the request. This conclusion can be implemented by a custom DNS server that returns a valid IP on the first request and a restricted IP on consecutive requests.

Transferring this conclusion to our Kubernetes scenario with a fake node, we must configure the domain name of that custom DNS server as one of the node’s addresses, which must be used by the apiserver to be contacted.

This scenario led to a vulnerability reported to the Kubernetes security committee on April 27, 2020, which has been kept hidden while the various suppliers using Kubernetes were notified, and was finally published on May 27, 2021 without a security patch with the CVE-2020-8562. The Kubernetes security committee has offered a temporary mitigation in “issue” #101493, as well as other recommendations related to network control.

Cyber Security Weekly Briefing 17-23 July

Telefónica Tech    23 July, 2021

​​Global cyber-espionage investigation published

A joint consortium of organizations and media outlets has published an investigation revealing the indiscriminate marketing and use of Pegasus spyware. According to the investigators, a data leak has identified at least 10 governments as potential customers of the Israeli company NSO Group, which owns Pegasus. The leak contains a list of more than 50,000 phone numbers of “persons of interest” from 2016. Identified victims reportedly include corporate executives, religious figures, academics, NGO employees, trade union leaders and members of several governments. Pegasus’ functionalities include targeting iOS or Android devices in order to exfiltrate messages, emails, photos, record calls and activate microphones. Both the company and some of the states involved have denied its use for such purposes. It is worth noting that this spyware was allegedly used last year to infect Jeff Bezos’ device.

Since the publication, news and reactions have continued to emerge. On the one hand, Amazon Web Services has reported the closing of infrastructure and accounts linked to the company NSO Group, owner of Pegasus, after it became public that the company had used AWS infrastructure to carry out espionage tasks. In addition, Apple’s share price fell yesterday following news of the active exploitation of multiple 0-days on an iPhone 12 upgraded to the latest iOS 14.6 operating system. It is also worth noting that the United Nations Office in Geneva has tweeted a reminder to countries that all surveillance measures must be carried out under justified and narrowly defined circumstances, with a legitimate aim, and be proportional to that aim.

All the details: https://amp.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus

Malware distribution campaign targeting Spanish-speaking corporate users

Proofpoint’s team has identified a new threat group, named TA2721, that is distributing malware via emails in Spanish. This group is targeting users with Spanish surnames who belong to global organizations in different industries. As these are specific targets, researchers raise the possibility that the group performs some kind of reconnaissance of the targeted entities before sending the fraudulent emails. The TA2721 infection chain is characterized by the use of PDF documents attached to the emails, which contain a URL that redirects to the download of an encrypted and compressed .RAR file that eventually installs the Bandook malware on the victim’s computer, an old RAT-type malware that is not very common. Researchers have found that this threat actor tends to use the same C2 infrastructure for several weeks or months; in fact, in six months, Proofpoint has identified only three domains that would act as C2. 

More info: https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook

​​SeriousSAM: Privilege escalation vulnerability in Windows 10

Security researcher Jonas Lyk, along with other experts, has discovered a vulnerability in Windows 10 that would allow threat actors to escalate privileges to access hashed user account passwords and important system configuration details. The flaw, named SeriousSAM (CVE-2021-36934), lies in the way Windows 10 controls access to directories such as SAM, SECURITY and SYSTEM (within C:Windows System32) since Windows 10 v1809. In these versions, Microsoft fails to restrict access to these configuration files in the backups generated by the Windows Shadow Volume Copy functionality. Microsoft has not yet released security patches or mitigations for this vulnerability. However, it has shared a workaround while it continues to investigate this security flaw. Meanwhile, some tips for system administrators and security providers on how to log and monitor access to SAM data have been posted on Reddit. In addition, Kevin Beaumont has published a proof of concept that would allow system administrators to test which of their systems are vulnerable to these attacks. Finally, US-CERT has also published a briefing note on the flaw.

Learn more: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

​​XLoader: Formbook variant for Windows and MacOS

Researchers at CheckPoint have published a report on the XLoader malware, a variant of the Formbook malware. According to the research, a new malware called XLoader, which advertises itself as a cross-platform botnet and is capable of stealing information on Windows and MacOS systems, has recently been detected in underground forums. This new variant is known to have emerged in February 2021 and is an evolution of the well-known Formbook, a stealer that is still prevalent five years after its activation and would target Windows machines. XLoader is a much more sophisticated malware than Formbook, with the ability to collect credentials from web browsers and some email clients, take screenshots, log keystrokes and execute other types of malware. It is a Malware-as-a-Service where customers can rent the macOS version and the vendor provides them with access to a server that would allow them to manage the compromised devices. In this way, the attackers also maintain control over their customers’ use of the tool. Finally, it is worth noting that most of XLoader’s victims are located in the US. 

More details: https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/

People at the core of our technology

Telefónica Tech    22 July, 2021

At Telefónica Tech we are passionate about technology, but there is something we love even more: people. It is people who give meaning to technology and not the other way around.

Cyber Security, Cloud, IoT, Big Data, Artificial Intelligence or Blockchain. All our technologies aim to put people at the centre, thus driving our commitment to achieve a positive impact on society and the environment through our digital solutions.

We are, without a doubt, immersed in an unprecedented revolution that is changing the world more than any other revolution in history, affecting everything and everyone: the digital revolution. And with the advent of COVID-19, this change has accelerated even more.

In recent months, connectivity has proved to be the backbone of society and economy. Life has moved from physical space to the digital world, and in these few months we have made more progress in the field of digitalisation than would have taken five years under normal conditions.

Protection of the natural environment is at the same time a priority for society and for us. We pursue it through sustainable innovation and technology, promoting initiatives that address the Sustainable Development Goals (SDGs), and multiply the impact and scope of our actions, based on a 100% renewable and low-emission network through our Eco Smart services.

Telefónica wants to lead this process of sustainable and ecological digitalisation and in four years it has managed to reduce its emissions by 61% and its suppliers’ emissions by 27%. In 2020 it avoided 9.5 million tCO2 for its clients thanks to its digital and connectivity services, three times more than the previous year, as a result of the high penetration of digitalisation during the pandemic.

We work to make technology improve the lives of our more than 5.5 million corporate clients, and the lives of their own clients. People behind businesses who already rely on us every day and with whom we talk about technology with passion and a common goal: to make their digital lives easier and more competitive.

And you, will you join the conversation? Then keep reading to find out, through the stories of Nuria, Alba and Víctor, why Telefónica Tech is the best possible partner for the digitalisation journey.

Cloud

Nuria is the director of a large educational group. Some time ago she realised the need to digitalise her centres, making the leap to the cloud world, to make her students’ access to the course contents more flexible and to optimise the teachers’ work. To do this, she chose a technology partner with which to implement the most appropriate platform and which would allow her to train her staff in its correct use.

Nuria found in Telefónica Tech Cloud’s digital solutions her path to digital transformation: from the reduction of end-user problems to an increase in the use of the platform, thanks to the evolution of the integration between the different online tools, as well as 24/7 support in local language.

The implementation of these digital solutions allowed it to make the most of the contracted services by facilitating access, knowledge and mastery of the cloud ecosystem.

Today, the centres that Nuria manages continue to have ongoing contact with us, which allows her to detect problems and avoid risks and deficiencies, in order to concentrate on what really matters to her: the people who make up her educational community.

Cyber Security

SMEs have become a favourite target for many cybercriminals. Alba knows this first-hand. She owns a bookshop in the city centre which, in the light of the pandemic, has seen the need to make the definitive move into the digital arena. Alba was very clear about one thing in this move: security.

It was essential for her peace of mind to be in secure hands. He was looking for a service that would offer her 24/7 protection and that she could trust to defend the security of her clients. She was aware of the need to protect the digital space where she offers her services and to do it end-to-end to minimise the risks of suffering a possible cyber-attack.

This is how Alba found her best defence in Telefónica Tech Cyber Security‘s cyber security services for SMEs. Training and awareness-raising on this issue has always been essential for Alba, which now, thanks to this service, can also inform its three employees about the importance of cyber security policy.

As a technology partner, Telefónica will always be there to combat possible cyber-attacks and Alba knows that it can count on our continuous backing, always providing support and advice.

AI of Things

Victor and his friends are off today to the gig of their favourite band at a well-known music festival that takes place every year in their town. After waiting so long for this day, they do not want to be late because of traffic jams or overcrowding on the available transport. Finally, they earlier than expected and with the feeling that the journey has been much smoother than they expected.

They do not know it, but the City Council has been far-sighted and has resorted to Telefónica Tech AI of Things solutions, requesting a statistical analysis of the journeys made last year to access the festival, with the aim of reinforcing public transport and improving the service to citizens during the days of the event. Thanks to this, Victor and his friends would not only arrive on time, but their mobility experience will be very satisfactory on such an important day for them. And the rest of the population does not notice any changes in their usual movements either.

We deploy sensors through our technology that emit data which we then process to provide clients with fully anonymised, categorised and extrapolated statistical information on the movement of crowds. In this way, we make the information highly relevant and useful for our clients, companies or public bodies, to make the best decisions and maintain the satisfaction of the people they are targeting, as well as complying with data protection regulations and guaranteeing privacy.

This is one of the hundreds of examples with which we can illustrate how our AI of Things services already cross the digital barrier and improve people’s experiences, from the decision-making process of the client who hires us, to the end user: Victor and his friends, or even yourself.

Do you want to know more about Telefónica Tech? Hit the PLAY button!

Cloud, Cyber Security and AI of Things solutions are marketed in Spain through Telefónica Empresas.

How Connectivity Is Evolving Through Optical Fibre and Edge Computing

Moncho Terol    22 July, 2021

Every process involves efforts, trials and improvements in order to achieve overall success. The efforts that have been made in relation to connectivity are countless .

Gone are the days of connectivity over copper networks with landline telephony. Remember the days of connecting to the Internet using your landline and having your connection drop because a call came in?

From Copper Wire to Optical Fibre

Before explaining how optical fibre revolutionises our connectivity, it is necessary to determine what we are talking about .

Optical fibre consists of extremely thin wires that have a transparent core and are coated with plastic. In fibre, data is transmitted by light.

One of the most important reasons for switching from copper to optical fibre is bandwidth. The current fibre offer is 1 Gbps but in the future it may be up to several Tbps. Copper cables typically transmit at up to 50Mbps (typically less than 20 Mbps). In other words, fibre already has 100 times more capacity than copper and in the future it may have 150,000 times more capacity than previous technologies. In addition, fibre accesses have a lower latency than copper, with a latency of less than 1ms.

👉 💡 Did you know that, thanks to companies like Telefónica, Spain has more fibre than the UK, Italy and Germany combined?

Benefits of Optical Fibre 

There are several benefits to this type of connectivity, including:

  • Permite una conexión a grandes distancias.
  • It allows connection over long distances.
  • It has a high capacity to transmit information.
  • The information is better protected against possible external attacks.
  • Electromagnetic interference has no effect.
  • They are light and have a very low error rate.
  • They provide a much lower latency (~1ms).
  • Lower power consumption. The fibre network is 85% more efficient than copper.

Also, as technological advances are made, better speeds are achieved. For example, the visualisation of videos on services such as Movistar+ or Netflix is getting better and better, as the available bandwidth allows for UHD , 4K and even 8K formats

Therefore, we can say that, regardless of distances, connectivity makes it easier for us to connect with the world. Today, to further serve this purpose, technologies like the Internet of Things (IoT) allow us to be more efficient in our home and office. To better learn and explore what the future of connectivity and IoT will look like, take a look at Edge Computing.

Looking to The Future of Connectivity: 5G and Edge Computing

Efficiency in connectivity in the coming years will be a recurring theme in a number of sectors. 5G networks will be vital, for example, in places such as airports, as they will be used to obtain real-time information on thousands of passengers, their luggage and aircraft tugs.

Edge Computing

While 5G will make everything faster, it will also bring higher demands on bandwidth. What will be the actual capacity of a 5G network?

Edge Computing holds part of the answer. This is because it allows for greater storage capacity and for data processing to take place close to the user. It will improve, through various technologies, what is known as latency time.

Reduced Latency with Edge Computing

If a traffic light, industrial machine or security camera is connected via the IoT, with Edge Computing it will no longer have to send that data to the Cloud for processing, avoiding delays. Edge processing will allow that task to be done on the same device or in close proximity.

Let’s look at another example: if a car is driving in a foggy area and wants to get data from other vehicles to avoid a collision, 5G will enable them to communicate with each other quickly. However, processing the data quickly requires the Cloud, which can be “far away”, increasing latency and therefore the critical time to avoid an accident. Edge Computing will reduce the latency period, as this information will reach the vehicle, using 5G, in a few milliseconds.

We are fortunately at a time where we are enjoying the evolution of connectivity. At home or at work, on our commutes in big cities, we always have our devices producing information instantly. Advances in connectivity, with 5G and Edge Computing as the best exponents, will bring that future much closer than we imagine.

Understanding Gift Card Fraud

Saad Bencrimo    19 July, 2021

Following an internal investigation, carried out by Digital Risk Protection’s team of analysts at Telefónica Tech, where a fraudulent URL impersonating a retail company led to the discovery of a much more complex scheme and what at first appeared to be an isolated fraudulent website, turned out to be one of thousands of fraudulent websites targeting different retail companies using the same structure.

From a screenshot submitted by a user who had noticed that a URL he was accessing was possibly a fraudulent website, we were able to track down a fairly complex fraud scheme, which attempted to obtain users’ details in exchange for a supposed €500 gift card. In the image submitted by this user, which was actually a screenshot from his mobile device, although the content of the website could be seen, only part of the URL was visible.

Figure 1. Screenshot submitted by the user

Based on our experience in dealing with this type of fraud, we knew that, without the full URL to access the page in question, it was very difficult to locate it. In the image provided, only the domain of the URL could be seen, which initially was insufficient information to be able to access the fraud.

One of the options proposed was to enter the domain in the web search engine, but instead of in the normal search engine, which did not give any viable results for locating the fraudulent website, enter the domain in the image search engine in case that way we could obtain any data that might be useful. This option turned out to be the key to revealing that the website was nothing more than just a drop in the ocean.

One of the images associated with the search entered returned the icon of a gift box with the logo of the company that was being impersonated. Upon opening the associated link, we were directed to a page on the social network Pinterest, where a user had been sharing images associated with these scams. While most of the links associated with these images located on this Pinterest page were no longer available, one of them referred us to the scam we were looking for. Furthermore, thanks to this Pinterest page we also discovered that this fraud in question was not only directed against our initial company, but against several companies belonging to the retail sector and that it did not only affect Spain, but it was a fraud at an international level.

Figure 2. Pinterest page with images of the frauds

Once we had located the full URL, in addition to asking our response team to intervene in order to take down this scam, we used a popular online tool that analyses any URL and is also capable of displaying detailed information on all the resources it requests, to see if we could locate more similar scams. Thanks to this search, we found a number of URLs that used the same scheme, impersonating several of the retail companies we had located.

At this point, and already having several different URLs to compare, we realised that a crucial fact for the investigation was that for all the URLs located for the same company, the same numerical identifier was being used. In a simple way and to make it easier to understand, we were then able to replicate the fraud from a URL or domain that we knew had this scam associated with it, for each of the other companies whose unique identifier we had located in the following way:

http://dominio/c/identificadorempresa

However, despite all that we had discovered, we knew that this fraud had to be much bigger. So, once it was clear to us that the structure used in these URLs was the same, we searched and compared the IP addresses where the scams were hosted, to see if they were hosted on the same IP address. This ended up being quite successful, because as we guessed, all of these pages were hosted on the IP address 34.XX.XX.54. We were able to find more than 1500 domains hosted on the same IP address by searching to try to find out which domains were hosted on that IP address.

Figure 3. List of domains hosted on IP address 34.XX.XX.54

Finally, and based on the information of interest available to us: the list of domains hosted at IP address 34.XX.XX.54 and the unique identifiers found for the different companies affected, we developed a script that formed the URLs for all the domains found, adding the corresponding identifier and checking whether these URLs resolved. In this way, we were able to locate up to 95 active fraudulent URLs for our initial company. Checking whether the pages resolved or not was introduced simply because many of these frauds were no longer available, not to mention that our response team had already taken action against some of them.

Currently, although many of these frauds are no longer active, many are still in operation and the service is looking for solutions to try to act as a block against all frauds. In short, when surfing the Internet, we must be very careful with this type of fraudulent websites that try to obtain information of interest and, in many cases, sensitive information from inattentive users.

Cloud Computing Is the Lifeline for SMEs

Roberto García Esteban    19 July, 2021

Cloud Computing is an essential technology in companies’ business continuity plans, and this has been made very clear in the context of the Covid-19 pandemic. It is said that in the last year we have seen a growth in the Cloud market equivalent to that expected in five years. So, although it is sad to admit it, we can say that the coronavirus has had more influence on the expansion of the Cloud than the work carried out by the industry over the years.

In this increasingly digital and globalised world, the shift to the Cloud is no longer an option but a necessity and practically an imperative for the survival of companies, whatever their sector and size. It might seem that Cloud Computing is a complex and costly technology, destined for large companies, but nothing could be further from the truth. SMEs are generally lagging technologically because until now they have had to invest heavily in digitalisation, and that is exactly what the Cloud has come to solve. Using Cloud Computing, services are normally billed on a monthly fee model and you only pay for the resources you actually use, so it can be said that the Cloud democratises access to technology, bringing it closer to SMEs and turning costly traditional investments in IT equipment into a periodical and affordable expense for companies of any size.

This is far from being a science fiction scenario that we expect in several years’ time, but a current reality as reflected in the latest Eurostat report, which states that 26% of Spanish companies with more than 10 employees are already using cloud services for the development of their activity. What the pandemic has brought about is an increase in the speed at which companies have become involved in digitalisation. The same report states that the penetration rate of Cloud Services will exceed 80% by 2035. The benefits that cloud technology brings to companies (tools for working remotely, flexibility to adapt to peaks and valleys in demand, cost efficiency, optimised internet presence…) have been key tools for survival not only in times of pandemic, but will also be so in the coming years, because what is clear is that Cloud Computing is here to stay. There is no doubt that everything that is IT (Information Technology) is moving to the Cloud, which means that IT assets are disappearing.

COVID-19 has had a very negative impact on the business of practically all companies, which is a financial barrier to any investment or expenditure in IT, especially among small and medium-sized companies. However, the crisis has accelerated the adoption of Cloud Computing in Spain because companies are realising that mature cloud companies are those that have been able to turn the crisis into an opportunity and become different from the rest. According to a study by the National Telecommunications and Information Society Observatory (ONTSI), the use of the Cloud for online storage allows savings of up to 80% in the energy consumption of equipment and 40% in hardware and software.

Cloud computing is also a catalyst of opportunities for SMEs because, in addition to the aforementioned democratisation of access to technology, it offers two other key elements to help them grow.

  • Firstly, savings and cost control, as large investments in equipment are replaced by an operating expense that can also be modulated according to the needs at any given time.
  • Secondly, it provides agility and flexibility in the consumption of technological services and in the creation of highly configurable environments, tailor-made for each SME, which translates into better response times in the event of unforeseen events or changes in business volume.  

Each and every step companies take on the path to the Cloud means moving out of the comfort zone of a closed, on-premises infrastructure and into a more flexible environment, which brings with it a number of additional IT security risks. It is therefore very important for businesses in general and SMEs in particular to choose a partner with experience in Cloud and security services to help them manage these risks and make the move to the Cloud a smooth and seamless process.

Leave a Comment on Cloud Computing Is the Lifeline for SMEs
Roberto García Esteban
Roberto García Esteban

Ingeniero de Telecomunicaciones por la UPM, diplomado en Administración y Dirección de Empresas en la UNED y MBA Executive por el Instituto de Empresa. Actualmente trabajo como Product Manager de servicios cloud en Telefónica Tech. Soy muy futbolero (por supuesto, del Real Madrid ), si bien me gusta seguir y practicar todo tipo de deportes (es fácil que me veas en una carrera popular por las calles de Madrid). Aunque mi verdadera pasión es disfrutar de una buena conversación con mis amigos o mi familia.

Cyber Security Weekly Briefing 10-16 July

Telefónica Tech    16 July, 2021

Kaseya VSA Incident Update

After news of the attack by the REvil ransomware group using Kaseya VSA on July 2nd, on Sunday July 11th, Kaseya released the patch for its VSA software (VSA 9.5.7a), which is available for VSA On-Premises and VSA SaaS customers. The update fixes vulnerabilities listed as CVE-2021-30116, CVE-2021-30119 and CVE-2021-30120, which allowed credential leakage, Cross Site Scripting (XSS) and two-factor authentication bypass, respectively. This new version also fixes a bug that allowed unauthorised file uploads to a VSA server, in addition to using the security flag for user portal session cookies since it was no longer being used; security enhancements to API responses have also been implemented. Regarding the incident, it is also worth noting the publication this Saturday of an article in Bloomberg, which includes statements from several former employees of the company who claimed that for years they had warned about serious problems in the software that had not been taken into account or fixed.

More: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021

SolarWinds fixes a new actively exploited 0-day

Software company SolarWinds, which last year experienced one of the most sophisticated cyber-espionage campaigns of recent times, has released an update for a 0-day vulnerability listed as CVE-2021-35211, which is reportedly affecting its Serv-U product. According to SolarWinds’ own advisory, Microsoft researchers informed the technology company of a remote code execution (RCE) vulnerability that was being actively exploited. When exploited, a malicious actor could gain privileged access to the host hosting the Serv-U product. The actual scope of the flaw is unknown, and no further details have been provided by the company. The affected products are Serv-U Managed File Transfer and Serv-U Secure FTP from version 15.2.3 HF1 and earlier. SolarWinds has enabled a secure update to version 15.2.3 HF2, and it is recommended to upgrade to this version.

After SolarWinds update Microsoft published the details of the investigation where they specified that they detected an exploit used in targeted attacks against SolarWinds’ Serv-U product. During the investigation, Microsoft noted that the targets of the campaign were US entities in the software and defence sectors. They claim that the activity of the group, which they refer to as DEV-0322, was located in China and used commercial VPN solutions as well as compromised routers as attack infrastructure.

All the details: https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

Critical RCE vulnerability in ForgeRock Access Manager actively exploited

Cyber Security Agencies in Australia and the United States are warning of a critical remote code execution (RCE) vulnerability in ForgeRock Access Management. The vulnerability is an open-source application used to manage permissions in internal applications and is listed as CVE-2021-35464. The flaw was discovered and disclosed on June 29th by Michael Stepankin, security researcher at PortSwigger. ForgeRock indicates that this flaw affects Access Management (AM) versions prior to 7.0 that run Java 8. The company recommends applying the patches published on June 29th immediately since the vulnerability has been actively exploited.

Learn more: https://backstage.forgerock.com/knowledge/kb/article/a47894244

Microsoft’s monthly bulletin

Microsoft has published its July security bulletin which includes fixes for 117 vulnerabilities, thirteen of them critical. Among the flaws are nine 0-days, four of which are believed to be actively exploited:

  • CVE-2021-34527 (PrintNightmare): Remote code execution vulnerability in the Windows print manager
  • CVE-2021-33771: Privilege scalation vulnerability in the Windows kernel
  • CVE-2021-34448: Scripting Engine Memory Corruption Vulnerability
  • CVE-2021-31979: Windows kernel privilege escalation vulnerability

In addition, it is important to mention 3 Remote Code Execution (RCE) vulnerabilities which are affecting Microsoft Exchange Server (CVE-2021-31206), the Windows DNS server (CVE-2021-34494) and the Windows Kernel (CVE-2021-34458). Microsoft recommends updating the affected assets.

Full report: https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul

Ransomware distribution exploiting SonicWall firmware

SonicWall has issued an urgent security advisory following the detection of a ransomware campaign based on the exploitation of a vulnerability in the firmware of some of its products. The vulnerable devices are Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that are running firmware versions 8.x. The firm is urgently recommending that the products are upgraded to version 9.x. If it is not possible to upgrade, they propose the following mitigation measures: immediate disconnection of vulnerable SMA and SRA devices, resetting of passwords and activation of multi-factor authentication (MFA) measures. Although SonicWall’s advisory does not provide details of the specific vulnerability that is being exploited, security researchers at Crowdstrike, who discovered and warned of a flaw in this firmware last June, confirm that it is the same vulnerability they detailed in their article a few weeks ago, which they identified as CVE-2019-7481. For their part, SonicWall’s incident response team have also published an alert to warn of this flaw, without associating it with the identifier that Crowdstrike linked in their article, but giving it a severity of CVSSv3 9.8.

More: https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/

Success Story: AWS by Acens, The Solution Chosen by Forcemanager for its CRM for Sales Team Management

Telefónica Tech    15 July, 2021

Telefónica Tech integrates acens into its ecosystem, a pioneering company in the development of Cloud solutions. This completes the value proposition of IT services for small and medium-sized companies.

Acens also has agreements with hyperscale providers to optimise its Multicloud offer, with services such as:

Today we focus precisely on AWS by acens and tell you how this service is helping our client ForceManager.

Forcemanager, the CRM That Drives Sales

ForceManager’s mission is to help all those traditional sales teams that until now have been based on face-to-face interactions to migrate to the new hybrid reality, in which sales operations will inevitably be based on a natural combination of face-to-face and remote interactions.

ForceManager is a CRM for sales teams enriched with Artificial Intelligence, which provides sales professionals with tools that simplify their daily tasks, freeing them from administrative tasks and speeding up processes. This is achieved through a simple interface and the fusion of the physical and online worlds.

This allows the teams to focus 100% on meeting one of the most important objectives of any company: increasing sales. They currently work with around 30,000 real-time sales reps around the world.

“The small details that ForceManager offers are what really make the difference and make the sales team not think about the technology, that technology is something that is there and that works, and allows them to focus on their client and what they really have to do, which is to sell.


Oscar Maciá, CEO at ForceManager

How Do We at Acens By Telefónica Tech Help Them?

Currently, ForceManager’s entire IT platform is managed through acens, a fundamental part of its technology stack.

Among the main points for choosing acens, these include the following:

  • We are a global supplier.
  • We offer a powerful service, in line with market requirements.
  • Our performance is very reliable, with no danger to the business.
  • Acens is backed up by Telefónica, due to its size, tradition and robustness.
  • The ability to negotiate with providers such as AWS through acens is amplified.

“We chose acens because we wanted a global supplier, a solid supplier that would give us a powerful service and that was backed up, in this case, by Telefónica,” explains Oscar. For us it is very important that all our technological infrastructure, which is our core business, is in good hands, and we saw acens as a perfect partner and ally in our mission.”

The AWS service by acens is the main part of our operational structure: we are a Cloud company and the online part is essential for us”, says ForceManager’s CEO. “Working with acens gives us an extra point of negotiation capacity with such a strategic supplier like Amazon”.

If you want more information about the AWS service by acens, please contact us.

New AI and Blockchain Solutions Are Arriving to Businesses

Fernando Navarro    14 July, 2021

As many businesses digitally transform to drive new revenue streams and increase customer satisfaction, they are also adopting more and more advanced cloud-based technologies such as AI and Blockchain. In fact, nearly a third of IT professionals surveyed in the IBM Global AI Adoption Index 2021, conducted by Morning Consult, say their company is using AI, and 43% say they are accelerating AI adoption as a result of the COVID-19 pandemic. But using multiple Cloud and IT platforms while deploying and adopting advanced technologies can be a challenge.

Telefónica Tech And IBM, New Solutions for Digital Transformation

In this regard, Telefónica Tech and IBM have announced the launch of a virtual agent with Artificial Intelligence and a Blockchain platform for company asset management. Built on the Cloud Garden hybrid Cloud platform, which uses the Red Hat Open Shift container framework, these solutions are easily adaptable to any business and are scalable.

In the case of the virtual agent, the automation of client data management allows employees to focus on more complex problems. Telefónica Global Technology is already using the Blockchain platform for asset management internally and will begin to roll it out across its supply chain ecosystem in Spain and Germany, and then extend it to other Group operators.

What Do These New Solutions Entail

In the case of the cognitive virtual agent, the solution provides companies with automated management of processes and customer relationships without operator intervention, allowing employees to focus on the most complex and value-added problems.

Telefónica and IBM have built a modular solution, both technically and functionally, which allows the solution to be customised, adapting it quickly and efficiently to the needs and requirements of each customer and their associated use cases.

The solution covers the main customer service processes and use cases in channels such as telephone and chat, adapting to the casuistry of each customer or business sector: information queries, adjustments or changes to customer data, complete transactional use cases, requests for documentation, collections, invoicing, complaints, file processing, etc. The solution also offers vertical services specialised in functional areas: IT support and user workstations, human resources processes, invoicing, collection, debt and direct debit processes, etc.

Thanks to this solution, companies can have a customer service 24×7 and 365 days a year, adaptable to different use cases and securely integrated into an omnichannel process and management.

The adoption of cognitive assistants in Spain is accelerating due to the digitalisation processes required by the pandemic and remote working. The greater agility and availability of the associated service and the substantial improvement in the end-user experience are facilitating and accelerating their adoption.

As for the blockchain platform, it aims to provide end-to-end visibility of the supply chain and securely enable traceability of any type of material with an open standard. This platform allows customisation of participants, transactions, locations and status of materials, making it adaptable to numerous use cases.

At any time, the provenance or location of an asset can be reviewed by the manufacturer, suppliers or processors, quality control companies and the end customer in a common, visible, standard and immutable repository.
Blockchain technology allows all companies involved in the supply, installation and consumption of assets to interact in an efficient and easily accessible way, ensuring traceability throughout the asset’s lifecycle.

This Blockchain Platform for logistics management is already being used by Telefónica Global Technology internally for the supply chain in Spain and Germany, and will soon be taken to other operators of the Group and to the B2B market.