CheeseMan42 Posted May 13, 2015 Posted May 13, 2015 A new zero-day vulnerability known as Virtualized Environment Neglected Operations Manipulation, or Venom, has been discovered by security researchers with the virtualized infrastructure of datacenters believed to be a prime target. Venom works by exploiting a "legacy common component in widely-used virtualization software," which can be used to "gain access to the entire hypervisor, as well as every network-connected device in that datacenter." Venom is found in Open Source hypervisor QEMU in a virtual floppy disk controller that can allow hackers to crash the entire hypervisor and gain access to other virtual machines on that hypervisor. CrowdStrike researcher Jason Geffner, who found Venom, compared it to Heartbleed stating, "Heartbleed lets an adversary look through the window of a house and gather information based on what they see. Venom allows a person to break in to a house, but also every other house in the neighborhood as well." CrowdStrike revealed the exploit to parties impacted by the exploit before publicly releasing the information today. Source: ZDNet Back to original news post Share this post Link to post Share on other sites More sharing options...
Recommended Posts