Jennifer LeClaire of CIO Today on VENOM, a new security flaw designed to poison data centers by infecting virtualization environments:
Is this Heartbleed part two? Or worse? This malware, which is aptly named VENOM has a poisonous bite and it could be painful for data Relevant Products/Services centers.
California-based security Relevant Products/Services firm Crowdstrike discovered VENOM, a new security vulnerability in the virtual floppy drive code used by many computer virtualization Relevant Products/Services platforms. VENOM is short for virtualized environment neglected operations manipulation.
“This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host,” said Jason Geffner, a senior security researcher at Crowdstrike. “Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network Relevant Products/Services and adjacent systems.”