Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Bigger than Heartbleed, “Venom” security vulnerability threatens most datacenters

Bigger than Heartbleed, “Venom” security vulnerability threatens most datacenters


After the discovery of the Heartbleed bug, security researchers have detected another critical vulnerability known as VENOM (Virtualised Environment Neglected Operations Manipulations). The vulnerability resides in open source computer emulator QEMU and dates back to 2004. Many modern virtualization platforms, including Xen, KVM, and Oracle’s VirtualBox are affected by the vulnerability. Most datacenters nowadays condense customers including major technology companies and smaller firms into virtualized machines, or multiple operating systems on one single server. Those virtualized systems are designed to share resources but remain as separate entities in the host hypervisor, which powers the virtual machines. Attacker can exploit the VENOM vulnerability to gain access to the entire hypervisor as well as every network connected device in that datacentre.
 
Read More:
 
Source:
 
ZDNet
 
Techmeme
 
Yahoo
 
Team Cymru
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis