VENOM Exploit

If you thought that Heartbleed was bad, this is worse. A new vulnerability called VENOM (Virtualized Environment Neglected Operations Manipulation) has struck. The vulnerability attacks virtual servers, utilizing the often overlooked shared resource, the virtual floppy drive controller. This allows attackers to access the datastore (Physical Hard Drive) on the servers which means even though your “cloud” server is separated from the others, it shares the physical machine which means all data is open to be stolen. This attack works on all current  VM services, but Oracle has fixed it in their current release and will completely remove it from later releases.

 

For  information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *