With the ever-presence of hand-held devices, smart phones and other mobile devices, it’s easy to forget that such items are simply small computers and therefore susceptible to the same attacks that get headlines on the nightly news.
A critical vulnerability identified by the National Vulnerability Database as CVE-2015-3456 or VENOM was published yesterday. It affects all KVM guests running on QEMU--a widely used emulator for virtual server hosting. This command and control vulnerability may allow a malicious user to escape guest environments and take full control of the operating system hosting. Like Heartbleed and Shellshock last year, this is a significant risk for organizations that could lead to the exfiltration of sensitive and proprietary data. Unchecked, this can impact thousands of organizations and millions of end users that rely on affected virtual machines for the distribution of shared computing resources.