VENOM cybersecurity vulnerability could pose problems for companies

VENOM will pose problems, but isn't on the same level as Heartbleed, cybersecurity pros point out.

| May 16, 2015 at 2:27 pm CDT

The VENOM vulnerability, which is the Virtualized Environment Neglected Operations Manipulation targeting data center software, allows cybercriminals to exploit remote access on virtual machines. If done, hackers are able to steal data - and gather information about the company's public cloud.

VENOM cybersecurity vulnerability could pose problems for companies | TweakTown.com

There is a fear that the VENOM puts intellectual property at risk, along with other personal information, so millions of users could be impacted. Although there were initial comparisons between Venom and Heartbleed, the new security flaw isn't quite on the same level.

"At this time, Venom poses the same level of risk as any new remote-code execution vulnerability," said Chad Kahl, Threat Intelligence Team Lead at Solutionary. "It is bad, but readily fixed or mitigated. First off, it only affects certain platforms. While popular, it doesn't span almost the entire Internet like Heartbleed did."

It doesn't look like VENOM has actually been exploited in the wild yet - and with no proof of concept code or observed active exploitation - there is time for systems to be patched. Patches are already available, so IT staff must be quick to respond.

Last updated: Jun 16, 2020 at 04:29 pm CDT

NEWS SOURCES:cnbc.com, tenable.com

ABOUT THE AUTHOR -

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Related Tags