New Venom Bug Hits Data Centers, Could Your Information Be At Risk?

Security researchers at CrowdStrike on Wednesday discovered a security vulnerability that is arguably on par with Heartbleed, last year's serious vulnerability that rendered communications with many popular web services insecure, potentially exposing millions of passwords. This time, however, it's harder to wrap your head around. Dubbed "Venom," the vulnerability impacts many popular virtualization platforms, specifically Xen, KVM and QEMU virtual machines and appliances. It works by exploiting a buffer-overflow bug in the QEMU's Floppy Disk Controller. If exploited, it could allow attackers who have access to one virtual machine to potentially access all other virtual machines running on the same hardware.