CHICAGO, IL â€“Â Better Business BureauÂ is telling consumers and businesses not to panic over a newly-discovered security vulnerability, dubbed VENOM for â€œVirtualized Environment Neglected Operations Manipulationâ€ by the researcher at the technology security firm CrowdStrike who discovered it.
â€œAlthough the vulnerability is widespread, itâ€™s not likely to impact individual consumers or the majority of small businesses,â€ said Bill Fanelli, chief security officer at the Council of Better Business Bureaus. â€œItâ€™s being compared to Heartbleed, but VENOM would take much more skill and planning to exploit. Fortunately, it was discovered by one of the good guys before the bad guys figured it out.â€
The vulnerability has existed for more than a decade in the floppy disk code of many virtual machines that are housed together on a single server, potentially allowing malicious code to move from one system to another. The potential damage of VENOM is enormous, but patches have been released for most affected vendors, and most cloud-based vendors are already working to close the hole.
â€œBecause of the number of major data breaches that have impacted consumers, VENOM may still cause some concern,â€ said Steve J. Bernas, president and CEO of the Better Business Bureau serving Chicago and Northern Illinois. â€œSince it is impossible to predict when or where the next breach will occur, we must see these issues as a product of the technical age we live in. Itâ€™s one of the technological risks.â€
In this case BBB advises that most consumers and small businesses do not need to do anything:
- You are safe if:
- You have no virtual machines.
- Your virtual machines are VMware and Microsoft Hyper-V.
- You need to take additional action if:
- You have other types of virtual machines such as Xen, KVM, Oracleâ€™s VirtualBox, or other Linus variants.
- You have services in the cloud that might use vulnerable virtual machines.
- Make sure you have a firewall installed.
- Apply patches for routers, computers and other devices as they are available.
- Run up-to-date- security software on your devices.
- If you have specific questions, contact your manufacturer.
- Monitor all credit and debit card accounts.
- Change your passwords to protect your personal and financial information and to restrict access to those accounts.