Arlington, VA – Better Business Bureau is telling consumers and businesses not to panic over a newly-discovered security vulnerability, dubbed VENOM for “Virtualized Environment Neglected Operations Manipulation” by the researcher at the technology security firm CrowdStrike who discovered it.
“Although the vulnerability is widespread, it’s not likely to impact individual consumers or the majority of small businesses,” said Bill Fanelli, chief security officer at the Council of Better Business Bureaus. “It’s being compared to Heartbleed, but VENOM would take much more skill and planning to exploit. Fortunately, it was discovered by one of the good guys before the bad guys figured it out.”
The vulnerability has existed for more than a decade in the floppy disk code of many virtual machines that are housed together on a single server, potentially allowing malicious code to move from one system to another. The potential damage of VENOM is enormous, but patches were released this morning for most affected vendors, and most cloud-based vendors are already working to close the hole. Fanelli confirmed that BBB servers are protected and that BBB data on 4.7 million businesses, including millions of consumer complaints, are secure.
BBB advises that most consumers and small businesses do not need to do anything:
For technical details, see venom.crowdstrike.com/