Venom Security Threat: Better Business Bureau Says Most Don't Need to Worry

Share Article

Consumers and businesses should not panic over newly discovered security vulnerability.

Logo

Better Business Bureau is telling consumers and businesses not to panic over a newly-discovered security vulnerability, dubbed VENOM for “Virtualized Environment Neglected Operations Manipulation” by the researcher at the technology security firm CrowdStrike who discovered it.

“Although the vulnerability is widespread, it’s not likely to impact individual consumers or the majority of small businesses,” said Bill Fanelli, chief security officer at the Council of Better Business Bureaus. “It’s being compared to Heartbleed, but VENOM would take much more skill and planning to exploit. Fortunately, it was discovered by one of the good guys before the bad guys figured it out.”

The vulnerability has existed for more than a decade in the floppy disk code of many virtual machines that are housed together on a single server, potentially allowing malicious code to move from one system to another. The potential damage of VENOM is enormous, but patches were released this morning for most affected vendors, and most cloud-based vendors are already working to close the hole. Fanelli confirmed that BBB servers are protected and that BBB data on 4.7 million businesses, including millions of consumer complaints, are secure.

BBB advises that most consumers and small businesses do not need to do anything:

  •     You are safe if:

o    You have no virtual machines
o    Your virtual machines are VMware and Microsoft Hyper-V

  •     You need to take additional action if:

o    You have other types of virtual machines such as Xen, KVM, Oracle's VirtualBox, or other Linux variants
o    You have services in the cloud that might use vulnerable virtual machines

For technical details, see venom.crowdstrike.com/

-30-

About BBB: For more than 100 years, Better Business Bureau has been helping people find businesses, brands and charities they can trust. In 2014, people turned to BBB more than 165 million times for BBB Business Reviews on more than 5.4 million businesses and Charity Reports on 11,000 charities, all available for free at bbb.org. The Council of Better Business Bureaus is the umbrella organization for 112 local, independent BBBs across North America, as well as home to its national programs on dispute resolution, advertising review, and industry self-regulation.

Media Contact: Katherine Hutt at 703-247-9345 or khutt(at)council.bbb(dot)org

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Katherine Hutt
CBBB
+1 (703) 247-9345
Email >