A new zero-day exploit has been discovered by Jason Geffner, a Senior Security Researcher at CrowdStrike, and its target is the virtual data center. VENOM (short for Virtualized Environment Neglected Operations Manipulation) allows a malicious user to send a command to their own virtual instance that will cause it to crash and open the door for exploitation of the entire hypervisor and connected network. This means that the attacker could gain full bare metal control of other companies' virtual machines, if they're hosted in the same virtual data center or cloud. The command targets a commonly ignored component of most virtual machines -the legacy floppy disk…
Read More