Cloud Backup
 

We`re just sending through your details

Please give us a few moments whilst we get your account ready.

OKAY

Avoiding The Bite From The VENOM Security Vulnerability

Avoiding The Bite From The VENOM Security Vulnerability

posted in Backup & Recovery ● 26 Nov 2015

The lingering security risks of cloud storage are still very much in the minds of CTOs and CIOs despite providers’ best efforts to up their game in keeping the average user safe from attack. Unfortunately one such vulnerability has now been spotted – after lurking in the grass since 2004! It goes by the name of VENOM: Virtualized Environment Neglected Operations Manipulation (CVE-2015-3456).

How deadly is it?

Discovered by Jason Geffner at CrowdStrike around end April/beginning May 2015, the vulnerability exists in the Floppy Drive Controller of a virtual machine (VM). If exploited (click here for the technical “codey” bits), the attacker could get access to the hosting server via the VM. This, in turn, can result in other VMs on the same server also being compromised.

Who can get bitten?

It is the open-source QEMU implementation of machine emulation and virtualisation that is affected by the VENOM security vulnerability. This is, however, no cause to rest easy because many hypervisor providers make use of this in their solutions like VirtualBox, KVM, Xen, Win4Lin Pro Desktop, and also derivatives of these products.

Seeing that their software is used so widely – possibly impacting millions of users – there was significant haste between providers and community contributors to try and find a solution. According to CrowdStrike, the following providers have issued responses and/or patches for the VENOM security vulnerability: QEMU, Xen Project, Red Hat, Citrix, FireEye, Linode, Rackspace, Ubuntu, Debian, SUSE, DigitalOcean, f5, Joyent, Liquid Web, UpCloud, Amazon, Oracle, Barracuda  Networks, CentOS, Fortinet, and IBM.

Here’s the antivenom

In the meantime, make sure you have the basics in place: a solid disaster recovery plan and some solid data protection software to back it up (pun intended). With the VENOM security vulnerability possibly allowing access to a multitude of presumed secure VMs and hosting servers, your company’s intellectual capital is at risk and the data it’s founded on could be wiped should an attacker or their malware gain access. Know where your critical data resides and know how to protect it.

Speaking of protection, a disaster recovery plan is a lame duck without some decent backups. Should your cloud storage provider still be susceptible to the VENOM security vulnerability, using software that is able to replicate/mirror backups will help mitigate this. Although, it could be that the reason you’re storing backups in the cloud is because they’re already a redundant copy of your local backups. In this case, more is more.

Watch this space

It would be best to consult your provider to be sure where they stand on the matter. Also stay up to date by following https://venom.crowdstrike.com/.

See the future of data management. Now

Watch our product demos to find out more about our solution.

  • This field is for validation purposes and should be left unchanged.

Why you need to backup your QuickBooks data

In a recent LinkedIn poll, Redstor asked our followers if they had heard of QuickBooks, and 90% responded that it is a very popular type of accounting software.

 

Continue reading

Cyber-attack on The Works is a warning to others

The recent cyber-attack on discount retailer The Works, emphasises the need for organisations of all sizes to invest in ransomware prevention measures.

Continue reading

Redstor Appoints Channel Leader Mike Hanauer as CRO to Spearhead Global Sales Expansion

Reading, April 28, 2022 – Redstor, the cloud-first backup platform of choice for MSPs, today announced the appointment of accomplished channel sales executive Mike Hanauer in a newly created role of Chief Revenue Officer (CRO). Known across the market for his revenue-generating successes with top data protection, recovery and security companies, Hanauer will spearhead global expansion plans for Redstor’s category-leading SaaS platform.

Continue reading

Download The Ultimate MSP Growth Guide

  • This field is for validation purposes and should be left unchanged.