Skip to main content

Venom’s bite could be worse than Heartbleed’s bark

venom could pack a deadlier bite than heartbleed f3jutjz
Image Credit: Crowdstrike
According to a report released by the security firm CrowdStrike, millions of datacenters around the world could be victims of a new vulnerability that affects the software which manages floppy disk controllers on virtual machines.

Most datacenters today work by installing virtualized environments on their servers, a standard practice which allows them to save space and better optimize the way that larger and smaller companies share bandwidth between them.

Recommended Videos

The codeword for the bug, called ‘Venom’, is actually an abbreviation of the full title of the vulnerability —  the “Virtualized Environment Neglected Operations Manipulation”– which is based off which parts of the system it attacks.

Please enable Javascript to view this content

A collection of virtualized machines running off one machine is what’s known as a “hypervisor”, and what makes Venom significant is its ability to use the open-source computer emulator QEMU to hijack the floppy disk controller and affect all the sandboxes under the same hypervisor umbrella.

“Millions of virtual machines are using one of these vulnerable platforms,” said CrowdStrike’s Jason Geffner, the researcher who found the bug.

Thankfully, CrowdStrike has been working closely with major datacenter providers over the past few months to get the hole patched before publicly disclosing its existence today. This approach is in stark contrast to what we saw with Heartbleed, wherein the free-for-all of patching vulnerabilities was left to whoever could jump on the pile first after the news initially broke.

So far no exploits have been detected in the wild, despite the fact that the bug has been installed in the affected systems since as early as 2004. For now, the main virtualization platforms under fire include KVM, VirtualBox, and Xen, while VMWare, Hyper-V, and Bochs hypervisors are in the clear.

With the majority of providers utilizing systems based off the latter half of this list, hopefully the threat will be reigned in before things spiral too far out of control.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Google is testing a feature that will let AI hide away internet pop-ups
Google Chrome browser running on Android Automotive in a car.

Google is testing a new feature in Chrome Canary, the experimental version of the Chrome browser. As reported by TechRadar, the "PermissionsAI" feature is designed to deal with pop-ups from websites asking you to share your location or consent to notifications.

According to Chromium, the tool will use Google's "Permission Predictions Service" and Gemini Nano v2 to analyze users' previous responses to pop-ups and guess how they will respond to new ones. If you're likely to decline, the feature will block the annoying pop-up that appears in the middle of your screen and instead hide it away in a corner in case you need it later.

Read more
AMD’s Ryzen Z2 Go disappoints in early benchmark
The Lenovo Legion Go S sitting on a window.

A recent YouTube video has showcased the gaming capabilities of AMD's upcoming Ryzen Z2 Go chipset, designed for budget gaming handhelds. As part of the new Ryzen Z2 lineup, the Z2 Go’s capabilities were tested on a Lenovo Legion Go S and compared to last year’s Z1 Extreme powering the Asus ROG Ally X.

According to gaming performance data shared by FPS VN, the Z2 Go shows some limitations compared to the Z1 Extreme. In Black Myth: Wukong, it achieved 36 fps versus 40 fps at 15W, 30 fps versus 32 fps at 20W, and 60 fps versus 64 fps at 30W. In Cyberpunk 2077, the Z2 Go delivered 50 fps compared to 54 fps at 15W, 45 fps versus 47 fps at 20W, and 61 fps compared to 66 fps at 30W. Similarly, in Ghost of Tsushima, the Z2 Go hits 62 fps versus 66 fps at 15W, 48 fps versus 52 fps at 20W, and 62 fps versus 66 fps at 30W. Although the performance gap is minor, it remains consistent at around 7–10% across all tested games.

Read more
When you sign up for two years of Surfshark you’ll get 10GB of roaming data for free!
Surfshark displayed on multiple devices including a smartphone, tablet, and laptop screen.

Investing in a VPN for your Wi-Fi network is one of the best ways to mask your IP address from those looking to gain control of your personal data, device logins, and other sensitive info. Fortunately, there’s a new VPN-masking service born every day, but not all of these services offer are worth your hard-earned cash. Instead, you should focus on vetted and reliable platforms like Surfshark.

As luck would have it, Surfshark is even offering a promo for new customers: For a limited time, when you sign up for two years of Surfshark One or Surfshark One+, you’ll get 10GB of Saily eSIM roaming data for free. We tested Surfshark not long ago, and reviewer Alan Truly said: “Surfshark is a fast streaming VPN that let me connect an unlimited number of devices, making it a great choice to protect privacy and unblock worldwide streaming for the whole family.” We've also reviewed Surfshark's anti-virus protection suite.

Read more