Verizon Confirms Breach Affecting Business Customers

Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal.  Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”  Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks. 

New Flaw Discovered – LogJam

Massive ‘Logjam’ Flaw Discovered

20-year-old flaw in TLS discovered.  TLS protects data during transmission over the Internet from eavesdropping. This includes websites, mail servers and VPNs.

Anyone hosting a web server or mail server “should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group”. Make sure your vendors are aware and taking appropriate action. You can test your server here. Everyone should apply appropriate patches to their web browsers.

Zero-Day Vulnerability: Venom

VENOM Zero-Day May Affect Thousands of Cloud, Virtualization Products
Bigger than Heartbleed, ‘Venom’ security vulnerability threatens most datacenters

New zero-day vulnerability has been identified today.  Attackers can exploit the vulnerability that exists in the open-source QEMU hypervisor. By doing so they can break out of the affected virtual machine and have access to the physical server and the other virtual machines.  QEMU is utilized in some capacity in other more widely used virtualization products such as Xen, KVM (kernel-based virtual machine) and Oracle VM VirtualBox.  Venom will be extremely detrimental for data centers.
Not affected: VMware, Microsoft Hyper-V, and Bochs hypervisors.