A critical security vulnerability affecting widely-used data center virtualization software (QEMU) has been discovered. The bug, dubbed as “Virtualized Environment Neglected Operations Manipulation” (VENOM), allows a hacker to compromise the security of host machines in a datacenter.
All Cloudways customers are informed that there are no security measures needed on our end. We are in constant contact with our hosting infrastructure providers.
As we continue to monitor the situation, here is the status of our providers with regards to Venom:
- DigitalOcean (DO): Being Patched. (The DO staff are busy in rolling out security updates. The patch will automatically be applied on DO servers inside Cloudways Platform.)
- Amazon Web Service: Officially confirmed to be Safe.
- Google Compute Engine: Officially confirmed to be Safe. (A Google representative informed Cloudways, “Google Cloud Platform was never vulnerable to this flaw. We do not use the vulnerable software.”)
Rest assured, Cloudways has taken this exploit very seriously. We will leave no stone unturned in ensuring the security of our customer’s servers. If you have any concerns or questions, do not hesitate to contact us.
Pere Hospital
Pere Hospital (CISSP & OSCP) is the CTO and co-founder of Cloudways Ltd. He has over two decades of experience in IT Security, Risk Analysis and Virtualization Technologies. You can follow Pere on Twitter at @phospital and read his blog at www.perehospital.cat