May has been at least as rich on cybersecurity incidents and events as any of the previous months of the year. Some of the more important are described in the following text.
The VENOM (Virtual Environment Neglected Operations Manipulation) vulnerability may be considered to be a very significant one. VENOM is a vulnerability in the code of a virtual floppy drive which is used by some of the virtualization platforms (QEMU, KVM, Xen). It enables the attacker to access underlying hypervisor from a virtualized OS using a buffer overflow attack. Since the vulnerability is non OS specific its impact is fairly high.
A mention should also be made of another of the TLS/SSL protocol implementation vulnerabilities, the so-called Logjam. Using Logjam, a downgrade of encryption is possible in man in the middle attacks on connections which use Diffie Hellman key exchange algorithm and support its export version.
Finally, it is noteworthy that the government has ratified an Action plan for National Cyber Security Strategy 2015 – 2020. Further information (in Czech) may be found here.