Three out of four organizations are still vulnerable to Log4Shell

No Comments
Security breach lock

The Log4j or Log4Shell vulnerability first hit the news in December 2021 sending ripples through the cybersecurity world. So you might be forgiven for thinking that it's safe to assume it's no longer a threat. However, one year on it seems that this is a vulnerability that keeps on being, well… vulnerable.

New research from Tenable, based on data collected from over 500 million tests, shows that 72 percent of organizations remain vulnerable to Log4Shell as of October this year.

Analysis of Tenable's telemetry found that one in 10 assets was vulnerable to Log4Shell as of December 2021, including a wide range of servers, web applications, containers and IoT devices. By October 2022 the data showed improvements, with 2.5 percent of assets vulnerable. Yet nearly one third (29 percent) of these assets had recurrences of Log4Shell after full remediation was achieved.

"Full remediation is very difficult to achieve for a vulnerability that is so pervasive and it's important to keep in mind that vulnerability remediation is not a ‘one and done’ process," says Bob Huber, chief security officer at Tenable. "While an organization may have been fully remediated at some point, as they've added new assets to their environments, they are likely to encounter Log4Shell again and again. Eradicating Log4Shell is an ongoing battle that calls for organizations to continually assess their environments for the flaw, as well as other known vulnerabilities."

Some industries have fared better than others, with engineering (45 percent), legal services (38 percent), financial services (35 percent), non-profit (33 percent) and government (30 percent) leading the pack with the most organizations fully remediated. Approximately 28 percent of CISA-defined critical infrastructure organizations have fully remediated too.

North American organizations are most likely to have fully remediated Log4j (28 percent), followed by Europe, Middle East and Africa (27 percent), Asia-Pacific (25 percent) and Latin America (21 percent). North America is also the top region for the percentage of organizations that have partially remediated (90 percent) compared to Europe, Middle East and Africa (85 percent), Asia-Pacific (85 percent), and Latin America (81 percent).

You can find out more about Tenable's research into Log4j on the company's site.

Image Credit: Sergey Nivens / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Plugable launches new premium cables

Election year gives rise to global supply chain cyberthreats

Surfshark finally launches VPN app for Apple TV

Over half of CISOs expect frozen or lower budgets in 2024

KLEVV unveils CRAS C925 Gen4 M.2 SSD for PC and PlayStation 5

Zoom rebrands as Zoom Workspace 6.0, an AI-powered update packed with new features

People prefer support from humans over AI when implementing CRM

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

60 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

15 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Install the KB5035942 update for Windows 11 to gain all of the Moment 5 features right now

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.