Articles about Log4Shell

Log4j lessons learned: A blueprint for zero-day defence

Two years ago, the zero-day vulnerability, known as Log4Shell unwrapped itself spoiling holiday celebrations for many across the globe leaving organizations scrambling for a fix before it could be exploited. 

The vulnerability was discovered in Log4j, a widely used logging tool used by millions of computers worldwide running online services.  Its profound impact on IT environments has called for a fundamental shift in how organizations think about their security strategies.

Continue reading

SSH is the service most targeted by cloud attackers

A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.

The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.

Continue reading

Known vulnerabilities pose the biggest threat

Known vulnerabilities for which patches have already been made available are the primary vehicle for cyberattacks, according to a report released today by Tenable.

The Tenable Research team analyzed cybersecurity events, vulnerabilities and trends throughout 2022, including 1,335 data breach incidents publicly disclosed between November 2021 and October 2022.

Continue reading

Number of vulnerable Log4j downloads remains high one year on

This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available.

Sonatype has produced a resource center to show the current state of the vulnerability, along with a tool to help businesses scan their open source code to see if it's affected.

Continue reading

Three out of four organizations are still vulnerable to Log4Shell

Security breach lock

The Log4j or Log4Shell vulnerability first hit the news in December 2021 sending ripples through the cybersecurity world. So you might be forgiven for thinking that it's safe to assume it's no longer a threat. However, one year on it seems that this is a vulnerability that keeps on being, well… vulnerable.

New research from Tenable, based on data collected from over 500 million tests, shows that 72 percent of organizations remain vulnerable to Log4Shell as of October this year.

Continue reading

Log4Shell still being exploited six months on

Six months after the Log4Shell vulnerability was made known, vulnerable instances remain accessible on the internet and people attempting to exploit them according to the latest Trustwave SpiderLabs Telemetry report.

Using data gathered from the Shodan device search engine, the report shows that as of June 9, 2022, 1,467 instances were vulnerable to Log4Shell. These vulnerable instances are from the Russian Federation, United States, and Germany with 266 (18 percent), 215 (15 percent), and 205 (15 percent) hosts, respectively.

Continue reading

Log4j and why it's not safe to relax yet [Q&A]

The Log4j vulnerability first hit the headlines in December last year. Since then we've heard less about it, but it hasn't gone away, like most vulnerabilities it has a long tail.

A recent report from the Cybersecurity Safety Review Board takes a comprehensive look at the vulnerability and what can be learned from it.

Continue reading

IT leaders say Log4Shell was a wake-up call for cloud security

Data cloud lock

The Log4Shell vulnerability proved to be one of the major cybersecurity events of last year and its repercussions continue to rumble on.

Research from network security platform Valtix shows 95 percent of IT leaders say Log4Shell was a wake up call for cloud security, changing it permanently, and 87 percent feel less confident about their cloud security now than they did before the incident.

Continue reading

What Log4Shell still means for the enterprise [Q&A]

Laptop security

When the Log4Shell vulnerability first appeared at the end of last year it sent a shockwave through the cybersecurity community.

But just because it's no longer in the headlines doesn't mean it's gone away. There's still a lot that enterprises can learn from the vulnerability and the response to it. We spoke to Maninder Singh, corporate vice president and global head of cybersecurity and GRC services at HCL Technologies, to find out more.

Continue reading

The challenges of vulnerability management [Q&A]

open digital lock

Recent vulnerabilities like Log4j have highlighted how difficult it can be to manage risks and ensure that software patches are kept up to date.

We spoke to Rob Gurzeev, CEO of attack surface management specialist CyCognito, to discuss the challenges involved and how to deal with them.

Continue reading

Log4j continues to be a problem for enterprises

It's now over three months since the Log4Shell vulnerability, affecting the Log4j logging framework, first appeared.

But new research from Randori shows that it's still giving headaches to enterprises and identifies the top 10 attackable targets.

Continue reading

Faster exploitation of vulnerabilities poses a major risk for businesses

The average time to known exploitation of vulnerabilities is 12 days, down from 42 days last year, according to the latest Rapid7 Annual Vulnerability Intelligence report.

Of 50 2021 vulnerabilities looked at in the report, 43 were exploited in the wild and 52 percent of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.

Continue reading

How enterprises responded to Log4Shell

When the Log4Shell vulnerability appeared in December last year the effects rippled across the cybersecurity world with potentially millions of devices affected.

A new study from Qualys takes a look at how enterprises responded to the vulnerability and how successful their remediation efforts were.

Continue reading

2021 holiday season saw a sharp increase in eCommerce bot attacks

The past holiday season saw an unusually high level of malicious bot activity in the retail and commerce industries according to new data from Akamai and RH-ISAC (Retail and Hospitality Information Sharing and Analysis Center).

Attacks included credential stuffing and account takeover (ATO) attacks unleashed by malicious bot operators, as well as Log4j exploitation attempts and web application firewall (WAF) assaults, all of which have been about bad actors setting their sights and pointing their tools at eCommerce players.

Continue reading

Open source tool helps in the fight against log4j vulnerability exploits

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Continue reading

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.