Business
Study: 30% of Log4Shell instances remain vulnerable
On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world and broke the internet.
As the third most used computer language, Java is practically ubiquitous, and its Log4j2 library is extremely popular, with an estimated 15 billion devices around the globe currently running Java. The worst part is that Log4j is hard to find and easy to exploit, which places hundreds of millions of Java-based applications, databases and devices at severe risk.
The full scope of risk presented by the vulnerability is unprecedented, spanning every type of organization across every industry. Due to the ease of the exploit combined with the difficulty in uncovering the vulnerability within your organization, Log4Shell is the proverbial needle in a haystack.
Cybersecurity and Infrastructure Security Agency director Jen Easterly noted that Log4Shell is the “most serious” vulnerability she has witnessed in her decades-long career. She urged business leaders not to delay remediation processes, noting that this vulnerability could take years to address. Remediating this vulnerability would not be a simple, one-and-done process, and multiple detection methods would be required.
Quick to patch, quicker to exploit
As many companies prepared to operate with skeleton IT staff in the last two weeks of 2021, hackers and attackers saw an opportunity. It didn’t take long for this critical Java vulnerability to be exploited in the wild. Nearly 1 million attack attempts were launched in just 72 hours following the vulnerability’s disclosure.
What’s worse, as part of an ongoing information-gathering operation, notorious Chinese hacking group APT41, which breached local government agencies in at least six U.S. states in the last 10 months, quickly leveraged Log4Shell as the primary vector to infiltrate at least two of the states’ computer systems.
-
Business7 days ago
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
-
Business6 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Entertainment6 days ago
Mark Zuckerberg has found a new sense of style. Why?
-
Business6 days ago
Humanoid robots are learning to fall well
-
Entertainment5 days ago
2024 summer TV preview: 33 TV shows to watch this summer
-
Business5 days ago
Google Gemini: Everything you need to know about the new generative AI platform
-
Entertainment4 days ago
‘Bridgerton’: Everything you need to remember before Season 3
-
Business5 days ago
Indian ride-hailing giant Ola cuts 180 jobs in profitability push