"Log4Shell Still Being Exploited Six Months On"

According to the latest Trustwave SpiderLabs Telemetry report, six months after the Log4Shell vulnerability was disclosed, vulnerable instances are still accessible on the Internet, with threat actors still trying to exploit them. The report reveals that 1,467 instances were vulnerable to Log4Shell as of June 9, 2022, based on data from the Shodan device search engine. These vulnerable instances come from the Russian Federation (266 hosts), the US (215 hosts), and Germany (205 hosts). However, the report shows that businesses are more likely than they were the previous year to patch their systems on time, as some of the high severity vulnerabilities selected for this report only affected less than 10 percent of the sampled hosts from Shodan. The number of critical vulnerabilities is up by 5 percent from last year's 13 percent, and 2022 is predicted to have more CVEs than the previous year. The authors of the report conclude that threat actors constantly search the Internet for companies with lagging or out-of-date patching practices. Therefore, it is essential to take a proactive approach when identifying vulnerabilities. It is important to know which new and old vulnerabilities should be of concern and to take action when it is appropriate. As more significant vulnerabilities become known to the public, as seen in this report, an increasing number of organizations are becoming involved in safeguarding their assets. This article continues to discuss key findings from the Trustwave SpiderLabs Telemetry report.

BetaNews reports "Log4Shell Still Being Exploited Six Months On"