"Three Out of Four Organizations Are Still Vulnerable to Log4Shell"

The Log4j or Log4Shell vulnerability first made headlines in December 2021, sending shockwaves through the cybersecurity community. According to new Tenable research based on data from more than 500 million tests, 72 percent of organizations are still vulnerable to Log4Shell as of October of this year. An analysis revealed that one in every ten assets was vulnerable to Log4Shell as of December 2021, including various servers, web applications, containers, and Internet of Things (IoT) devices. The data showed that by October 2022, 2.5 percent of assets were vulnerable. Despite this, nearly one-third (29 percent) of these assets had Log4Shell recurrences after full remediation. Full remediation is difficult to achieve for such a widespread vulnerability, and it is essential to remember that vulnerability remediation is not a "one and done" process, according to Bob Huber, CSO at Tenable. Although an organization may have been fully remediated at some point, they are likely to encounter Log4Shell repeatedly as they add new assets to their environments. Eradicating Log4Shell is a never-ending battle that requires organizations to constantly scan their environments for the flaw and other known vulnerabilities. Some industries have managed better than others, with engineering (45 percent), legal services (38 percent), financial services (35 percent), non-profit (33 percent), and government (30 percent) leading the pack in terms of the number of organizations fully remediated. About 28 percent of Certified Information Systems Auditor (CISA)-defined critical infrastructure organizations have completed full remediation. This article continues to discuss the long-lasting impact of the Log4Shell vulnerability on organizations. 

BetaNews reports "Three Out of Four Organizations Are Still Vulnerable to Log4Shell"