Papa News
    No Result
    View All Result
    No Result
    View All Result
    Papa News
    No Result
    View All Result

    Log4j could still be a major security worry for businesses everywhere

    kitsiosgeo by kitsiosgeo
    December 8, 2023
    in Technology
    0
    Log4j could still be a major security worry for businesses everywhere

    [ad_1]

    Even though it was discovered and patched two years ago, the Log4j vulnerability still poses a major threat to businesses everywhere, new research has claimed.

    A report by Veracode has argued businesses simply aren’t diligent enough when it comes to patching their endpoints, having analyzed data from software scans over 90 days between August 15 and November 15, 2023, for 38,278 unique applications running Log4j versions 1.1 through 3.00-alpha 1, across 3,866 organizations.

    The data showed that almost two in five (38%) of applications are currently running vulnerable versions of Log4j: 2.8% run Log4j with the Log4Shell vulnerabilities (Log4j2 2.0-beta9 through 2.15.0), 3.8% are running Log4j2 2.17.0, which is patched against the Log4Shell vulnerability but contains CVE-2021-44832, and 32% are using Log4j2 1.2.x, a version that reached end-of-life in August 2015 and therefore is no longer supported with patches. Almost two years ago, in January 2022, Apache said this version contained three critical vulnerabilities: CVE-2022-23307, CVE-2022-23305, and CVE-2022-23302.

    “Massive effort”

    While the data suggests a “massive effort” to fix the Log4Shell vulnerability and mitigate the risks of malware abusing the zero-day, there is still plenty of room for improvement, even two years after the discovery, Veracode concluded. 

    “If Log4Shell was another example in a long series of wake-up calls to adopt more stringent open-source security practices, the fact that more than 1 in 3 applications currently run vulnerable versions of Log4j shows there is more work to do.” 

    Veracode’s researchers concluded that many organizations probably aren’t even aware of the amount of risk they’re exposed to when integrating open-source software. 

    A separate report by the same firm found that almost 80% of the time developers never update third-party libraries after including them in a code base, which could explain why there are so many instances of outdated Log4j code still in use. 

    More from TechRadar Pro

    [ad_2]

    Source link

    Tags: businessesLog4jMajorSecurityworry
    Previous Post

    A spotlight night for Publicis Groupe, with Ogilvy and Leo Burnett battling it out for the top awards at AOY 2023 | Analysis | Campaign Asia

    Next Post

    Matthew McConaughey’s Reacts to Heartwarming Tribute From 15-Year-Old Son Levi – E! Online

    Next Post
    Matthew McConaughey’s Reacts to Heartwarming Tribute From 15-Year-Old Son Levi – E! Online

    Matthew McConaughey's Reacts to Heartwarming Tribute From 15-Year-Old Son Levi - E! Online

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    CATEGORIES

    • Africa
    • Asia Pacific
    • Australia
    • Business
    • Canada
    • Cryptocurrency
    • Economy
    • Entertainment
    • Europe
    • Gossips
    • Health
    • India
    • Lifestyle
    • Middle East
    • New Zealand
    • Politics
    • Sports
    • Technology
    • Travel
    • UK
    • USA

    LATEST UPDATES

    • How To Apply For A Visa For Armenia
    • Starmer pushed on EU youth mobility as Tory leadership rivals make final pitch – live
    • Aamir Khan offers condolences after ex-wife Reena Dutta’s father passes away

        © 2026 JNews - Premium WordPress news & magazine theme by Jegtheme.

        No Result
        View All Result

            © 2026 JNews - Premium WordPress news & magazine theme by Jegtheme.