Above 30% Apps at Risk with Vulnerable Log4j Versions

An alarming 38% of applications that use the Apache Log4j library use the versions susceptible to security vulnerabilities.
One of them is a critical vulnerability, Log4Shell, for which patches have been available for over two years.
Log4Shell is an unauthenticated remote code execution flaw that allows threat actors to gain complete control over systems running Log4j versions 2.0-beta9 and up to 2.15.0.
This vulnerability was identified as a zero-day exploit in December 2021 and has since been actively exploited, highlighting the urgency of immediate patching due to the widespread impact.
In a detailed analysis, Veracode examined 38,278 applications from 3,886 businesses between August 15 and November 15.
Remarkably, the results showed that around 38% of these applications continued to use unpatched Log4j versions, leaving a substantial portion of the digital landscape to potential threats.
Out of which, 2.8% use Log4J versions that are susceptible to Log4Shell.
One typical problem developers encounter is the persistence of out-of-date library versions.
A startling 79% of developers decide against updating third-party libraries after they are first incorporated into the code base out of concern that functionality may be affected.
Remarkably, 65% of updates for open-source libraries include small adjustments and fixes that are unlikely to interfere with functionality, highlighting a lost chance to improve security.
The security industry might had hoped that the Log4Shell discovery would serve as a wake-up call, but it does not seem to have done so.
The fact that Log4j, which is well-known for its vulnerabilities, is still a risk in 1 out of 5 cases shows that the urgency of Log4Shell has not resulted in the expected paradigm shift in security practices.
These findings make it very clear for organizations what they must do: a thorough assessment of their environment to identify open-source library versions.
The next step is to create an emergency upgrade plan, ensuring that updates and patches are applied quickly in order to eliminate vulnerabilities and strengthen defenses against any attacks.
As the Log4j vulnerabilities continues to linger within the digital ecosystem, organizations must acknowledge the persistent threat it poses and take proactive measures to secure their applications.
By staying vigilant, implementing timely updates, and embracing a proactive security stance, businesses can navigate the complex cybersecurity landscape with confidence, mitigating the risks associated with Log4Shell and other similar vulnerabilities.
The sources for this article include a story from BleepingComputer.
The post Above 30% Apps at Risk with Vulnerable Log4j Versions appeared first on TuxCare.
This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina.


This Cyber News was published on securityboulevard.com. Publication date: Wed, 27 Dec 2023 16:43:21 +0000


Cyber News related to Above 30% Apps at Risk with Vulnerable Log4j Versions

Over 30% of Log4J apps use a vulnerable version of the library - Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being ...
10 months ago Bleepingcomputer.com
Above 30% Apps at Risk with Vulnerable Log4j Versions - An alarming 38% of applications that use the Apache Log4j library use the versions susceptible to security vulnerabilities. One of them is a critical vulnerability, Log4Shell, for which patches have been available for over two years. Log4Shell is an ...
10 months ago Securityboulevard.com
One in four apps remain exposed to Log4Shell The Register - Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation. Research from security shop Veracode ...
10 months ago Go.theregister.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
9 months ago Techtarget.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
10 months ago Cyberdefensemagazine.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
9 months ago Darkreading.com
The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace - This practice, which is unfortunately still widespread in an environment of relentless cyberattacks, is fraught with major cyber and financial risk. Unsecure messaging apps are a gateway for cybercriminals to access, expose and exploit an ...
9 months ago Cyberdefensemagazine.com
CVE-2018-0049 - A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. ...
2 years ago
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
Lazarus Hackers Exploit 2-Year-Old Log4j Vulnerability to Deploy New RAT Malware - Researchers warn Lazarus threat actors still exploit known Log4j vulnerability to infect devices with new DLang malware strains. The new campaign, dubbed Operation Blacksmith, became active on March 23. Hackers target manufacturing, agricultural, and ...
10 months ago Heimdalsecurity.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
9 months ago Helpnetsecurity.com
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
10 months ago Cysecurity.news
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
10 months ago Securityboulevard.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
9 months ago Cyberdefensemagazine.com
The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
6 months ago Securityboulevard.com
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
10 months ago Heimdalsecurity.com
Halting Hackers on the Holidays 2023 Part II: The Apps You Trust - Most free flashlight apps are creepware - also known as malware that spies on you and your online behavior and could pass along information to others. The problem doesn't begin and end with flashlight apps, though. Many seemingly innocuous apps that ...
10 months ago Cyberdefensemagazine.com
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
9 months ago Darkreading.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
9 months ago Securityzap.com
CVE-2021-42017 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
Two-Fifths of Log4j Apps Use Vulnerable Versions - Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor analyzed data from software scans over 90 days ...
10 months ago Infosecurity-magazine.com
CVE-2021-42016 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
How to Do a Risk Analysis Service in a Software Project - Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A ...
11 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)