Seventy-two percent of organizations continue to face challenges in completely remediating the critical Log4Shell flaw, tracked as CVE-2021-44228, which was identified last December, SecurityWeek reports.
While the rate of corporate assets vulnerable to Log4Shell dropped from 10% in December 2021 to only 2.5% in October, 29% of the vulnerable assets were found to have Log4Shell recurrence following total remediation, according to Tenable telemetry data.
The findings also showed that full Log4Shell remediation has increased by 14 percentage points among organizations around the world.
"Full remediation is very difficult to achieve for a vulnerability that is so pervasive and its important to keep in mind that vulnerability remediation is not a 'one and done' process," said Tenable Chief Security Officer Bob Huber, who added that while complete Log4Shell remediation was achieved by organizations at some point, the vulnerability has persisted due to the continued addition of new assets to their corporate environments.
Japanese multinational conglomerate Sony has begun an investigation into an alleged cyberattack, which was reported to have resulted in the exposure of 3.14 GB of data in hacking forums, amid the emergence of different attackers claiming to be behind the hack, according to BleepingComputer.
BleepingComputer reports that vulnerable Openfire messaging servers impacted by the already addressed high-severity authentication bypass flaw, tracked as CVE-2023-32315, are being subjected to ongoing attacks aimed at ransomware encryption and cryptominer distribution.
T-Mobile has denied being impacted by a cyberattack in April that compromised employee information after VX-Underground reported that it had been notified by threat actors of the attack, which occurred immediately after the telecommunications provider was breached in March, according to The Record, a news site by cybersecurity firm Recorded Future.