Log4Shell Threat Eases, Still High-Risk

The Log4Shell logging component, embedded in hundreds of products from VMWare, Oracle, IBM, Cisco and many in-house enterprise applications, has yet to be implicated in a major breach. The sole exception was an attack on the Belgian Defense Ministry. Microsoft still rates Log4j vulnerabilities as a “high-risk situation” for companies globally and sees high potential for their expanded use. According to a security expert quoted in ZdNet, the worst outcome was averted because the digital and security communities took the threat seriously in a way that hasn’t been seen since the Y2K bug, and that made a crucial difference. However, the Cybersecurity and Infrastructure Security Agency warns that hackers might be waiting to use access gained through Log4Shell until alert levels fall.