Security News > 2022 > April > Public interest in Log4Shell fades but attack surface remains
Although the public interest and focus of the infosec community have moved to newer vulnerabilities and exploits, Log4Shell continues to be a large-scale problem and a grave security risk.
The last time we touched the subject of Log4Shell exploitation was roughly two months ago when a Barracuda report highlighted that it was primarily botnets that leveraged it for DDoS and cryptocurrency mining.
A new report published today by Rezilion paints a dire picture, revealing a large attack surface across a wide range of software products.
There's a misconception that Log4Shell does not impact the older version branch, but this is not true.
In summary, companies don't know if they're using it, don't know which version they use, and don't know which versions are safe to use.
Four months after discovery and patching, Log4Shell is still present, so scan your environment, find which version you're using, and then develop an emergency upgrade plan.