Security News > 2024 > May > Log4Shell shows no sign of fading, spotted in 30% of CVE exploits
Organizations continue to run insecure protocols across their wide access networks, making it easier for cybercriminals to move across networks, according to a Cato Networks survey.
The Cato CTRL SASE Threat Report Q1 2024 provides insight into the security threats and their identifying network characteristics for all aggregate traffic-regardless of whether they emanate from or are destined for the internet or the WAN-and for all endpoints across sites, remote users, and cloud resources.
"As threat actors constantly introduce new tools, techniques, and procedures targeting organizations across all industries, cyber threat intelligence remains fragmented and isolated to point solutions," said Etay Maor, Chief Security Strategist at Cato Networks.
Once threat actors penetrate a network, they usually have less of a problem snooping critical data in transit across the network.
While zero-day threats earn much attention in the industry, threat actors often eschew the use of the latest vulnerabilities and instead exploit unpatched systems.
Three years after its discovery, Log4J remains one of the most used exploits and it was found across 30% of the outbound CVE exploitations observed.
News URL
https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) (source)
- PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) (source)
- PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) (source)