Many businesses still exposed to hacking vulnerability discovered last year, cyber firm finds

A widespread cyber vulnerability overwhelming businesses and governments remains unresolved since its discovery last year.

Software security firm Rezilion said almost 60% of software packages affected by problems in the open-source logging platform, Log4J, were not patched four months after its discovery and the Biden administration is warning that hackers are continuing to exploit the flaw.

Rezilion said active exploitation attempts of the software’s vulnerability, Log4Shell, are ongoing and pointed to advanced persistent threats (APT) from China and Iran as among the cyberattackers who are using the flaw.

Yotam Perkal, Rezilion head of research, said his team is seeing a pattern of people not paying attention to the risks posed by the security flaw in the widely used computer code, despite warnings from the private and public sectors, including the Cybersecurity and Infrastructure Security Agency.