Google Cloud offers good news and bad news on Log4Shell, other issues

Written by
Feb 15, 2022 | CYBERSCOOP

Google Cloud is seeing 400,000 scans per day for systems vulnerable to the Log4Shell bug, the company said Tuesday.

The findings — released as part of the company’s semi-regular Threat Horizons report — show that IT security professionals need to “keep paying attention to this, because the scans keep coming, and if you leave one vulnerable instance open, you’re going to be found,” Phil Venables, the chief information security officer at Google Cloud, told CyberScoop.

That said, the companies interacting with Google Cloud have “been very much on top of this,” according to Venables. The warning comes as a reminder, however, to security professionals to keep doing the work of finding the devices and software vulnerable to the Log4Shell bug, which affects versions of the widely used Log4j logging software that haven’t been patched since early December.

Shane Huntley, the head of Google’s Threat Analysis Group, said that the daily scan numbers are not a direct measure of the threat. Rather, “it is now just background that if you are vulnerable to this on the internet you could be compromised,” he said. “You need to be aware that this is

Read More: https://www.cyberscoop.com/google-cloud-log4shell-log4j-threat-horizons/