BOSTON (AP) — Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.
The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure.
The affected software is small and often undocumented. Detected in a widely used utility called Log4j, the flaw lets internet-based attackers seize control of everything from industrial control systems to consumer electronics.