Log4j Security Flaw Could Impact the Entire Internet; Attackers Switch to Injecting Monero Miners

upstart writes:

A critical flaw in widely used software has cybersecurity experts raising alarms and big companies racing to fix the issue.

[...] Jen Easterly, head of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), called it "one of the most serious flaws" seen in her career. In a statement on Saturday, Easterly said "a growing set" of hackers are activelyattempting to exploit the vulnerability.

[...] "It will take years to address this while attackers will be looking... on a daily basis [to exploit it]," said David Kennedy, CEO of cybersecurity firm TrustedSec. "This is a ticking time bomb for companies."

[...] "It's ubiquitous. Even if you're a developer who doesn't use Log4j directly, you might still be running the vulnerable code because one of the open source libraries you use depends on Log4j," Chris Eng, chief research officer at cybersecurity firm Veracode, told CNN Business. "This is the nature of software: It's turtles all the way down."

[...] It could [be] present in popular apps and websites, and hundreds of millions of devices around the world that access these services could be exposed to the vulnerability.

Read more of this story at SoylentNews.