SAN FRANCISCO (KGO) -- Security pros say it's one of the worst computer vulnerabilities they've ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.
The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it's so easily exploitable - and telling those with public-facing networks to put up firewalls if they can't be sure. The affected software is small and often undocumented.
RELATED: Major outage at Amazon disrupts businesses across the US including New York Times, Venmo, Disney+
Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a prodigious challenge; it is often hidden under layers of other software.
[Ads /]
The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw "one of the most serious I've seen in my entire career, if not the most serious" in a call Monday with state and local officials and partners in the private sector. Publicly disclosed last Thursday, it's catnip for cybercriminals and digital spies because it allows easy, password-free entry.
Chief Information Security Officer for Armis, Curtis Simpson, a Palo Alto-based cybersecurity management platform joined ABC7's "Getting Answers" to explain what we need to know about Log4j and how it's opened up a huge security threat to us all.
[Ads /]
Watch the full interview in the media player above.
The Associated Press contributed to this article.