U.S. warns new software flaw leaves millions of computers vulnerable

Kevin Collier

December 15, 2021 at 5:46 PM·2 min read

The top U.S. cybersecurity agency is warning that a new, easy-to-exploit software vulnerability has likely led to hundreds of millions of computer hacks around the world.

The flaw is in Log4j, a snippet of open-source code widely used in internet applications around the world to help track users’ activity. Since Log4j is used in so many applications, and most modern organizations’ computer networks rely on a hodgepodge of different programs, there are scores of opportunities to exploit that flaw.

Image: Jen Easterly (Kevin Dietsch / Getty Images file)

In a call Monday with private companies and state cybersecurity officials, Jen Easterly, director of the Cybersecurity and Infrastructure Agency, said it's likely that many computer systems have already been compromised, according to a description of the call provided by an agency spokesperson.

While the vulnerability is unlikely to threaten the security of people's personal devices, it could be used to gain a foothold to hack practically any organization online that doesn't update the software.

Cybersecurity professionals around the world have scrambled in the past few days to fix the flaw, which first gained attention on Thursday after they discovered hackers using it to trick victims into mining small amounts of cryptocurrency for them and to hack private Minecraft servers.

There are not yet many public reports of crippling hacks stemming from the Log4j vulnerability. Still, security professionals spent much of the weekend frantically trying to find and fix every potential place it can be exploited, said Wesley McGrew, a cybersecurity fellow at MartinFederal, a federal contracting company.

“It’s a combination of a new vulnerability being simultaneously widespread and easy to exploit,” McGraw said.

The Netherlands National Cyber Security Centre has identified hundreds of common software applications that are vulnerable to the flaw if not updated, and a number that may be not have a patch yet available.

But on Tuesday night, John Hultquist, vice president of intelligence analysis at the cybersecurity company Mandiant, said that state-sponsored hackers in China and Iran have begun taking advantage of the flaw. Microsoft said in a blog post it has observed China, Iran, North Korea and Turkey exploiting it.

"The Iranian actors who we have associated with this vulnerability are particularly aggressive," Hultquist said in a statement.

The spokesperson for China's embassy in Washington, Liu Pengyu, said in an emailed statement that "China is a staunch defender of cybersecurity," adding that it was a Chinese cybersecurity researcher who first discovered the Log4j flaw.

Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
How rich homebuyers are avoiding high mortgage rates
Homebuyers with means are turning to an old strategy to get around a new crop of high mortgage rates: all-cash deals.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Tight end rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
Golf’s moment of truth is here, and the sport is badly flailing
Nonexistent negotiations and missed opportunities for reconciliation between the PGA Tour and LIV Golf have the sport stuck in place.
Yahoo Finance
Bud Light sales still falling as Modelo, Coors fight to keep their gains
The competition among beer giants is still brewing.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever
Caitlin Clark’s WNBA preseason debut went much like her senior year at Iowa. She hit a bunch of 3s and did so in front of a sold-out crowd.
Yahoo Finance
Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts
The average 30-year fixed mortgage rate edged back toward 7% this week but remains elevated, prompting housing experts to revise their forecasts for the rest of 2024.
Yahoo Sports
Please save 'Inside the NBA'
Appreciate 'Inside the NBA' while it's still here, because if this goes away, there may never be anything as good again.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.

News

Life

Entertainment

Finance

Sports

New on Yahoo

U.S. warns new software flaw leaves millions of computers vulnerable

Recommended Stories

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

How rich homebuyers are avoiding high mortgage rates

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Tight end rankings for fantasy football 2024

Golf’s moment of truth is here, and the sport is badly flailing

Bud Light sales still falling as Modelo, Coors fight to keep their gains

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

2024 Fantasy Football Mock Draft, 1.0

The best budgeting apps for 2024

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Please save 'Inside the NBA'

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from