Germany: ‘Critical’ cybersecurity flaw already exploited
BERLIN (AP) — Germany has activated its national IT crisis center in response to an “extremely critical” flaw in a widely used software tool that the government says has already been exploited internationally.
A spokesman for Germany’s Interior Ministry said the country’s federal IT safety agency is urging users to patch their systems as quickly as possible to fend off possible attacks using a bug in the Log4J tool.
“The threat situation is extremely critical,” the spokesman, Steve Alter, told reporters in Berlin. “Immediate protective measures are required.”
German authorities have recorded efforts to exploit the bug around the world, including successful attempts, he said, without elaborating. So far no successful attacks against German government entities or networks have been confirmed, though a number have been deemed vulnerable, said Alter.
Germany is in contact with “numerous national and international partners” on the matter, he said.
The flaw is considered so serious because the affected software is used in a wide range of devices that use Java software.
“A successful exploit of this weakness would mean that someone could take complete control of the affected system,” said Alter.