FTC warns companies to remediate Log4j security vulnerability

A serious vulnerability in the ubiquitous Java logging package Log4j threatens millions of consumer and enterprise products, and is already being exploited by attackers. Companies are urged to mitigate the risk and avoid FTC legal action, following the costly Equifax breach. Firms should check their use of Log4j, update the software, mitigate vulnerabilities, and inform subsidiaries and partners. This Log4j issue points to wider structural issues in open-source services often maintained by volunteers.