Colorado cybersecurity expert explains the Log4j bug that's led to 'tens of thousands' of attacks