Where can I read more about this security issue?
You can read about the issue on Electrum's Github here:
Quote
The JSONRPC interface is currently completely unprotected, I believe it should be a priority to add at least some form of password protection.
no need to be complicated just use Electrum 304 which is fixed...
Less than a day later, a new version was released, and the developers stated that 3.0.4 didn't fully address the vulnerability. That's why my gut reaction to these disclosures is to shut everything down, make sure networks are completely disabled, and shelter in place.
My Electrum funds are all in forced-HODL mode right now. I'll see how things look in a week or two.
