Digital Brain
digital brain
digital brain

Urgent Cybersecurity Alert Regarding Apache Log4j

December 13, 2021 Privacy and Cybersecurity Bulletin 1 read

Canada’s Minister of National Defence has issued a statement regarding a recently identified critical vulnerability in the Apache Log4j logging product. The threat has potential for exploitation by bad actors for use in cybersecurity attacks, including against sensitive information assets. Open-source reporting indicates that the critical vulnerability is actively being scanned for and exploited.

It is being reported that various Canadian public agencies are temporarily taking down online services as a preventative measure, including the CRA, Metrolinx and thousands of government websites in Quebec.

The Canadian Centre for Cybersecurity has released technical guidance about the issue and has called on all Canadian organizations to immediately follow recommended steps to protect themselves from the vulnerability. The suggested steps include:

  1. internally reviewing all potentially impacted applications;
  2. if possible, upgrading to Apache Log4j version 2.15, which addresses the vulnerability
  3. if upgrading is not immediately possible, applying workarounds suggested by Apache; and
  4. reviewing logs for signs of compromise.

Canada’s Minister of National Defence also directs organizations that depend on third-party service providers to engage them immediately to inquire about the actions they are taking.

If your organization uses Apache Log4j, please ensure that you are taking necessary steps to address the vulnerability noted above, including following the steps recommended by the Minister of National Defence and the Canadian Centre for Cybersecurity.

If you believe that your information systems have been exploited, we recommend that you contact your legal counsel immediately. Our team of privacy and cybersecurity lawyers at McMillan LLP are ready to assist to the extent you require any support.

by Mitch Koczerginski and Lyndsay Wasser

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2021

Insights (5 Posts)

Featured Insight

Display of Trademark on Stickers Affixed to Goods Constitutes Trademark Use

Displaying a retailer’s trademark on stickers affixed to goods already branded with a third party’s mark constitutes "use" of a trademark in Canada.

Read More
Jan 31, 2023
Featured Insight

Term CORRA Officially Under Development

1- and 3- month Term CORRA under development; targeted publication date is at end of Q3 2023; Term CORRA administrator will be CanDeal Innovations Inc.

Read More
Jan 30, 2023
Featured Insight

The State of Play in Shareholder Activism: Issues, Concerns and Trends

Join us for a series of engaging discussions on shareholder activism in Canada. Industry experts will share valuable insights into regulatory and market issues, concerns and trends.

Details
Tuesday, February 28, 2023
Featured Insight

CSA Publishes Results of Continuous Disclosure Review Program Activities

CSA Staff Notice 51-364 - Continuous Disclosure Review Program Activities for fiscal years ended March 31, 2022 and March 31, 2021.

Read More
Jan 26, 2023
Featured Insight

Canadian Securities Administrators Comment on Disclosure Related to Mineral Projects and Technical Reports

On November 3, 2022, the Canadian Securities Administrators published Staff Notice 51-364 Continuous Disclosure Review Program Activities for 2022 and 2021.

Read More
Jan 24, 2023