Insights Header image
Insights Header image
Insights Header image

Urgent Cybersecurity Alert Regarding Apache Log4j

December 13, 2021 Privacy and Cybersecurity Bulletin 1 read

Canada’s Minister of National Defence has issued a statement regarding a recently identified critical vulnerability in the Apache Log4j logging product. The threat has potential for exploitation by bad actors for use in cybersecurity attacks, including against sensitive information assets. Open-source reporting indicates that the critical vulnerability is actively being scanned for and exploited.

It is being reported that various Canadian public agencies are temporarily taking down online services as a preventative measure, including the CRA, Metrolinx and thousands of government websites in Quebec.

The Canadian Centre for Cybersecurity has released technical guidance about the issue and has called on all Canadian organizations to immediately follow recommended steps to protect themselves from the vulnerability. The suggested steps include:

  1. internally reviewing all potentially impacted applications;
  2. if possible, upgrading to Apache Log4j version 2.15, which addresses the vulnerability
  3. if upgrading is not immediately possible, applying workarounds suggested by Apache; and
  4. reviewing logs for signs of compromise.

Canada’s Minister of National Defence also directs organizations that depend on third-party service providers to engage them immediately to inquire about the actions they are taking.

If your organization uses Apache Log4j, please ensure that you are taking necessary steps to address the vulnerability noted above, including following the steps recommended by the Minister of National Defence and the Canadian Centre for Cybersecurity.

If you believe that your information systems have been exploited, we recommend that you contact your legal counsel immediately. Our team of privacy and cybersecurity lawyers at McMillan LLP are ready to assist to the extent you require any support.

by Mitch Koczerginski and Lyndsay Wasser

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2021

Insights (5 Posts)View More

Featured Insight

Capital Gains Confusion: The Reporting Conundrum for Investment Funds

Considerations when determining whether to complete T3 returns on the basis of the proposed capital gains tax changes that have yet to be enacted.

Read More
Jan 10, 2025
Featured Insight

Know What You Are Leasing: Case Comment on Augusta Studios Inc. v 8699011 Canada Inc., 2024 ONSC 1905

A case comment on carefully describing areas that are or are not intended to be leased, and when a landlord ought to know about a subtenancy.

Read More
Jan 9, 2025
Featured Insight

Beyond Borders: BC Court issues seminal ruling on the jurisdictional application of the Personal Information Protection Act

In Clearview v. OIPC, the BC Supreme Court provided clear guidance on the application of BC PIPA to foreign companies: the real and substantial connection test.

Read More
Jan 8, 2025
Featured Insight

Motor Vehicle Protection Products in Alberta: New Guidance on What Constitutes Insurance

Overview of Alberta insurance regulator bulletins released on December 23, 2024 on the treatment of vehicle protection products and what constitutes insurance.

Read More
Jan 7, 2025
Featured Insight

Sale of Light-duty Combustion Vehicles Prohibited in Québec Starting in 2035

The Québec government adopted final regulations in December to prohibit the sale of passenger and other light-duty combustion vehicles in the province in 2035.

Read More
Jan 4, 2025