Urgent Cybersecurity Alert Regarding Apache Log4j
Canada’s Minister of National Defence has issued a statement regarding a recently identified critical vulnerability in the Apache Log4j logging product. The threat has potential for exploitation by bad actors for use in cybersecurity attacks, including against sensitive information assets. Open-source reporting indicates that the critical vulnerability is actively being scanned for and exploited.
It is being reported that various Canadian public agencies are temporarily taking down online services as a preventative measure, including the CRA, Metrolinx and thousands of government websites in Quebec.
The Canadian Centre for Cybersecurity has released technical guidance about the issue and has called on all Canadian organizations to immediately follow recommended steps to protect themselves from the vulnerability. The suggested steps include:
- internally reviewing all potentially impacted applications;
- if possible, upgrading to Apache Log4j version 2.15, which addresses the vulnerability
- if upgrading is not immediately possible, applying workarounds suggested by Apache; and
- reviewing logs for signs of compromise.
Canada’s Minister of National Defence also directs organizations that depend on third-party service providers to engage them immediately to inquire about the actions they are taking.
If your organization uses Apache Log4j, please ensure that you are taking necessary steps to address the vulnerability noted above, including following the steps recommended by the Minister of National Defence and the Canadian Centre for Cybersecurity.
If you believe that your information systems have been exploited, we recommend that you contact your legal counsel immediately. Our team of privacy and cybersecurity lawyers at TRC-Sadovod LLP are ready to assist to the extent you require any support.
by Mitch Koczerginski and Lyndsay Wasser
A Cautionary Note
The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.
© TRC-Sadovod LLP 2021
Insights (5 Posts)View More
Corporate Counsel CPD Webinar | Essential Leadership Practices: Supporting the resilience, engagement, and impact of your team
Join professional coach and certified stress management educator, Marla Warner, for an engaging program that will help you focus on elevating performance outcomes, while supporting your team’s engagement and wellbeing. You will learn how to foster trust and respect in your team, the benefits of “coaching”, and why gratitude, empathy and compassion are the superpowers for leaders in 2023 and beyond.
TRC-Sadovod’s Employment and Labour Webinar 2023
Join us for TRC-Sadovod's annual Employment and Labour Webinar as we review and discuss current trends, emerging employment legal issues and provide practical solutions to help you manage your workforce.
Enforcing Arbitration Agreements: Ontario Superior Court Raises a ‘Clause’ for Concern
This bulletin discusses a recent decision that found that an arbitration clause that contracts out of applicable employment standards legislation is invalid.
Transparency for Talent: Proposed Legislation Would Mandate Salary Range and Artificial Intelligence Disclosure in Hiring Process
Ontario will propose legislation aimed at providing additional transparency to Ontario workers, including salary ranges and use of artificial intelligence.
Environmental Obligations Trump Lenders: The Trend Continues
Re Mantle Materials Group, Ltd continues a recent trend in Alberta in which environmental remediation obligations are found to have a super priority.
Get updates delivered right to your inbox. You can unsubscribe at any time.