A number of government departments have taken certain services offline as a preventive measure following the discovery of a software flaw which Defense Minister Anita Anand said “has the potential to be used by bad actors.”
Groups using the popular Apache Log4J system should “pay attention to this critical Internet vulnerability affecting organizations around the world,” Anand said in a statement.
“Given the critical nature of this vulnerability and the reports of active exploitation, we urge Canadian organizations of all types to follow the recommended guidelines,” she said, adding that any incidents should be reported to the Canadian Center. for cybersecurity, which is part of Communications. Security establishment.
The Canada Revenue Agency took some services offline as a precaution on Friday after learning of a global security vulnerability. He says there is no indication that his systems have been compromised or that there has been unauthorized access to taxpayer information.
Quebec closes nearly 4,000 government sites
Over the weekend, Quebec shut down nearly 4,000 government websites as a precaution, including those related to health, education and public administration.
Éric Caire, Quebec government’s digital transformation minister, said on Sunday that there was no indication that the government had been the victim of a successful cyberattack.
“As a precaution, some departments have taken their services offline while all potential vulnerabilities are assessed and mitigated,” Anand said.
“At this point, we have no indication that these vulnerabilities have been exploited on government servers. “
“People are jostling to patch”
The vulnerability – located in open source software used to run websites and other web services – has been described as one of the worst computer vulnerabilities discovered in years.
Unless fixed, it grants hackers access to force code, allowing them to steal valuable data and unleash malware.
“The internet is on fire right now,” Adam Meyers, senior vice president of intelligence at cybersecurity firm Crowdstrike, told The Associated Press.
“People are scrambling to patch,” he said, “and all kinds of people are scrambling to exploit it.”
“Travel aficionado. Twitter scholar. Writer. Extreme coffee guru. Evil pop culture fanatic.”