New Brunswick

N.B. government deactivates some online services amid 'global security threat'

The provincial government says it has temporarily deactivated some online services because of a new global online security threat.

Ottawa warns of 'critical' vulnerability, but no indication that any federal or N.B. services affected

The provincial government has temporarily deactivated some online services as a preventive measure. (Jonathan Hayward/Canadian Press)

The provincial government says it has temporarily deactivated some online services because a vulnerability in the Java library known as Log4j has created a new global online security threat.

The services were taken offline as "preventive measure," and there is no indication that any services have been affected, Finance and Treasury Department spokesperson Erika Jutras said in a news release Monday afternoon.

CBC News has requested information about which services have been deactivated, and for how long.

The provincial government became aware of the threat on Friday, Jutras said in the release, noting that "a large number of information technology applications and services worldwide" have been affected by the Log4j  threat.

Earlier Monday, federal Defence Minister Anita Anand said a number of federal departments had taken some services offline as a preventive measure following the discovery of a software flaw she said "has the potential to be used by bad actors."

Anand noted that groups using the popular Apache Log4j system should "pay attention to this critical internet vulnerability" affecting organizations worldwide, and she cited reports of "active exploitation." 

She urged Canadian organizations to report any incidents to the Canadian Centre for Cyber Security, part of the Communications Security Establishment.

The vulnerability — located in open-source software used to run websites and other web services — has been described as one of the worst discovered in years.

Unless it's patched, it grants hackers access to impose code, allowing them to steal data and unleash malware.

CRA took some services offline earlier

On Friday, the Canada Revenue Agency took some services offline as a precaution after it learned of a global security vulnerability.

There was no indication its systems have been compromised or of any unauthorized access to taxpayer information, the CRA said.

In New Brunswick, Jutras said there is likewise no indication of breaches. However, she said in Monday's release, some applications and services have been taken offline to apply corrective patches.

Government staff continue to follow developments closely and are working to assess and mitigate any risks to provincial government websites and applications, Jutras said. 

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?

now