N.B. government deactivates some online services amid 'global security threat'
Ottawa warns of 'critical' vulnerability, but no indication that any federal or N.B. services affected
The provincial government says it has temporarily deactivated some online services because a vulnerability in the Java library known as Log4j has created a new global online security threat.
The services were taken offline as "preventive measure," and there is no indication that any services have been affected, Finance and Treasury Department spokesperson Erika Jutras said in a news release Monday afternoon.
CBC News has requested information about which services have been deactivated, and for how long.
The provincial government became aware of the threat on Friday, Jutras said in the release, noting that "a large number of information technology applications and services worldwide" have been affected by the Log4j threat.
Earlier Monday, federal Defence Minister Anita Anand said a number of federal departments had taken some services offline as a preventive measure following the discovery of a software flaw she said "has the potential to be used by bad actors."
Anand noted that groups using the popular Apache Log4j system should "pay attention to this critical internet vulnerability" affecting organizations worldwide, and she cited reports of "active exploitation."
She urged Canadian organizations to report any incidents to the Canadian Centre for Cyber Security, part of the Communications Security Establishment.
The vulnerability — located in open-source software used to run websites and other web services — has been described as one of the worst discovered in years.
Unless it's patched, it grants hackers access to impose code, allowing them to steal data and unleash malware.
CRA took some services offline earlier
On Friday, the Canada Revenue Agency took some services offline as a precaution after it learned of a global security vulnerability.
There was no indication its systems have been compromised or of any unauthorized access to taxpayer information, the CRA said.
In New Brunswick, Jutras said there is likewise no indication of breaches. However, she said in Monday's release, some applications and services have been taken offline to apply corrective patches.
Government staff continue to follow developments closely and are working to assess and mitigate any risks to provincial government websites and applications, Jutras said.