Lithuania Bans Kaspersky Lab Products on Critical Systems

It seems the U.S. government’s ban on Kaspersky Lab products is having echoes in other countries. The Lithuanian government also wants the company’s products removed from computers that control critical infrastructure.

At a meeting of the Lithuanian government Dec. 20, it was decided that Kaspersky Lab software was “a potential national security threat” and that managers of critical infrastructure in the energy, finance, transport and other sectors will be required to replace it “with safe equivalents.”

“We have to ensure cyber security of the state therefore it is a timely decision of the Government taken with regard to the assessment of threats and vulnerabilities,” Vice Minister of National Defence Edvinas Kerza said in a statement. “We have cooperated with other state institutions to find solutions and measures proportional to the estimated threat.”

Businesses and public sector organizations that are not forced to comply with the ban were advised to individually assess the risks that the antivirus software poses to their systems.

The Lithuanian National Cyber Security Centre will provide assistance and guidance to institutions affected by the order and will also have to report back to the government on the progress of the ban’s implementation.

Earlier this week Kaspersky Lab announced that it’s taking the U.S. government to court over a similar decision, claiming that the government’s action harmed its reputation and commercial operations without any evidence of wrongdoing.

DevOps Unbound Podcast

“The company did not undertake this action lightly, but maintains that DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive,” Kaspersky Lab said in an open letter.

The U.S. Department of Homeland Security issued a binding directive in September, ordering all departments and agencies of the federal government’s executive branch to prepare for the removal of Kaspersky Lab products from their systems within 90 days. The DHS cited concerns about the ties between Kaspersky officials and Russian intelligence and other government agencies.

A ban on Kaspersky software was also included in the Fiscal Year 2018 National Defense Authorization Act (NDAA), a bill that President Trump signed into law last week.

Kaspersky believes that it is the victim of geopolitical tensions and has repeatedly denied having inappropriate ties with any governments or intelligence agencies.

VMware Patches Remote Code Execution Flaw in Several Products

VMware has released security updates for its ESXi, Workstation and Fusion products in order to fix two remote code execution vulnerabilities in their VNC implementation.

VNC (Virtual Network Computing) is used in VMware products for remote management, remote access and automation. The company’s shared VNC code base has two vulnerabilities, discovered by researchers from Cisco’s Talos team, that could be exploited through authenticated sessions.

One flaw is a stack overflow and the other is a heap overflow. Both can be triggered with a specific set of VNC packets and can be exploited during an authenticated VNC session to achieve remote code execution in a virtual machine, VMware said in a security advisory.

For the flaws to be exploitable in ESXi, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the built-in firewall, the company said.

A separate local privilege escalation vulnerability was fixed in the vCenter Server Appliance (vCSA). The flaw was located in the showlog plugin and could allow a low privileged user of the appliance OS to gain root access.

A stored cross-site scripting (XSS) vulnerability was also fixed in the ESXi Host Client. The flaw could allow an attacker to inject rogue JavaScript code that would be executed when other users access the client.

Lucian Constantin

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at [email protected] or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 298 posts and counting.See all posts by lucian-constantin

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)