U.S. National Vulnerability Database Hacked

The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability

The
U.S. National Vulnerability Database (NVD)
was taken down by its administrators at the National Institute of Standards and Technology last Friday, March 8.
As of this morning, the site shows this message:

Site/Page Not Available
The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.
Kim Halavakoski, chief security officer at Crosskey Banking Solutions,
broke the news on his Google+ page
. After trying to retrieve some data from the site and finding it down, Halavakoski contacted the site administrators and received a note explaining the situation. The salient points:
On Friday, March 8, a NIST firewall detected suspicious activity and took measures to block traffic related to it.
The servers on which the activity was detected were taken down.
Malware was discovered on two NIST Web servers.
The malware was traced to a software vulnerability.
There is no evidence the NVD itself spread malware.
NIST has no further information on when the NVD will be back up.
The note was signed by Gail Porter of the NIST Public Inquiries Office.
In
a subsequent post
, Halavakoski noted that Netcraft data shows
NIST had been running IIS 7.5 for years, but after the breach, it was listed as running Linux and Apache. Netcrafts risk rating for the site is 0/10.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ Malware in DNS traffic? Watch for these signs. ◂ Discovered: 26/12/2024 Category: security	▸ Reputation.coms Security Breached, Passwords Reset ◂ Discovered: 26/12/2024 Category: security	▸ New threat: Cybercrime increasing in Latin America and the Caribbean. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
U.S. National Vulnerability Database Hacked