Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

NIST National Vulnerability Database down due to malware

Posted on 14.03.2013

U.S. National Institute of Standards and Technology's National Vulnerability Database is unavailable, and has been since they discovered malware on some of its servers last Friday.

"The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers," Gail Porter, Director of Public Affairs at NIST, replied to a inquiry by Kim Halavakoski.

"On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability. "Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites."

She also noted that they are continuing to respond to the incident and will restore these public-facing servers as quickly as possible, but couldn't give a definitive date.

"Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!" commented Halavakoski.