US NIST's vulnerability database hacked

The agency says it pulled down two Web servers when malware was discovered

A U.S. government computer vulnerability database and several other websites at the National Institute of Standards and Technology have been down for nearly a week after workers there found malware on two Web servers.

NIST's National Vulnerability Database (NVD) website, which includes databases of security checklists, security-related software flaws and misconfigurations, is one of the sites affected, a NIST spokeswoman said in an email.

Last Friday, a NIST firewall "detected suspicious activity and took steps to block unusual traffic from reaching the Internet," said spokeswoman Gail Porter. "NIST began investigating the cause of the unusual activity and the servers were taken offline."

The National Vulnerability Database is a comprehensive repository of information that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products, Porter said. The goal of the NVD is to help organizations and individuals better protect their computers against security threats.

Many government agencies and private businesses use the database, she said.

NIST traced the malware on two servers to a software vulnerability, she said.

The agency does not see any evidence that the NIST websites "were used to deliver malware to users of these NIST Web sites," Porter added.

NIST will restore the servers as soon as possible, she added.

Security professional Kim Halavakoski found the database was down when he went to the website to get some vulnerability information, he said in a Google+ post late Wednesday.

"Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!" he wrote.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags governmentsecurityintrusionGovernment use of ITExploits / vulnerabilitiesU.S. National Institute of Standards and TechnologyGail PorterKim Halavakoski

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?