National Vulnerability Database gets hacked
O irony! O me! O life! The National Institute of Standards and Technology’s National Vulnerability Database (NVD) has been hacked.
The NVD is a repository of online vulnerability and security data for the United States. It was hit by malware attacks detected Friday that forced Standards and Tech to take two of its servers offline, making NVD’s public site, and several other properties, inaccessible, according to The Register.
In a letter sent to Finland-based security consultant Kim Halavakoski, and posted on his Google+ page, Standards and Technology’s Gail Porter explained the downtime:
“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability...
“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites.”
As to the motivation behind the attack, The H Security posits, “ the NVD site could have made a valuable location for a watering hole attack because its visitors would be interested in security issues and are likely to work for organisations with systems containing valuable data.”
“The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services,” the announcement states, “and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.”
Rick Astley's 'Uptown Funk' cover is better than a rickroll
We're glad we never gave up Astley.10k
Confederate flag parade goes beautifully wrong
They earned it.9.6k
Texas' attorney general says county clerks can refuse to marry gay couples
Texas' top law-enforcement official isn't giving up.6.7k
Hackers target federal employees with phishing emails after OPM breach
If you're a federal employee, the aftermath of the OPM breach is only getting worse.
The true story of Ann Pragg, the esports writer who never existed
Ann Pragg was a rising star. Ann Pragg was a special esports talent. Ann Pragg wasn't real.687