NIST
The NVD, a repository of online vulnerability and security data for the United States, was hit by malware attacks detected Friday.

O irony! O me! O life! The National Institute of Standards and Technology’s National Vulnerability Database (NVD) has been hacked.

Get it?

The NVD is a repository of online vulnerability and security data for the United States. It was hit by malware attacks detected Friday that forced Standards and Tech to take two of its servers offline, making NVD’s public site, and several other properties, inaccessible, according to The Register.

In a letter sent to Finland-based security consultant Kim Halavakoski, and posted on his Google+ page, Standards and Technology’s Gail Porter explained the downtime:

“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet.  NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability...

“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites.”

As to the motivation behind the attack, The H Security posits, “ the NVD site could have made a valuable location for a watering hole attack because its visitors would be interested in security issues and are likely to work for organisations with systems containing valuable data.”

As of this writing, the NVD site is still down, as is the website for SCAP, the protocol for automated security data.

“The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services,” the announcement states, “and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.”

H/T The Register | Photo by NIST

Promoted Stories Powered by Sharethrough
News
Amtrak train smashes truck carrying a lifetime supply of bacon
An Amtrak train carrying 203 passengers collided on Friday afternoon with a truck hauling tens of thousands of pounds of bacon. There were no immediate reports of injuries.
News
U.S. Cyber Command creates 13 offensive teams to combat hackers
Though there's serious disagreement in Washington, D.C. over whether escalating hacks on U.S. networks count as war, here's one indicator: The U.S. military is creating 13 dedicated "cyber attack" squads to defend national security.
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!