US vulnerability database offline after hack

ronjor · Mar 14, 2013

The National Vulnerability Database (NVD) at NIST, the National Institute of Standards and Technology, is currently offline after malware was discovered on two NIST web servers, according to a report in The Register. The NVD is a US Government repository of vulnerability information in SCAP format. The details of the infection come from a mail received by Kim Halavakoski, who had mailed NIST when he noticed the site was down.
Click to expand...

http://www.h-online.com/security/news/item/US-vulnerability-database-offline-after-hack-1822837.html

Dermot7 · Mar 14, 2013

The servers were compromised for at least two months before a firewall detected mysterious outbound traffic. The malware used vulnerabilities in Adobe ColdFusion, for which a patch is now available.
Click to expand...

http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/

ronjor · Mar 14, 2013

Adobe ColdFusion
Click to expand...

Thanks. Adobe ColdFusion is widely used on the web in important business applications.

CloneRanger · Mar 15, 2013

I wonder how much IT etc gear they have installed, & how much taxpayers $ it has ALL cost, NOT to be secure ? Oh & how many IT people @ ? $ too ?

2 months undetected

Heads should roll, but hey it's Only your tax $, so same old

If it wasn't true, it would be funny !

TheKid7 · Mar 15, 2013

NIST, US government's vulnerability database, brought down by ironic malware:

http://nakedsecurity.sophos.com/2013/03/15/nist-vulnerability-database-malware/

Log in or Sign up

US vulnerability database offline after hack

ronjor Global Moderator

Dermot7 Registered Member

ronjor Global Moderator

CloneRanger Registered Member

TheKid7 Registered Member

Log in or Sign up

US vulnerability database offline after hack

ronjor Global Moderator

Dermot7 Registered Member

ronjor Global Moderator

CloneRanger Registered Member

TheKid7 Registered Member

Useful Searches