U.S. database on cyber-vulnerabilities is hacked

Ironically, the government site that catalogs vulnerability to malware is brought down by malware

Topics: Hacking, Malware, Cyber-attack, National Institute of Standards and Technology, ,

U.S. database on cyber-vulnerabilities is hacked (Credit: Shutterstock/ Kutlayev Dmitry)

A government database on computer vulnerability has a vulnerability problem of its own. According to reports Thursday, the National Vulnerability Database website — which includes databases of security checklists and security-related software flaws — was among sites taken down for two weeks after malware was discovered on their servers.

A number of other sites also belonging to the National Institute of Standards and Technology were also affected. The government agency released the following statement:

NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.

NIST was unsurprisingly pretty good at detecting the issue fast. As IT World noted, its National Vulnerability Database “is a comprehensive repository of information that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products …  The goal of the NVD is to help organizations and individuals better protect their computers against security threats.”

According to IT world, the irony of the hack has not been lost on security professionals:

Security professional Kim Halavakoski found the database was down when he went to the website to get some vulnerability information, he said in a Google+ post late Wednesday.

“Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!” he wrote.

Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 10
  • Close
  • Fullscreen
  • Thumbnails
    Michael Ohl/Museum fur Naturkunde

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Soul-Sucking Dementor Wasp

    Latin name: Ampulex dementor

    Truong Ngyuen

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    10,000th reptile species

    Latin name: Cyrtodactylus vilaphongi

    Jodi Rowley/Australian Museum

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Colour-changing thorny frogs

    Latin name: Gracixalus lumarius

    Judith L. Eger

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Long-fanged bat

    Latin name: Hypsugo dolichodon

    Neang Thy Moe/FFI

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Stealthy wolf snake

    Latin name: Lycodon zoosvictoriae

    Michael Janes

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Feathered coral

    Latin name: Ovabunda andamanensis

    Jerome Constant

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    World's second-longest insect

    Phryganistria heusii yentuensis

    Nantasak Pinkaew

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Slide 8

    Latin name: Sirindhornia spp

    Tim Johnson

    Soul-sucking 'dementor' wasps and 8 other crazy new species

    Slide 9

    Tylototriton shanorum

  • Recent Slide Shows

Comments

0 Comments

Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>