Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

NIST National Vulnerability Database Taken Offline Due to Malware Attack

A malware infection has led administrators at the National Institute of Standards and Technology to take the U.S. National Vulnerability Database (NVD) offline.

The NVD site currently bears the following message: “Site/Page Not Available. The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.”

A malware infection has led administrators at the National Institute of Standards and Technology to take the U.S. National Vulnerability Database (NVD) offline.

The NVD site currently bears the following message: “Site/Page Not Available. The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.”

When contacted by SecurityWeek, Gail Porter of NIST’s Public Inquiries office said in a statement that the NVD site and several other NIST-hosted Websites are unavailable due to the discovery of malware on two NIST Web servers.

“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet,” Porter said. “NIST began investigating the cause of the unusual activity and the servers were taken offline.”

Porter added that the malware discovered on the Web servers was traced to a software vulnerability, but did not note in the statement what the vulnerability was or what software was affected.

“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites,” Porter said. “NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.”

The organization is continuing to respond to the incident and will restore the servers as quickly as possible, Porter added.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.