Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/14/2013
07:23 AM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

U.S. National Vulnerability Database Hacked

The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability

The U.S. National Vulnerability Database (NVD) was taken down by its administrators at the National Institute of Standards and Technology last Friday, March 8.

As of this morning, the site shows this message:

Site/Page Not Available

The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.

Kim Halavakoski, chief security officer at Crosskey Banking Solutions, broke the news on his Google+ page. After trying to retrieve some data from the site and finding it down, Halavakoski contacted the site administrators and received a note explaining the situation. The salient points:

  • On Friday, March 8, a NIST firewall detected suspicious activity and took measures to block traffic related to it.
  • The servers on which the activity was detected were taken down.
  • Malware was discovered on two NIST Web servers.
  • The malware was traced to a software vulnerability.
  • There is no evidence the NVD itself spread malware.
  • NIST has no further information on when the NVD will be back up.
The note was signed by Gail Porter of the NIST Public Inquiries Office.

In a subsequent post, Halavakoski noted that Netcraft data shows NIST had been running IIS 7.5 for years, but after the breach, it was listed as running Linux and Apache. Netcraft's "risk rating" for the site is 0/10.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: - @lseltzer @BYTE - Larry Seltzer BYTE - Larry Seltzer on LinkedIn BYTE - Larry Seltzer on Google+ View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
3/25/2013 | 2:10:54 PM
re: U.S. National Vulnerability Database Hacked




That is pretty disturbing
that this database got hacked. It did not state that any of the data was
compromised, was any?- Also do they have
any ideas on suspects or is anyone claiming responsibility? Is the site still
down and any updates on motives, or suspects?

Paul Sprague

InformationWeek Contributor
-

Larry Seltzer - UBM Tech
50%
50%
Larry Seltzer - UBM Tech,
User Rank: Apprentice
3/15/2013 | 11:31:39 AM
re: U.S. National Vulnerability Database Hacked
Yes, I forgot to mention that NIST was moved from the Department of Commerce to the Department of Irony.
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
3/15/2013 | 12:21:50 AM
re: U.S. National Vulnerability Database Hacked
Ah, nothing like a little security irony to start the day.

Drew Conry-Murray
Editor, Network Computing
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15037
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
CVE-2019-4323
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVE-2019-4324
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVE-2020-15036
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
CVE-2020-15577
PUBLISHED: 2020-07-07
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).