Feeds

US national vulnerability database hacked

Malware infection forces government vuln catalog offline

Choosing a cloud hosting partner with confidence

The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability.

The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two web servers, it emerged on Wednesday.

The Register received an anonymous tip-off about the infection on Wednesday afternoon, which led us to a Google+ post containing information from NIST.

"On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet," Gail Porter of NIST's public inquiries office told a concerned chief security officer in an email, according to the post.

"NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability."

There is no evidence that NIST web pages were used to serve malware, Porter wrote, and the organization is "continuing to respond to the incident."

So far, NIST is doing everything by the literal book, as section 4.3.4 of its own Guide to Malware Incident Prevention and Handling (PDF) says that if you do get infected by malware, "containing incidents by placing temporary restrictions on network connectivity can be very effective".

The Register has requested more information on the problem, but NIST had not responded at the time of filing. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.