News Database Security

U.S. National Vulnerability Database Hacked

Larry Seltzer

See more from Larry

Connect directly with Larry: Bio | Contact

The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability

Larry Seltzer March 14, 2013

The U.S. National Vulnerability Database (NVD) was taken down by its administrators at the National Institute of Standards and Technology last Friday, March 8.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

As of this morning, the site shows this message:

Site/Page Not Available
The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.

Kim Halavakoski, chief security officer at Crosskey Banking Solutions, broke the news on his Google+ page. After trying to retrieve some data from the site and finding it down, Halavakoski contacted the site administrators and received a note explaining the situation. The salient points:

On Friday, March 8, a NIST firewall detected suspicious activity and took measures to block traffic related to it.
The servers on which the activity was detected were taken down.
Malware was discovered on two NIST Web servers.
The malware was traced to a software vulnerability.
There is no evidence the NVD itself spread malware.
NIST has no further information on when the NVD will be back up.

The note was signed by Gail Porter of the NIST Public Inquiries Office.

In a subsequent post, Halavakoski noted that Netcraft data shows NIST had been running IIS 7.5 for years, but after the breach, it was listed as running Linux and Apache. Netcraft's "risk rating" for the site is 0/10.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Larry Seltzer

See more from Larry

Connect directly with Larry: Bio | Contact

Dark Reading Discussions

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

Security Implications Of Big Data Strategies

To understand how to secure big data, you have to understand what it is - and what it isn't. As organizations set about building big data clusters, they're finding that many of the best practices for securing such clusters are the same used to secure any corporate data. However, there are some big differences as well. Here are some recommendations on how to alter your security strategy to accommodate big data - and when not to.
Building and Maintaining Database Access Control Provisions

Knotted and complex database access permissions are among the biggest threats to enterprise data security. In this Dark Reading report, we examine the problems associated with granting permissions to sensitive data, and recommend solutions that will help organizations thoughtfully and effectively grant privilege when and where it is needed - and only when and where it is needed.
A Guide to Database Activity Monitoring

Database activity monitoring, or DAM, is an effective compliance and security strategy. However, not every DAM system will work the same in every organization. Indeed, not every organization can even make use of every feature that DAM systems provide. In this report, we examine what DAM can and can't do, and recommend how to evaluate and implement the best system for your organization.

Other reports from the Database Security Tech Center:

Related Content

Sponsored by

Control And Protect Sensitive Information In The Era Of Big Data

This report outlines the future look of Forrester's solution for security and risk executives seeking to develop a holistic strategy to protect and manage sensitive data. In the never-ending race to stay ahead of the competition, companies are developing advanced capabilities to store, process, and analyze vast amounts of data from social networks, sensors, IT systems, and other sources to improve business intelligence and decisioning capabilities.
Understanding Holistic Database Security, 8 Steps to Successfully Securing Enterprise Data Sources

This paper discusses the 8 essential best practices that provide a holistic approach to safeguarding data and achieving compliance with a proactive and systematic approach to ensure that corporate databases, data warehouses, file shares and Hadoop-based big data environments are secure from breaches and unauthorized changes, while achieving compliance with key regulations such as SOX, PCI DSS, GLBA, HIPAA and data protection laws.
Database Activities You Should Be Monitoring, Gartner analyst

As data stores grow in scope and importance, the need to monitor activities - especially in RDBMSs becomes essential for meeting legal and regulatory compliance requirements. These databases store huge amounts of sensitive data, affecting both data security and system and data availability. Is the data safe? Who has access and what are they doing with that access?
Top 3 Myths about Big Data Security: Debunking common misconceptions about big data security ebook

Security for big data systems is not optional, it's imperative. This eBook addresses three myths of big data security: 1) Big data is a buzz word; existing security controls will suffice. 2) Big data deals with social media and sentiment analysis; this data is freely given up by individuals, waiving their security rights. 3) Big data equals Hadoop and Hadoop is used for internal analytics only.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Database Security

U.S. National Vulnerability Database Hacked

The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Follow Dark Reading

Dark Reading Reports

Security Implications Of Big Data Strategies

Building and Maintaining Database Access Control Provisions

A Guide to Database Activity Monitoring

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Database Security

U.S. National Vulnerability Database Hacked

The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue