The U.S. government repository of standards based vulnerability management website National Vulnerability Database (NVD) was hacked by some unknown attacker last week.
The website of NVD (https://nvd.nist.gov/index.html) is down since Friday due to a malware infection on two web servers, discovered on Wednesday.
The main page of website reads,"The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available."
The main page of website reads,"The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available."
According to a post available on Google+ by Kim Halavakoski, who contacted NIST Public Inquiries Office to know about the issue,"On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability."
Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites, he added.
Team is working as quickly to online the website again as soon as possible.
Team is working as quickly to online the website again as soon as possible.