Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

NIST – National Vulnerability Database website hacked

The news is curious as it is worrying, unknown hackers have violated the US government repository of standards based vulnerability management website, known as National Vulnerability Database (NVD), last week. The NVD website appears down since last Friday, fortunately while I’m writing is up again, the attackers have compromised at least two servers with a […]

NIST – National Vulnerability Database website hacked

The news is curious as it is worrying, unknown hackers have violated the US government repository of standards based vulnerability management website, known as National Vulnerability Database (NVD), last week.

The NVD website appears down since last Friday, fortunately while I’m writing is up again, the attackers have compromised at least two servers with a malware-based attack discovered on Wednesday.

NIST detected the malware presence on March 8th due observation of suspicious activity, two servers being taken offline, one machine ran the NVD web site meanwhile the other hosted a half-dozen other sites, including manufacturing.gov, E3.gov, greensuppliers.gov, emtoolbox.nist.gov, nsreserve.gov, and stonewall.nist.gov.

It’s curious that the site which should enable automation of vulnerability management, security measurement, and compliance was victim of attacks, let’s remind that NVD also provides information on software flaws, misconfigurations, and distribute impact metrics and security checklists.

 

NVD

 

In the days when the site was down the home page of website states,

“The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.”

Kim Halavakoski, Chief Security Officer at Crosskey Banking Solutions, in a blog post published on Google+ revealed that received the following information from NIST Public Inquiries Office:

“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.”

He also added that there isn’t evidence that NVD website was used to spread malware infecting its visitors, a schema that recently has been adopted in many cases adopting a technique known as Watering Hole, a methods to infect on large-scale the goers of legitimate web sites.

The attackers exploited a vulnerability in Adobe’s ColdFusion Web development software, according revelation NIST (National Institute of Standards and Technology) spokeswoman Gail Porter who declared that the malware was inserted before a patch Adobe Issued January 15.

The mission of the NVD is to help organizations, private companies and individuals to improve protection from cyber threats of their IT infrastructures, many government agencies and private businesses use the database, infecting the NVD with a malware hackers may infect an impressive amount of visitors.

The hack of the National Vulnerability Database (NVD) reinforces the conviction that US needs for a stronger effort to improve cyber security, the same conviction has been manifested by president Barack Obama in meetings Wednesday and Thursday with corporate leaders according Bloomberg post.

The improvement of cyber capabilities and mitigation of cyber attacks is possible only if private companies and governments will increase the collaboration and the US Government will reaffirm its commitment.

Pierluigi Paganini

(Security Affairs – Cyber security)