A United States government repository of security issues and notifications, the National Vulnerability Database (NVD), has been taken down after a malware infection was discovered on two of its servers.
An email published overnight by BlackCat security researcher Kim Halavakoski on social network site Google+ from the National Institute of Standards and Technology (NIST) confirmed that NVD has been down since March 8.
'On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline," according to the email.
"Malware was discovered on two NIST Web servers and was then traced to a software vulnerability."
The email states there is no evidence that the NVD or other NIST pages "contained or were used to deliver malware to users" of the site.
A report by The Register attributes the infection to vulnerabilities in Adobe ColdFusion.
The servers were reportedly compromised before the vulnerability was known to Adobe early January this year, meaning the site may have been compromised since that date or before.
No time estimate for the restoration of the service was given. As of this morning, the NVD emained down with no explanation given by NIST for the outage.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
