Hackers penetrate NIST software flaw database

The National Vulnerability Database, a site maintained by the National Institute of Standards and Technology, was infiltrated.

The agency found malware on two web servers. The site and a handful of other sites connected to the web servers were taken offline March 8 and now the malware infection appears to be contained. "Website vulnerabilities are the most commonly targeted bugs by cybercriminals. Sites are plagued with coding errors and attack toolkits have automated the process of finding them on the Internet and setting up attack platforms to spread malware to site visitors."

"Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST websites," an agency spokeswoman told UBM Tech. "NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems."