The National Institute of Standards In Technology (NIST) followed standard protocol when it brought the site and related websites offline after detecting suspicious traffic attempting to communicate to remote servers. The agency found malware on two web servers, which was then traced to a software vulnerability, according to Gail Porter, director of the NIST public affairs office. The site and a handful of other sites connected to the web servers were taken offline March 8.
Porter announced the return of the NVD site in addition to the National Checklist Repository website, which was also brought back online Friday. "We are still working to restore other sites associated with the NVD as quickly as possible," Porter said.
[Related: 5 Dangerous Web Application Flaws Coveted By Attackers ]
Porter did not comment on the nature of the vulnerability that was targeted in the successful attack last week. The sites were not set up as attack platforms, she said, adding that the malware infection appears to be contained.
"NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems," Porter told CRN. "We regret the impact this has had on our services."
Website vulnerabilities are the most commonly targeted bugs by cybercriminals. Sites are plagued with coding errors and attack toolkits have automated the process of finding them on the Internet and setting up attack platforms to spread malware to site visitors.
Cross-site scripting and SQL injection errors continue to be the most prevalent and highly targeted web application vulnerabilities, according to a new report issued by Campbell, Calif.-based web security vendor Cenzic. Website content management systems and their components also harbor many vulnerabilities and often lack the latest patches, making them easy targets of attack.
PUBLISHED MARCH 15, 2013
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Cloud Learning Center

EPOS
EPOS

Fujifilm
Fujifilm

Application Integration 360

Mimecast
Mimecast

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Storage Learning Center

Carbonite
Cloud Storage 360

Webroot
Webroot Learning Center

BlackBerry
BlackBerry Learning Center

NPD
Industry Trends 360

Symantec
Symantec Business Security Learning Center

Channel Chief Showcase

Acer
Remote Workforce 360

Sherweb
Sherweb

APC by Schneider Electric
Digital Services for Edge Learning Center

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
