In one of the most ironic news stories of the week, the U.S. National Institute of Standards and Technology (NIST) has taken its National Vulnerability Database (NVD) website offline because of a cyberattack. Hackers planted malware on two of the servers that run the site, which tracks known software vulnerabilities. Many developers and other IT pros rely on the NVD to keep them informed about security bugs in the products they use.
In the greatest irony of all, the NIST confirmed that the hackers were able to breach its defenses because of an unpatched software vulnerability.
Security expert Kim Halavakoski summed up the thoughts of many, writing, “Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!”