14 DAY TRIAL // A recently formed group of hackers called Team Dig7tal RevolutioN, or Team Dig7tal, demonstrated the presence of vulnerabilities on websites that belong to NASA (careerlaunch.jpl.nasa.gov), the Vatican (vatican.va), Humboldt State University (humboldt.edu) and The Weather Channel (weather.com).
As the screenshot provided by the security experts demonstrates, a cross-site scripting (XSS) vulnerability that could be leveraged by cybercriminals to launch phishing attacks and other malicious operations affects The Weather Channel site.
The second image shows the presence of an XSS security hole on the main site of the Vatican and the third reveals a Local File Inclusion issue on the cencoos subdomain of humboldt.edu.
We couldn’t reproduce the flaw that affected the NASA site, which may mean that the issue has been addressed since it was discovered by the members of Team Dig7tal.
Sources tell us that the new crew is actually black hat, so we can expect them not only to report vulnerabilities, but also to cause some damage to unsecured websites.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1
