At the end of last week, Symantec researchers warned that spammers were leveraging an open redirect vulnerability on Vermont’s Department of Labor official website (labor.vermont.gov) to send malicious messages that contained links apparently pointing to a legitimate government site.
However, Department of Labor representatives are not rushing to address this issue. They have told
GovInfo Security that they’re in the process of replacing the old website with a new one, a move which will allegedly address the issue.
But the website will only be replaced in a few weeks, which gives the cybercriminals the opportunity to continue to abuse the security hole.
The Vermont Labor Commissioner Annie Noonan claims that no immediate action has been taken because the vulnerability doesn’t threaten the integrity of confidential or personal information.
"If there's a reason we need to pull it quicker, we can, but no one is advising that we have to do that," she said.