A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- NICKEL targeting government organizations across Latin America and Europe
December 6, 2021
The Microsoft Threat Intelligence Center (MSTIC) has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016 and observed some common activity with other actors known in the security community as APT15, APT25, ...
- U.S. State Department phones hacked with Israeli company spyware
December 3, 2021
Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter. The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning ...
- Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
December 3, 2021
Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this vulnerability is exploited, it allows attackers to map URLs to files outside the directories configured by Alias-like directives. Under certain configurations where Common ...
- Indicators of Compromise Associated with Cuba Ransomware
December 2, 2021
The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors. Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers, such as ...
- Colorado energy company loses 25 years of data after cyberattack while still rebuilding network
December 2, 2021
Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its ...
- Hackers are turning to RTF template injections technique to install malware on PCs
December 2, 2021
Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments. Cybersecurity researchers at Proofpoint say advanced persistent threat (APT) groups working on behalf of Russian, Chinese and Indian interests are using rich text format (RTF) template injections. While the ...

