ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Florida water treatment plant was involved in second security incident before poisoning attempt: report

    May 21, 2021

    A new study from Dragos has found that a water treatment plant in Oldsmar, Florida — where hackers attempted to poison the town’s water earlier this year — was also involved in another potential breach at the same time. A browser being used on the plant’s network was traced back to a “watering hole” attack that ...

  • Phorpiex malware botnet just won’t go away

    May 21, 2021

    The Phorpiex malware botnet has lurked around the internet for years and is used to deliver ransomware, spam email and more, but now Microsoft’s security team are taking a closer look at it. The botnet has been known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure ...

  • US insurance giant CNA Financial paid $40 million ransom to regain control of systems: report

    May 21, 2021

    One of the largest insurance companies in the United States, CNA Financial, reportedly agreed to a $40 million payment to restore access to its systems following a ransomware attack. According to Bloomberg, the $40 million payment — which is $10 million more than the highest attempted demand of $30 million in 2020, already double the highest ...

  • FBI: Conti Ransomware Attacks Impact Healthcare and First Responder Networks

    May 20, 2021

    The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. ...

  • Microsoft: Massive malware campaign delivers fake ransomware

    May 20, 2021

    A massive malware campaign pushed the Java-based STRRAT remote access trojan (RAT), known for its data theft capabilities and the ability to fake ransomware attacks. In a series of tweets, the Microsoft Security Intelligence team outlined how this “massive email campaign” spread the fake ransomware payloads using compromised email accounts. Read more… Source: Bleeping Computer  

  • Healthcare organizations in Ireland, New Zealand and Canada facing intrusions and ransomware attacks

    May 20, 2021

    Three healthcare institutions in Canada, Ireland and New Zealand are in the midst of security incidents this week, highlighting the perilous cybersecurity landscape within some of the world’s most important organizations. Ireland’s Department of Health was attacked twice in the last week, eventually shutting down their entire IT system after a ransomware attack last Thursday. The ...