A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- BazarCall: Call Centers Help Spread BazarLoader Malware
May 19, 2021
BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host. After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network. The threat actor behind BazarLoader uses different methods to distribute this malware to potential ...
- Hackers scan for vulnerable devices minutes after bug disclosure
May 19, 2021
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. The adversaries’ efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure. Read more… Source: Bleeping Computer
- Qlocker ransomware shuts down after extorting hundreds of QNAP users
May 19, 2021
The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. Starting on April 19th, QNAP NAS device owners worldwide suddenly discovered that their device’s files were replaced by password-protected 7-zip archives. Read more… Source: Bleeping Computer
- Stalkerware Apps Riddled with Security Bugs
May 18, 2021
Android stalkerware apps – used to surreptitiously track people’s movements and digital activities – turn out to themselves be rife with security holes that put victims in even danger. Stalkerware can track the GPS location of a victim’s device, record conversations, capture images and snoop on browser histories. And overall, according to ESET researcher Lukas Stefanko, ...
- Ireland: ‘Wizard Spider’ cybercrime gang claim Health Service Executive attack
May 18, 2021
Hackers known as Wizard Spider are spinning a web of chaos since it launched a ransomware attack on the Health Service Executive last week. The Russian hackers have claimed responsibility for the most serious ever cyberattack on Ireland’s critical infrastructure. The group, who are seeking ransom of up to €20 million in cryptocurrency, are not motivated by ...
- DarkSide Hits Toshiba; XSS Forum Bans Ransomware
May 17, 2021
For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business. Late on Thursday night came a post to the “Exploit” underground forum that looked, at least, to be from DarkSide. It described how the gang’s blog, payment processing and denial-of-service (DoS) servers ...

