A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- Ryuk Ransomware: Now with Worming Self-Propagation
March 2, 2021
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then ...
- Fast Flux 101: How Cybercriminals Improve the Resilience of Their Infrastructure to Evade Detection and Law Enforcement Takedowns
March 2, 2021
Fast flux is a technique used by cybercriminals to increase their infrastructure’s resilience by making law enforcement takedown of their servers and blocklisting of their IP addresses harder. It is critical for these cybercriminals to maintain their networks’ uptime to avoid losses to their revenue streams, including phishing and scam campaigns, botnet rental and illegal ...
- Emotet One Month After the Takedown
March 2, 2021
2021 got off to a fantastic start for the cybersecurity community with the news that the infamous botnet Emotet had been brought down in a coordinated global operation, “Operation Ladybird.” As the first security vendor to detect and profile the Trojan all the way back in 2014, we’re particularly delighted to be seeing the back of ...
- Working Windows and Linux Spectre exploits found on VirusTotal
March 1, 2021
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. The vulnerability was unveiled as a hardware bug in January 2018 by Google Project Zero researchers. If successfully exploited on vulnerable systems, it can be used by attackers to steal sensitive data, including ...
- New South Wales’ Transport agency extorted by ransomware gang after Accellion attack
March 1, 2021
The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. Transport for NSW is New South Wales’ transport system in charge of the buses, ferries, regional air operators, and cargo transportation. Last week, Transport for NSW disclosed that their agency suffered ...
- Mobile malware evolution 2020
March 1, 2021
In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common of these passing a malicious application off as another, popular and desirable one. All they need to do is correctly identify the application, or at least, the type of applications, that are currently in demand. Therefore, attackers constantly ...

