A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- Microsoft warns enterprises of new ‘dependency confusion’ attack technique
February 10, 2021
Microsoft has published a white paper on Tuesday about a new type of attack technique called a “dependency confusion” or a “substitution attack” that can be used to poison the app-building process inside corporate environments. The technique revolves around concepts like package managers, public and private package repositories, and build processes. Today, developers at small or large ...
- British cyber gang ‘stole large amounts from US sports and music stars after accessing their phones’
February 10, 2021
Eight Britons have been arrested for hacking into the phones of US celebrities to steal money and personal information – even posing as them online. Britain’s National Crime Agency (NCA) said sports stars, musicians and their families had been targeted by the scam in which criminals gain access to their victim’s phones or accounts. This allowed them ...
- BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
February 9, 2021
Highly malleable, highly sophisticated and over 10,000 bytes of machine code. This is what Unit 42 researchers were met with during code analysis of this “bear” of a file. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. Analysis by Trend ...
- Android Devices Hunted by LodaRAT Windows Malware
February 9, 2021
A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, ...
- Web hosting provider shuts down after cyberattack
February 9, 2021
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation. According to a message posted on its official site , the company said it was breached on Monday, February 8. The hacker appears to have “compromised” the company’s entire ...
- Actively Exploited Windows Kernel EoP Bug Allows Takeover
February 9, 2021
Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the computing giant has released patches for 56 CVEs covering Microsoft Windows components, the .NET ...

