A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- Android chat app with 100 million installs exposes private messages
November 19, 2020
GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. By abusing a flaw in the app, unauthenticated attackers can gain access to private voice messages, videos, and photos shared by GO SMS Pro users as Trustwave security researchers discovered three months ago. The ...
- Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack
November 19, 2020
Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by researchers, in particular targets vacuums with LiDAR sensors, as the name ...
- Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes
November 19, 2020
So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright ...
- Advanced Threat predictions for 2021
November 19, 2020
Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in ...
- Exploiting AI – How Cybercriminals Misuse and Abuse Artificial Intelligence and Machine Learning
November 19, 2020
Artificial intelligence (AI) is swiftly fueling the development of a more dynamic world. AI, a subfield of computer science that is interconnected with other disciplines, promises greater efficiency and higher levels of automation and autonomy. Simply put, it is a dual-use technology at the heart of the fourth industrial revolution. Together with machine learning (ML) ...
- Food-Supply Giant Americold Admits Cyberattack
November 19, 2020
Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain (and soon, COVID-19 vaccine distribution), has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission (SEC). The filing was brief and read in part: “As a precautionary measure, the company took immediate steps to help contain the incident ...

