A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- New Slipstream NAT bypass attacks to be blocked by browsers
November 9, 2020
Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim’s NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices. The attack method, dubbed NAT Slipstreaming, was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat ...
- FBI: Hackers stole source code from US government agencies and private companies
November 7, 2020
The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public ...
- When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777
November 6, 2020
As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...
- RansomEXX Trojan attacks Linux systems
November 6, 2020
Kaspersky researchers have recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had ...
- Apple Patches Bugs Tied to Previously Identified Zero-Days
November 6, 2020
Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS 14.2, which patch a total of 24 vulnerabilities—including the three ...
- Operation North Star: Behind The Scenes
November 5, 2020
It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed earlier this year ...

