A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- German authorities seize ‘BlueLeaks’ server that hosted data on US cops
July 7, 2020
German authorities have seized today a web server that hosted BlueLeaks, a website that provided access to internal documents stolen from US police departments. The server belonged to DDoSecrets (Distributed Denial of Secrets), an activist group that published the files last month, in mid-June. The server seizure was announced today by investigative journalist Emma Best, one of ...
- Purple Fox EK Adds Microsoft Exploits to Arsenal
July 6, 2020
The Purple Fox exploit kit (EK) has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig ...
- This is how EKANS ransomware is targeting industrial control systems
July 2, 2020
New samples of the EKANS ransomware have revealed how today’s cyberattackers are using a variety of methods to compromise key industrial companies. In a research report published on Wednesday, FortiGuard Labs researchers Ben Hunter and Fred Gutierrez said that malware designed to attack industrial control systems (ICS) continues to be lucrative for threat actors. While ransomware only accounted for ...
- Windows 10 background image tool can be abused to download malware
July 2, 2020
A binary in Windows 10 responsible for setting an image for the desktop and lock screen can help attackers download malware on a compromised system without raising the alarm. Known as living-off-the-land binaries (LoLBins), these files come with the operating system and have a legitimate purpose. Attackers of all colors are abusing them in post-exploitation phases ...
- TrickBot malware now checks screen resolution to evade analysis
July 1, 2020
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is ...
- US Govt shares tips on defending against cyberattacks via Tor
July 1, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network. Tor is a software enabling internet anonymity by automatically encrypt and reroute a user’s web requests through a network of Tor nodes (relay layers). Tor’s infrastructure is also used ...

