ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Europol, Capgemini team up in cybercrime prevention, awareness campaigns

    May 26, 2020

    Europol and Capgemini have agreed to pool their resources in new cybersecurity awareness campaigns and the expansion of existing collaboration on threat intelligence. On Tuesday, Europol’s European Cybercrime Centre (EC3) said a Memorandum of Understanding (MoU) has been signed with the consultancy giant that is expected to lead to new “joint exercises, capacity building, and prevention campaigns.” Europol and ...

  • Qakbot Resurges, Spreads through VBS Files

    May 25, 2020

    Through managed detection and response (MDR), we found that a lot of threats come from inbound emails. These messages usually contain phishing links, malicious attachments, or instructions. However, in our daily investigation of email metadata, we often detect threats not just in inbound emails, but even in the users’ own sent items folder. This involves ...

  • eBay port scans visitors’ computers for remote access programs

    May 24, 2020

    When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote access applications. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can ...

  • Threat Spotlight: The Andromeda Botnet

    May 22, 2020

    The Andromeda botnet, also known as Gamarue or Wauchos, was first introduced to the public in 2011. During this time it was used to distribute large quantities of malware. According to Microsoft the Andromeda botnet was used to spread more than 80 malware families including ransomware, worms, and more. Andromeda is a modular malware, meaning additional components can ...

  • NSO Group Impersonates Facebook Security Team to Spread Spyware — Report

    May 22, 2020

    According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage ...

  • Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

    May 22, 2020

    Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat (APT) group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East. This most recent wave of cyberattacks ...