ChatGPT Vulnerability Targeted by Hackers

In a recent cybersecurity incident, hackers have been found exploiting a vulnerability within the ChatGPT infrastructure to reroute users to malicious sites. Security experts identified over 10,000 exploit attempts in just one week originating from a single malicious IP address. This vulnerability, officially tracked as CVE-2024-27564, has been classified as medium severity with a CVSS score of 6.5. The primary targets of these attacks are financial institutions within the United States, according to researchers from the cybersecurity firm Veriti.

The vulnerability resides in the pictureproxy.php component of ChatGPT, where attackers can insert malicious URLs into input parameters. This enables unauthorized requests, potentially allowing malicious actors to infiltrate internal systems, gather sensitive data, or launch more extensive attacks. Despite the severity of the situation, OpenAI has yet to comment or issue a patch for this vulnerability.

Veriti’s analysis indicates that 35% of organizations are at risk due to misconfigured intrusion prevention systems, web application firewalls, and firewall settings. The researchers emphasize that even vulnerabilities with moderate severity scores can become significant threats if not addressed promptly. The attacks have not been limited to the United States; other affected countries include Germany, Thailand, Indonesia, Colombia, and the United Kingdom.

The financial sector is particularly vulnerable due to its dependence on AI-driven services and APIs, although government and healthcare sectors are also at risk. Hackers exploiting this vulnerability can conduct unauthorized transactions and inflict reputational damage. A demonstration video has shown how attackers utilize this flaw to trick ChatGPT into executing unauthorized requests, further highlighting the need for heightened security measures.

To mitigate these risks, Veriti has provided a list of malicious IP addresses associated with the exploit attempts. They recommend organizations to enhance their network defenses by updating IPS, WAF, and firewall configurations, implementing strict input validation to prevent URL injection, and conducting regular vulnerability assessments, particularly focusing on AI applications. Monitoring AI-related traffic patterns for anomalies is also crucial to detect and prevent potential breaches.

ChatGPT Vulnerability Targeted by Hackers

Data Analytics is Crucial for Scaling SEO

Amazon’s Bold Move: Echo Privacy Settings Overhaul Imminent

Amazon’s Bold Move: Echo Privacy Settings Overhaul Imminent

Could AI Hallucinations Be Surprisingly Beneficial?

Could AI Hallucinations Be Surprisingly Beneficial?

Unlocking Gains: How the M&A Surge is Transforming Fraud Solutions

Unlocking Gains: How the M&A Surge is Transforming Fraud Solutions

Surge in ClickFix Attacks Sparks Rise in Infostealer Infections

Elon Musk and DOGE Drama Escalates: Tesla Owners’ Identities Exposed

Revolutionizing Security and Workforce: What’s Next?

Revolutionizing Security and Workforce: What’s Next?

JPMorgan Chase CISO Slams Inadequate SaaS Cybersecurity

JPMorgan Chase CISO Slams Inadequate SaaS Cybersecurity

Revolutionizing Security and Workforce: What’s Next?

Revolutionizing Security and Workforce: What’s Next?

CISA Adds One Known Exploited Vulnerability to Catalog

JPMorgan Chase CISO Slams Inadequate SaaS Cybersecurity

JPMorgan Chase CISO Slams Inadequate SaaS Cybersecurity

CISA Releases Three Industrial Control Systems Advisories

Rockwell Automation ThinManager | CISA

Revolutionizing Security and Workforce: What’s Next?

JPMorgan Chase CISO Slams Inadequate SaaS Cybersecurity