A chat, GPT. Vulnerability targets corporations and governments. Researchers crack the Akira ransomware using high-end GPUs and free online converters are found to install malware. This is Cybersecurity today.
I'm your host, Jim Love a server side request forgery or SSRF vulnerability in OpenAI ChatGPT infrastructure tracked as CVE 20 24 27 5 6 4 is being actively exploited by attackers to redirect users to malicious URLs, placing organizations at significant risk Researchers from cybersecurity firm Verity have identified this medium severity flaw, which allows cyber criminals to inject crafted URLs into ChatGPT system compelling the application to make arbitrary requests.
This exploitation can lead to unauthorized access and data breaches. Notably, over 10,000 exploit attempts were recorded within a single week from a lone malicious IP address. Underscoring the vulnerabilities appeal to threat actors. The attacks have predominantly targeted financial institutions and US government organizations highlighting the critical need for robust cybersecurity measures in these sectors.
Alarmingly Verity's analysis revealed that 35% of examined organizations were susceptible due to misconfigurations in intrusion prevention systems, web application firewalls and firewall settings. SSRF vulnerabilities enable attackers to manipulate server side applications into making unauthorized requests to internal or external systems, potentially leading to data exposure or further system compromises.
In this instance, the flaw permits adversaries to direct chat GPT to access unintended URLs facilitating a range of malicious activities. The Akira Ransomware Group emerged in 2023 with a mix of dark humor and ruthless tactics, famously requesting ransom payments in 125,000 euros worth of French baguettes, but they soon became a more serious threat.
They've been known to ask for absurdly large amounts of ransoms, and despite their sense of humor, they are ruthless and have attacked not just corporations, but also hospitals, universities, and other infrastructure, often using stolen credentials to break into systems. But now some researchers have found a way to fight back by exploiting weaknesses in Akira encryption. Cybersecurity experts from a firm called Tiny Hack have discovered a method to crack its locked files using high powered GPUs.
With an Nvidia RTX 40 90 Tiny Hack found they could crack the encrypted ransomware files in seven days and with 16 GPUs, the process would take just over 10 hours. See Akira uses Chacha eight and encryption algorithms to lock victim's files instead of relying on a single key. The ransomware generates a unique key for each file based on a four part timestamp measured down to the nanosecond. This system is meant to make brute force attacks impossible, but Tiny Hacks.
Researchers found a flaw by narrowing the possible range of timestamps. They reduced the number of guesses needed to find the correct encryption key using an RTX 40 90. The brute force attack could then crack an Akira encrypted file in about seven days, and a cluster of 16 GPUs drops the encryption time to just 10 hours. Now the researcher's ability to decrypt files without paying could deal a major blow to Akira operations. However, the decryption method isn't foolproof.
It requires the exact original encrypted files to be intact, and the organization still need powerful computing resources to execute the recovery where the files are on a network file system. Some latency can also make determining the timestamp more difficult. And Akira encryption has been cracked before. Avast's threat research team found the method. Akira used to encrypt victim files and published a free encryption breaker tool. Akira has then gone on to fix their weaknesses.
No doubt they'll change their tactics to respond to this as well, but every hour they spend developing new attacks is an hour that somebody isn't attacked. and for victims who refuse to pay this breakthrough offers a rare opportunity, a way to fight back against one of the most notorious ransomware gangs of the past two years, And finally, cybersecurity company Malware Bytes is urging internet users to exercise caution when seeking free online conversion tools.
Warning that some of these services are embedding malware into their downloads. You know what it's like you're working with a new application. You've got a file in a specific format. The application won't take that file format. So what do you do? You go into Google and you type free converter with the file suffix. Except cybersecurity company, Malwarebytes is urging you to exercise caution when seeking those free online conversion tools.
Warning that some of these services are now embedding malware into their downloads. The cybersecurity firm's latest research published in March, 2025 reveals how attackers disguise malicious software as legitimate file converters to infect unsuspecting victims' devices. According to malware bytes and their blog post titled, warning Over Free Online Converters that actually Install Malware. These sites lure users with promises of quick and easy file format conversions.
However, when users upload documents for conversion, they're often prompted to install a helper application that actually. Delivers the harmful payloads. These malicious programs can track browsing activity, steal passwords, open back doors, and grant remote access to cyber criminals. Users should always be skeptical of websites that insist on downloads for tasks traditionally done online.
The blog states and the firm emphasizes that many legitimate services can convert files directly in the cloud without requiring additional software installations. Malwarebytes advises anyone seeking file conversion services to verify the legitimacy of the platform before downloading any executable files. And that's our show. You can reach me with comments, questions, or even tips at [email protected]. And hey, the donations from buy me a coffee.com/tech podcast. Keep coming in.
So thank you. I'll try to get to thank each and every one of you individually. I've gone through a pile of them. I hope you're getting these as emails, but they are posted on the site by me, a coffee.com/tech podcast so you can see my note to you and my thanks. We still aren't out of the woods. We need to get a specific amount of money on a monthly basis for the show to keep functioning, but. I'll do another campaign in a few weeks.
I want to give you all a break, but at this rate, with your generosity, we will get to a sustainable revenue to keep the show going. I'm your host, Jim Love. Thanks for listening.