Cymetrics Tech Blog

ChatGPT is incredibly easy to use, but its development team at OpenAI has restricted many answers related to security issues in order to prevent hackers from using ChatGPT for attacks. As a result, finding correct answers without crossing the line has become a new research topic for hackers and cybersecurity experts.The purpose of this article is to share some methods for obtaining answers from ChatGPT, which can be broadly classified into two categories: those that can be exploited by attackers and those that developers need to use for protection. While the implementation in the article is based on websites, these methods are not limited to website attacks and can be useful in various other areas of cybersecurity.

What is a supply chain attack and where does it occur? What can we do to prevent it? Let's take a look at the possible attacks in the development process or what are the possible links to be attacked by the supply chain through real-life examples.

As small and medium-sized enterprises (SMEs) begin to embrace digital transformation, the lack of cybersecurity information for SMEs has become the best target for hackers. According to CISCO's Cybersecurity for SMBs:Asia Pacific Businesses Prepare for Digital Defense report, 56% of SMEs in the Asia-Pacific region (APJC) have experienced cyber security incidents in the past 12 months

Exchanges can be seen as the core of Web 3.0 centralized services, but in recent years, more and more cybersecurity incidents are surrounding exchanges. Therefore, it has become very important to find more scientific ways to choose exchanges instead of relying on own instincts.

It’s very time-consuming for hackers to collect and sort out useful information from the attacks. If they couldn’t turn those data into money, they will probably starve to death. Therefore, this article uses some common examples to illustrate how hackers can take advantage of the data leakage and the corresponding impacts from a profit-making perspective.

Suppose your house is burglarized today, as having superpower, you rewind time to yesterday, but if you didn’t make any changes, the same thing will happen again. You should take the opportunity to change the locks or hide the money somewhere else.

ERPNext is a very popular open-source ERP(Enterprise Resource Planning) software built on Frappe Framework.Last December, we found two vulnerabilities in the latest version of ERPNext: SSRF(Server-Side Request Forgery) and account takeover via XSS. Both vulnerabilities require a low-privileged authenticated user to perform the attack.

Last year, a critical vulnerability in the Java ecosystem named Log4Shell has been found, it is described as a "nuclear bomb-level loophole".Recently, another critical vulnerability has been found in Spring core, because of its similarity to Log4Shell, it's named "Spring4shell".