Security News

Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve.

Infosec in brief A security weakness in Google Cloud Build could have allowed attackers to tamper with organizations' code repositories and application images, according to Orca Security researchers. The issue, as Google describes it, is more about poorly defined permissions.

Ukrainian cops have disrupted a massive bot farm with more than 100 operators allegedly spreading fake news about the Russian invasion, leaking personal information belonging to Ukrainian citizens, and instigating fraud schemes. "The Cyber Police established that the attackers used special equipment and software to register thousands of bot accounts in various social networks and subsequently launch advertisements that violated the norms and legislation of Ukraine," according to machine translation of the news alert issued by the police.

The Cyber ??Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. Since the start of the war in Ukraine, Russian threat actors have been involved in disinformation campaigns targeting Ukraine and have invested in Ukraine-based bot farms.

Forget crypto spam accounts, Twitter's got another problem which involves bots and accounts promoting adult content and infiltrating Direct Messages and interactions on the platform. In a tweet, security research group, MalwareHunterTeam exposed multiple Twitter accounts that are spam bots injecting themselves within interactions in the form of likes.

Attacks on commerce are booming, according to a new study by security firm Akamai. Bots raining on retail drive flood in commerce attacks.

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity.

Police have arrested 69 people alleged to have used bots to book up nearly all of Spain's available appointments with immigration officials, and then sold those meeting slots for between €30 and €200 to aspiring migrants. Those arrested include the four alleged leaders of the crime ring, plus lawyers, managers, advisors, recruiters, and intermediaries, who reportedly received "Large amounts of money" from the sale of the immigration appointments.

For the first time, mobile Safari was one of the leading self-reported user agents, while the volume of bots claiming to be mobile browsers increased 42.78%. In 2020 and 2021, bad bots became the pandemic of the internet as automation became more sophisticated. "Cybercriminals will increase their focus on attacking API endpoints and application business logic with sophisticated automation. As a result, the business disruption and financial impact associated with bad bots will become even more significant in the coming years," Triebes continued.

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control. "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week.