Security News

Clever Social Engineering Attack Using Captchas
2024-09-20 15:32

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever.

Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years
2024-08-23 13:00

A developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account...

How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
2023-11-21 10:40

Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One...

AI-enabled bots can solve CAPTCHAs faster than humans
2023-10-13 03:00

Companies are losing revenue in the fight against malicious bot attacks, according to survey by Kasada. Despite spending millions of dollars on traditional bot management solutions, companies are still financially impacted by bot attacks.

Bots Are Better than Humans at Solving CAPTCHAs
2023-08-18 11:04

Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve.

How to bypass CAPTCHAs online with Safari on iOS 16
2023-06-22 19:00

Tired of those annoying CAPTCHA images that leave you feeling like you're solving a puzzle just to log in online? Learn how to use Apple's "CAPTCHA killer" feature called Automatic Verification in iOS 16. CAPTCHAs can be quite annoying when you just want to try to create a new account or log in to a website.

CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security
2023-05-30 12:16

"Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created," Trend Micro said in a report published last week. "These CAPTCHA-solving services don't use techniques or advanced machine learning methods; instead, they break CAPTCHAs by farming out CAPTCHA-breaking tasks to actual human solvers."

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
2023-01-06 17:42

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "Primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. PURPLEURCHIN first came to light in October 2022 when Sysdig disclosed that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation.

Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month
2023-01-05 14:00

According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run" technique to abuse free cloud resources. Whereas Sysdig identified 3,200 malicious accounts belonging to 'PurpleUrchin,' Unit 42 now reports that the threat actor has created and used over 130,000 accounts on the platforms since August 2019, when the first signs of its activities can be traced.

As Long as We’re on the Subject of CAPTCHAs
2022-12-16 20:14

There are these.