A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.
Cyberattackers are using Google's reCAPTCHA and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers. CAPTCHAs are familiar to most internet users as the challenges that are used to confirm that they're human.
Analyst firm Gartner has advised in favour of the use of CAPTCHAs - but recommends using the least-annoying CAPTCHAs you can find. The firm's opinion is contained in a post by senior director analyst Akif Khan, who noted that CAPTCHAs create friction for humans but remain an imperfect defence against bots.
Cloudflare research engineer Thibault Meunier assumed that the average internet user sees a CAPTCHA once ever ten days and multiplied that by world's 4.6 billion internet users and Cloudflare's 32-second CAPTCHA-completion estimate to assert that humanity collectively spends 500 years every day completing CAPTCHAs. Cloudflare will initially support three - YubiKeys, HyperFIDO keys; and Thetis FIDO U2F. "Completing this flow takes five seconds," Meunier asserts in a post on Cloudflare's blog.
CAPTCHA farms have been around for over a decade, pretty much since CAPTCHAs first became a way to protect against bots. CAPTCHA requests will be sent from the bot to the farm through an API, and at the other end a human will be available to solve the test.
Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate. Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.
Here’s an overview of some of last week’s most interesting news and articles: Old and new OpenSSH backdoors threaten Linux servers OpenSSH, a suite of networking software that allows secure...
Researchers have created new artificial intelligence that could spell the end for one of the most widely used website security systems. The new algorithm, based on deep learning methods, is the...
Attack bots unleashed as major sites left wide open to abuse If you're one of those people who hates picking out cars, street signs and other objects in CAPTCHA image grids, then get used to it...