Security News

If it doesn't offer the protection it once did, and its major accomplishment for the past 12 years is that it slows down the customer purchase process, we have to ask ourselves: Why are CAPTCHAs still a thing? While attack technology has evolved, CAPTCHAs have not kept up with the times.

A team of researchers at the Universities of Arizona, Georgia, and South Florida, have developed a machine-learning-based CAPTCHA solver that they claim can overcome 94.4% of real challenges on dark websites. The collection of cyber-threat intelligence from illicit dark web markets and forums becomes challenging and expensive, as employees have to be involved in the CAPTCHA solving step.

New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service. Tests by BleepingComputer confirmed the problematic captcha required when signing up for a Microsoft account via Skype-even after verifying your email address.

A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.

Cyberattackers are using Google's reCAPTCHA and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers. CAPTCHAs are familiar to most internet users as the challenges that are used to confirm that they're human.

Analyst firm Gartner has advised in favour of the use of CAPTCHAs - but recommends using the least-annoying CAPTCHAs you can find. The firm's opinion is contained in a post by senior director analyst Akif Khan, who noted that CAPTCHAs create friction for humans but remain an imperfect defence against bots.

Cloudflare research engineer Thibault Meunier assumed that the average internet user sees a CAPTCHA once ever ten days and multiplied that by world's 4.6 billion internet users and Cloudflare's 32-second CAPTCHA-completion estimate to assert that humanity collectively spends 500 years every day completing CAPTCHAs. Cloudflare will initially support three - YubiKeys, HyperFIDO keys; and Thetis FIDO U2F. "Completing this flow takes five seconds," Meunier asserts in a post on Cloudflare's blog.

CAPTCHA farms have been around for over a decade, pretty much since CAPTCHAs first became a way to protect against bots. CAPTCHA requests will be sent from the bot to the farm through an API, and at the other end a human will be available to solve the test.

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate. Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.

As CAPTCHA-haters know to their frequent irritation, the death of the text-based Completely Automated Procedures for Telling Computers and Humans Apart tends to be exaggerated.