Security News

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar...

Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Google promotes its reCAPTCHA service as a security mechanism for websites, but researchers...

Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. Yesterday, BleepingComputer received multiple reports that reCaptcha stopped working in the latest version of Mozilla Firefox, with the issues also reported on Twitter and Reddit.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims' companies.

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. ReCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009.

ReCaptcha is Google's name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. Google recently started charging for larger reCAPTCHA accounts.

An attack method discovered in 2017 for defeating the audio version of Google's reCAPTCHA system using speech-to-text services has once again been resurrected. A team of researchers from the University of Maryland showed in 2017 that online speech-to-text services could be used to automatically solve reCAPTCHA v2 audio challenges with a high degree of accuracy.

Google insists it doesn't use reCAPTCHA data for personalized adverts, and says as much in the reCAPTCHA terms of service. Google's reCAPTCHA terms of service state that the service sends device and application data to the company.

Google insists it doesn't use reCAPTCHA data for personalized adverts, and says as much in the reCAPTCHA terms of service. Google's reCAPTCHA terms of service state that the service sends device and application data to the company.

Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.