Monday , November 25 2024

CAPTCHA-breaking services being offered for sale to bypass systems

infosecbulletin Tuesday , May 30 2023 Hot Topic

Cybersecurity researchers are warning that CAPTCHA-breaking services are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic.

These services work by farming out CAPTCHA-breaking tasks to actual human solvers. This makes it easy for customers of CAPTCHA-breaking services to develop automated tools against online web services. And because actual humans are solving CAPTCHAs, the purpose of filtering out automated bot traffic through these tests are rendered ineffective.

MITRE discloses 2024 CWE Top 25 critical software flaw

By infosecbulletin / Sunday , November 24 2024
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The...
Read More
MITRE discloses 2024 CWE Top 25 critical software flaw

Python NodeStealer: harvest credit card and Facebook Ads Manager

By infosecbulletin / Sunday , November 24 2024
Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range....
Read More
Python NodeStealer: harvest credit card and Facebook Ads Manager

Cisco Talos
Over 60% of Emails with QR Codes are spam

By infosecbulletin / Saturday , November 23 2024
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people...
Read More
Cisco Talos Over 60% of Emails with QR Codes are spam

CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

By infosecbulletin / Saturday , November 23 2024
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate...
Read More
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

Daily Security Digest Dated 11/23/24

By infosecbulletin / Saturday , November 23 2024
Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Digest Dated 11/23/24

SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

By infosecbulletin / Friday , November 22 2024
SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from a user while analyzing a...
Read More
SafetyDetectives’ Research Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

Over 145,000 ICS Across 175 Countries Found Exposed Online

By infosecbulletin / Friday , November 22 2024
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting...
Read More
Over 145,000 ICS Across 175 Countries Found Exposed Online

World to see AI powered “human washing machines”

By infosecbulletin / Friday , November 22 2024
Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company...
Read More
World to see AI powered “human washing machines”

Hacker compromised over 2000 Palo Alto Networks Firewalls

By infosecbulletin / Friday , November 22 2024
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and...
Read More
Hacker compromised over 2000 Palo Alto Networks Firewalls

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

By infosecbulletin / Thursday , November 21 2024
Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....
Read More
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

Threat actors have also been observed purchasing CAPTCHA-breaking services and combining them with proxyware offerings to obscure the originating IP address and evade antibot barriers.

ALSO READ:

World see transmission at a record speed of 200 gigabits per second

Proxyware, although marketed as a utility to share a user’s unused internet bandwidth with other parties in return for a “passive income,” essentially turns the devices running them into residential proxies.

In one instance of a CAPTCHA-breaking service targeting popular social commerce marketplace Poshmark, the task requests emanating from a bot are routed via a proxyware network.

“CAPTCHAs are common tools used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective,” said security researcher Joey Costoya. “While online web services can block abusers’ originating IPs, the rise of proxyware adoption renders this method as toothless as CAPTCHAs.”

To mitigate such risks, online web services are recommended to supplement CAPTCHAs and IP blocklisting with other anti-abuse tools.

Here are some additional tips for mitigating the risks posed by CAPTCHA-breaking services:

  • Use a variety of anti-abuse tools, including CAPTCHAs, IP blocklisting, and anomaly detection.
  • Monitor your traffic for signs of abuse, such as unusual spikes in traffic or requests from unusual IP addresses.
  • Keep your software up to date with the latest security patches.
  • Train your staff to be aware of the signs of abuse and how to report it.

Check Also

paloalto

Palo Alto Networks Confirms critical RCE zero-day actively exploited

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin