Tuesday , March 4 2025

CAPTCHA-breaking services being offered for sale to bypass systems

infosecbulletin Tuesday , May 30 2023 Hot Topic

Cybersecurity researchers are warning that CAPTCHA-breaking services are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic.

These services work by farming out CAPTCHA-breaking tasks to actual human solvers. This makes it easy for customers of CAPTCHA-breaking services to develop automated tools against online web services. And because actual humans are solving CAPTCHAs, the purpose of filtering out automated bot traffic through these tests are rendered ineffective.

CISA adds Cisco and Windows vulns as actively exploited

By infosecbulletin / Tuesday , March 4 2025
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these...
Read More
CISA adds Cisco and Windows vulns as actively exploited

10 New Vulnerabilities Discovered in MediaTek Chipsets

By infosecbulletin / Monday , March 3 2025
MediaTek has released its March 2025 Product Security Bulletin, which highlights new security vulnerabilities affecting various chipsets in smartphones, tablets,...
Read More
10 New Vulnerabilities Discovered in MediaTek Chipsets

Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns

By infosecbulletin / Monday , March 3 2025
Qualcomm's March 2025 Security Bulletin addresses vulnerabilities in its products, including automotive systems, mobile chipsets, and networking devices. It includes...
Read More
Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns

Cyberattack detected at Polish space agency, minister says

By infosecbulletin / Monday , March 3 2025
On Sunday, Poland Minister for Digitalisation Krzysztof Gawkowski said that Polish cybersecurity services found unauthorized access to the IT infrastructure...
Read More
Cyberattack detected at Polish space agency, minister says

Nearly 12,000 API Keys and Passwords Found in Public Datasets

By infosecbulletin / Monday , March 3 2025
Security researchers found that datasets used by companies to develop large language models included API keys, passwords, and other sensitive...
Read More
Nearly 12,000 API Keys and Passwords Found in Public Datasets

Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit

By infosecbulletin / Sunday , March 2 2025
Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where officials used a zero-day exploit from Cellebrite to unlock...
Read More
Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit

DragonForce Ransomware Targets Saudi Company, 6TB Data Stolen

By infosecbulletin / Saturday , March 1 2025
DragonForce ransomware targets organizations in Saudi Arabia. An attack on a major Riyadh real estate and construction firm led to...
Read More
DragonForce Ransomware Targets Saudi Company, 6TB Data Stolen

Microsoft Uncovers Hackers Selling Illegal Azure AI Access

By infosecbulletin / Saturday , March 1 2025
Microsoft has filed an amended complaint in recent civil litigation, naming the main developers of malicious tools that bypass the...
Read More
Microsoft Uncovers Hackers Selling Illegal Azure AI Access

By 2025, India’s First Semiconductor Chip to be ready

By infosecbulletin / Friday , February 28 2025
At the Global Investors Summit 2025, Union Minister Ashwini Vaishnaw announced that India’s first indigenous semiconductor chip will be ready...
Read More
By 2025, India’s First Semiconductor Chip to be ready

CVE-2025-20111
Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

By infosecbulletin / Thursday , February 27 2025
Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash...
Read More
CVE-2025-20111 Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

Threat actors have also been observed purchasing CAPTCHA-breaking services and combining them with proxyware offerings to obscure the originating IP address and evade antibot barriers.

ALSO READ:

World see transmission at a record speed of 200 gigabits per second

Proxyware, although marketed as a utility to share a user’s unused internet bandwidth with other parties in return for a “passive income,” essentially turns the devices running them into residential proxies.

In one instance of a CAPTCHA-breaking service targeting popular social commerce marketplace Poshmark, the task requests emanating from a bot are routed via a proxyware network.

“CAPTCHAs are common tools used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective,” said security researcher Joey Costoya. “While online web services can block abusers’ originating IPs, the rise of proxyware adoption renders this method as toothless as CAPTCHAs.”

To mitigate such risks, online web services are recommended to supplement CAPTCHAs and IP blocklisting with other anti-abuse tools.

Here are some additional tips for mitigating the risks posed by CAPTCHA-breaking services:

  • Use a variety of anti-abuse tools, including CAPTCHAs, IP blocklisting, and anomaly detection.
  • Monitor your traffic for signs of abuse, such as unusual spikes in traffic or requests from unusual IP addresses.
  • Keep your software up to date with the latest security patches.
  • Train your staff to be aware of the signs of abuse and how to report it.

Check Also

FIR

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin