22 matches found
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data...
New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows...
COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers
This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...
EUVD-2019-6881
Malware in sbrugna...
ChatGPT solves CAPTCHAs if you tell it they’re fake
If you’re seeing fewer or different CAPTCHA puzzles in the near future, that’s not because website owners have agreed that they’re annoying, but it might be because they no longer prove that the visitor is human. For those that forgot what CAPTCHA stands for: Completely Automated Public Turing te...
New OBSCURE#BAT Malware Targets Users with Fake Captchas
OBSCUREBAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on…...
Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network CDN to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing P...
GHSA-MV73-F69X-444P Go Fiber CSRF Token Validation Vulnerability
A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...
GHSA-94W9-97P3-P368 CSRF Token Reuse Vulnerability
A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...
Cross site request forgery (csrf)
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...
Cross site request forgery (csrf)
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...
CVE-2023-45141 CSRF Token Validation Vulnerability in fiber
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...
phpMyFAQ < 3.1.10 Multiple Vulnerabilities
phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...
Do CAPTCHAs work and what’s the alternative?
We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...
U.S. Dept Of Defense: CSRF to account takeover in https://█████/
Hi DoD team, I found a CSRF to account takeover in https://███████/ NOTE: Try to open the site in firefox because chrome sometimes is not allowing to open the site. Summary: There is no protection against CSRF in changing email which lead to CSRF to account takeover on https://██████/. Step-by-st...
Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
Researchers are warning of an ongoing Office 365 credential-phishing attack that’s targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. CAPTCHAs – commonly utilized by websites like LinkedIn and Google – are a type of challenge–response test use...
Denial of Service Vulnerability in Jukin App
Jukin App is an internet financial management and lending platform. A denial of service vulnerability exists in Jiujin App, where an attacker consumes server resources and causes a denial of service by sending unlimited CAPTCHAs to cell phones...
Google Retools reCAPTCHA Authentication System
Google announced a change to its reCAPTCHA authentication system late Friday wherein the company will begin creating different types of puzzles for different users, use numeric CAPTCHAs and move away from more obscure, hard-to-read distorted letters. CAPTCHAs are the series of distorted letter...
MS Live CAPTCHAS Busted by PushDo Botnet
The prolific Pushdo spam botnet has found a new way to penetrate Microsoft’s Live.com by exploiting weaknesses in the audio captchas designed to prevent automated scripts from accessing the popular email service. Read the full article. The Register...
Cybergangs use cheap labor to break codes on social sites
From USA Today Byron Acohido It’s become the new front in cybercrime: scams and identity-theft programs that attack e-mail accounts and users of social-networking sites such as Facebook and MySpace. To carry out many of these automated attacks, cybercriminals first must overcome “captchas,” the...