CAPTCHA – WindowsTechs.com

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Posted on October 29, 2024 by Vasily Kolesnikov

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. Continue reading Lumma/Amadey: fake CAPTCHAs want to know if you’re human→

Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware

Posted on October 22, 2024 by Deeba Ahmed

Lumma Stealer malware uses fake CAPTCHA to deceive victims. This information-stealing malware targets sensitive data like passwords and… Continue reading Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware→

Hackaday Links: September 29, 2024

Posted on September 29, 2024 by Dan Maloney

There was movement in the “AM Radio in Every Vehicle Act” last week, with the bill advancing out of the US House of Representatives Energy and Commerce Committee and heading …read more Continue reading Hackaday Links: September 29, 2024→

This Windows PowerShell Phish Has Scary Potential

Posted on September 19, 2024 by BrianKrebs

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user. Continue reading This Windows PowerShell Phish Has Scary Potential→

Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware

Posted on September 19, 2024 by Waqas

A new phishing campaign uses fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands,… Continue reading Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware→

Best timing/safest way to show Captchas on a website?

Posted on September 7, 2024 by GangSTARclown

I implement a .NET application that has a HTTPS API. A website makes requests to my HTTPS API. The website has a login page and other features.
Do I show a Captcha on the website if a new session is created? Do I show a Captcha on the webs… Continue reading Best timing/safest way to show Captchas on a website?→

My reCAPTCHA got bypassed

Posted on August 27, 2024 by a_duck

About a year ago, my reCAPTCHA for creating uers seemed to get completely bypassed by a hacker, who created thousands of users in a small time frame, here are checks I did:

I reviewed all the queries that insert new entries into my databa… Continue reading My reCAPTCHA got bypassed→

My reCAPTCHA for registering got bypassed

Posted on August 5, 2024 by a_duck

I implemented reCaptcha on my react native app to stop bots from creating accounts. However this reCAPTCHA got bypassed. and the hacker was able to create 10-20 thousand accounts in like a week. I really tried bypassing it myself, but I co… Continue reading My reCAPTCHA for registering got bypassed→

Recaptcha – fake token in posted form

Posted on July 26, 2024 by Prakash

I implemented recaptcha on my site on a page that has a form. A bot is programatically posting the form to my server with fields filled out appropriately and a fake g-recaptcha-response value (it does not interact with the recaptcha widget… Continue reading Recaptcha – fake token in posted form→

How do automatic captchas like Cloudfare work? [closed]

Posted on July 3, 2024 by security_paranoid

On numerous sites (but none specifically), this is what I’m talking about:

I understand the purpose of this, but I don’t really understand how it works. How does it know I’m not s script or program?
It doesn’t have a puzzle captcha that y… Continue reading How do automatic captchas like Cloudfare work? [closed]→