A new threat has been uncovered. The Key Wolf hacker group is bombarding Russian users with file-encrypting ransomware. Interestingly enough, the attackers do not demand any ransom. Nor do they provide any options to decrypt the affected files. Our experts were the first to detect the proliferation of the new…

By Konstantin Molodyakov Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by giving it a little tweak. The biggest inconvenience in the original version was the inability to collect banners from HTTPS servers…

Unlike software vulnerabilities, hardware security flaws are not always possible to fix. However, this is no reason to be frustrated! The security of IoT, phones, tablets, control units, etc. still needs to be researched. At the very least, this will help alert users to the vulnerabilities as well as fix…

Log4Shell is a critical vulnerability in the Log4j logging library, which is used by many Java web applications. In protecting against the exploit of Log4Shell, you need to know what applications are vulnerable to this attack, which is a rather difficult task. …

We are seeing a surge in Business Email Compromise (BEC) attacks. BEC attacks are not new or uncommon, but this wave has caught our attention because of its scale. Many affected companies have been contacting us since June, and all the attacks share several key patterns. This article explains how…

The article written by Anton Medvedev, reviewed by Vadim Khrykov Our previous article focused on the different techniques used to detect ProxyLogon exploitation. This time we will talk about the techniques used to detect other notorious MS Exchange Server vulnerabilities, namely CVE-2020–0688, CVE-2020–16875 and CVE-2021–24085. Although these vulnerabilities are not…

By Maxim Suhanov, 2021 Introduction to Boot Security There are two major concepts for boot security: verified boot and measured boot. The verified boot process ensures that components not digitally signed by a trusted party are not executed during the boot. This process is implemented as Secure Boot, a feature that blocks unsigned, not…

The article was prepared by BI.ZONE Cyber Threats Research Team This is not the first time we have come across a cybercriminal group that pretends to be a legitimate organisation and disguises its malware as a security analysis tool. These groups hire employees who are not even aware that they…

By Anton Medvedev, Demyan Sokolin, Vadim Khrykov Microsoft Exchange is one of the most common mail servers used by hundreds of thousands of companies around the world. Its popularity and accessibility from the Internet make it an attractive target for attackers. Since the end of 2020, we have recorded…