Sign in

We are seeing a surge in Business Email Compromise (BEC) attacks. BEC attacks are not new or uncommon, but this wave has caught our attention because of its scale.

Many affected companies have been contacting us since June, and all the attacks share several key patterns.

This article explains how…


The article written by Anton Medvedev, reviewed by Vadim Khrykov

Our previous article focused on the different techniques used to detect ProxyLogon exploitation. This time we will talk about the techniques used to detect other notorious MS Exchange Server vulnerabilities, namely CVE-2020–0688, CVE-2020–16875 and CVE-2021–24085.

Although these vulnerabilities are not…


By Maxim Suhanov, 2021

Introduction to Boot Security

There are two major concepts for boot security: verified boot and measured boot.

The verified boot process ensures that components not digitally signed by a trusted party are not executed during the boot. This process is implemented as Secure Boot, a feature that blocks unsigned, not…


The article was prepared by BI.ZONE Cyber Threats Research Team

This is not the first time we have come across a cybercriminal group that pretends to be a legitimate organisation and disguises its malware as a security analysis tool. …


By Anton Medvedev, Demyan Sokolin, Vadim Khrykov

Microsoft Exchange is one of the most common mail servers used by hundreds of thousands of companies around the world. Its popularity and accessibility from the Internet make it an attractive target for attackers.

Since the end of 2020, we have recorded a…


By Innokentii Sennovskii

Photo credit: https://www.deviantart.com/heroeswho

How long can it take to register a vulnerability? We are quite used to bug bounties, where most of the time you just have to wait for the company in question to triage your report, and that’s it, now you have a CVE. However, if the company…


By Konstantin Molodyakov

A file structure is a whole fascinating world with its own history, mysteries and a home-grown circus of freaks, where workarounds are applied liberally. If you dig deeper into it, you can discover loads of interesting stuff.

In our digging we came across a particular feature of…


By Demyan Sokolin, Alexander Bolshakov, Ilyas Igisinov, Vadim Khrykov

CVE-2020–1472, or Zerologon, has already been named one of the most dangerous vulnerabilities discovered in recent years. It allows an attacker to compromise a domain controller’s machine account and access the contents of the entire Active Directory database. …


On 8 July 2020, we hosted Cyber Polygon — an international online cybersecurity training — for the second time. The technical exercise was attended by 120 teams from some of the largest Russian and international organisations across 29 countries. …


In February 2020, BI.ZONE detected a surge in the Faketoken trojan activity. Trojan-Banker.AndroidOS.Faketoken disguises itself as an application for a popular online classifieds platform, with over 2,000 victims infected daily. BI.ZONE experts explain what you should know about the trojan and how to protect yourself from it.

What Is Faketoken?

In February 2020…

BI.ZONE

BI.ZONE — expert in strategic management of digital risks: we help organisations to develop safely in the digital age

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store