CyberWorkx

Tiago Pereira and Caitlin Huey of Cisco Talos reported that "BlackCat appears to be a case of vertical business expansion .In essence, it's a way to gain control of the upstream supply chain by making a key service to their business (the RaaS operator) better suited to their needs and adding another source of revenue." … Continue reading Experts Track Down Some BlackMatter Affiliates Spreading BlackCat Ransomware.

TAG researchers Vlad Stolyarov reported that ," Initial access brokers are the opportunistic locksmiths of the security world .These groups specialise in breaching a target in order to provide the malicious actor with access to the doors   or the Windows." TAG has launched a new initial access broker that it claims is closely associated with a … Continue reading Google Discovers A ‘Initial Access Broker’ Cooperating With The Conti Ransomware Gang.

According to Microsoft's Defender for IoT Research Team and Threat Intelligence Center (MSTIC) ," TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems by using MikroTik routers as proxy servers for its C2 servers and redirecting traffic through non-standard ports." Microsoft stated on Wednesday that the TrickBot virus uses … Continue reading Hacked IoT Devices Are Used As Command- And Control Servers By The TrickBot Malware.

Qihoo 360's Netlab security team reported that, "Based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes. A previously unknown backdoor has been discovered that targets Linux systems with the objective of enlisting the computers in a botnet and functioning as a channel … Continue reading The New Linux Botnet “B1txor20” Uses A DNS Tunnel And Exploits A Log4J Flaw.