Talos Group- Cisco blog

Subscribe to Talos Group- Cisco blog hírcsatorna Talos Group- Cisco blog
Frissítve: 2 óra 6 perc
2020. szeptember 18.

Threat Roundup for September 11 to September 18

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 11 and September 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200918-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for September 11 to September 18 appeared first on Cisco Blogs.

2020. szeptember 11.

Threat Roundup for September 4 to September 11

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 4 and September 11. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200911-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for September 4 to September 11 appeared first on Cisco Blogs.

2020. szeptember 5.

Threat Roundup for August 28 to September 4

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 28 and September 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200904-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for August 28 to September 4 appeared first on Cisco Blogs.

2020. szeptember 3.

Salfram: Robbing the place without removing your name tag

Over the past several months, Cisco Talos has seen attackers carrying out ongoing email-based malware distribution campaigns to distribute various malware payloads. These email campaigns feature several notable characteristics that appear designed to evade detection and maximize the effectiveness of these campaigns. The use of web-based contact forms, legitimate hosting platforms, and a specific crypter make analysis and detection more difficult. All of the malware samples associated with these campaigns feature a modified DOS header containing the string “Salfram,” making them extremely easy to track over time. The crypter used in these campaigns is undergoing active development and improvements to obfuscate the contents of malware payloads. Additionally, the crypter uses several effective techniques to make the detection and analysis of the final malware payload more difficult. It obfuscates the original payload binaries in a way that results in payloads that appear completely different from each other after being packed using the same crypter. It even takes a great amount of effort to compare the packed binaries in a disassembler and determine if the same packer was used.

READ MORE>>

The post Salfram: Robbing the place without removing your name tag appeared first on Cisco Blogs.

2020. augusztus 27.

Threat Roundup for August 21 to August 27

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 21 and August 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200827-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for August 21 to August 27 appeared first on Cisco Blogs.

2020. augusztus 21.

Threat Roundup for August 14 to August 21

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 14 and August 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200821-tru.json – is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for August 14 to August 21 appeared first on Cisco Blogs.

2020. augusztus 14.

Threat Roundup for August 7 to August 14

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 7 and August 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for August 7 to August 14 appeared first on Cisco Blogs.

2020. augusztus 13.

Attribution: A Puzzle

By Martin Lee, Paul Rascagneres and Vitor Ventura.

Introduction

The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. 

Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them. This intelligence takes the form of open-source intelligence (OSINT), or analysis of the technical intelligence (TECHINT), possibly derived from proprietary data. Indicators in these sources tend to point toward a threat actor if they have used the same methods in the past, or reused infrastructure from previous attacks.

Intelligence agencies have additional sources of intelligence available to them that are not available to the public sector. The public saw a glimpse into this with a report that the Dutch agency AIVD compromised a security camera in the building used by APT29, an infamous threat actor. This allowed the Dutch Intelligence Agencies to provide vital intelligence regarding the activities of APT29 to their allies. Such intelligence is beyond the reach of private-sector researchers.

Intelligence agencies tend to be reserved, and publish relatively few articles that include attribution, at least in comparison to the private sector. Hence, when an intelligence agency, like the UK’s National Cyber Security Centre (NCSC) directly attributed the WellMess malware to APT29 in a report endorsed by Canada’s Communications Security Establishment (CSE), the U.S.’s National Security Agency (NSA) and Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA), you can expect that these agencies have solid evidence to back their claims.

Given this, it is interesting to examine the evidence available to us as a threat intelligence and security research group to support these conclusions. Attribution is typically not our goal. We aim to protect customers against threats, raise awareness of current threats, and support the security community. We recognize that we don’t have the depth of visibility of an intelligence or law enforcement agency, but we do have access to a wealth of information, including open-source intelligence that helps us achieve our goals.

READ MORE>>

The post Attribution: A Puzzle appeared first on Cisco Blogs.

2020. augusztus 10.

Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x

One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snapshot fuzzing: fuzzing small subsets of programs from a known, static starting state. This involved working on a custom kernel that could be booted on bare metal. Having not done any operating system development before, I thought this would be a great way to learn new techniques while gaining a new tool for the tool bag. This is the story of the project in the hopes that others could learn from this experience.

READ MORE>>

The post Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x appeared first on Cisco Blogs.

2020. augusztus 8.

Threat Roundup for July 31 to August 7

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 31 and August 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

 

The post Threat Roundup for July 31 to August 7 appeared first on Cisco Blogs.

2020. július 31.

Threat Roundup for July 24 to July 31

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 24 and July 31. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200731-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for July 24 to July 31 appeared first on Cisco Blogs.

2020. július 29.

Adversarial use of current events as lures

By Nick Biasini.

The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. 

This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today’s protections, which can be costly, or pivot to enticing a user to help you. In today’s threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They’ve tried a multitude of different tactics in this space, but one always stands out — current events.

In today’s world, everyone’s thoughts immediately go to COVID-19 and Black Lives Matter, since both stories have dominated the threat landscape over the last several months, but this is something that organically happens frequently on the threat landscape. So much so that organizations should include it in their threat hunting activities. This blog is going to walk through the why and how.

Read More >>

The post Adversarial use of current events as lures appeared first on Cisco Blogs.

2020. július 24.

Threat Roundup for July 17 to July 24

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 17 and July 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200724-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for July 17 to July 24 appeared first on Cisco Blogs.

2020. július 22.

Prometei botnet and its quest for Monero

Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign employing a multi-modular botnet with multiple ways to spread and a payload focused on providing financial benefits for the attacker by mining the Monero online currency. The actor employs various methods to spread across the network, like SMB with stolen credentials, psexec, WMI and SMB exploits. The adversary also uses several crafted tools that helps the botnet increase the amount of systems participating in its Monero-mining pool.

The infection starts with the main botnet file which is copied from other infected systems by means of SMB, using passwords retrieved by a modified Mimikatz module and exploits such as Eternal Blue. The actor is also aware of the latest SMB vulnerabilities such as SMBGhost, but no evidence of using this exploit has been found.

The botnet has more than 15 executable modules that all get downloaded and driven by the main module, which constantly communicates with the command and control (C2) server over HTTP. However, the encrypted data is sent using RC4 encryption, and the module shares the key with the C2 using asymmetric encryption.

Apart from a large focus on spreading across the environment, Prometei also tries to recover administrator passwords. The discovered passwords are sent to the C2 and then reused by other modules that attempt to verify the validity of the passwords on other systems using SMB and RDP protocols.

Read More >>

The post Prometei botnet and its quest for Monero appeared first on Cisco Blogs.

2020. július 17.

Threat Roundup for July 10 to July 17

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 3 and July 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200717-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for July 10 to July 17 appeared first on Cisco Blogs.

2020. július 10.

Threat Roundup for July 3 to July 10

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 3 and July 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200710-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for July 3 to July 10 appeared first on Cisco Blogs.

2020. július 6.

WastedLocker Goes “Big-Game Hunting” in 2020

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec.

Threat summary
  • After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.
  • The use of “dual-use” tools and “LoLBins” enables adversaries to evade detection and stay under the radar as they further operate towards their objectives in corporate environments.
  • WastedLocker is one of the latest examples of adversaries’ continued use of lateral movement and privilege escalation to maximize the damage caused by ransomware.
  • The use of “big-game hunting” continues to cause significant operational and financial damages to organizations around the globe.
Background

Ransomware is a serious threat to organizations around the world. It is used to disrupt operations on computing systems so that attackers can extort victims and demand payment, typically in the form of cryptocurrency, to restore normal operations on infected systems. As the threat actors behind ransomware attacks have matured in their capabilities, they have refined their approach to generating revenue using this business model. One recent evolution has been the use of privilege escalation and lateral movement techniques prior to the activation of ransomware payloads within organizational environments.

By delivering and activating ransomware on many different systems within corporate networks simultaneously, attackers can maximize the damage they inflict. This often results in a situation where organizations may be more likely to pay a ransom demand than they otherwise would have been, had only a single endpoint been affected. In some cases organizational backup and recovery strategies may not have been adequately tested against situations in which a significant portion of their production environment is adversely affected at the same time, which may cause them to be more willing to pay a ransom demand. It also allows adversaries to increase the amount of the ransom they are demanding, often resulting in ransom demands for hundreds of thousands of dollars or more to recover infected systems. This approach is sometimes referred to as “big-game hunting.”

Adversaries have used this approach more frequently over the past year. One of the most recent examples of this is with the emergence of a threat actor that is currently leveraging a ransomware family known as “WastedLocker.” The adversary behind these attacks is taking advantage of various “dual-use” toolsets like Cobalt Strike, Mimikatz, Empire, and PowerSploit to facilitate lateral movement across environments being targeted. These toolsets are typically developed to aid with penetration testing or red-teaming activities, but their use is often co-opted by malicious adversaries as well. Additionally, the use of native operating system functionality, and what are commonly referred to as “LoLBins” allows attackers to evade detection and operate under the radar until they are ready to activate the ransomware and make their presence known.

Read More >>

The post WastedLocker Goes “Big-Game Hunting” in 2020 appeared first on Cisco Blogs.

2020. július 1.

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano.

Threat summary
  • Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.
  • These campaigns make use of existing email threads from compromised accounts to greatly increase success.
  • The additional use of password-protected ZIP files can create a blind spot in security protections.
  • The overwhelming majority of campaigns occurred over the last couple of months and targeted organizations in the financial, manufacturing, health care and insurance verticals.
Executive summary

Valak is a modular information-stealer that attackers have deployed to various countries since early-to-mid 2019. While Valak features a robust feature set, it is often observed alongside secondary malware payloads, including Gozi/Ursnif and IcedID. This malware is typically delivered via malicious spam email campaigns that leverage password-protected ZIP archives to evade detection by email security solutions that may inspect the contents of emails entering corporate networks. While previous analysis focused on campaigns targeting the United States and Germany, Cisco Talos has observed ongoing campaigns targeting other geographic regions including countries in North America, South America, Europe and likely others. The email campaigns distributing downloaders associated with Valak also appear to be leveraging existing email threads to lend credibility to the emails and increase the likelihood that victims will open file attachments and initiate the Valak infection process.

Read More >> 

The post Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks appeared first on Cisco Blogs.

2020. június 29.

PROMETHIUM extends global reach with StrongPity3 APT

The PROMETHIUM threat actor — active since 2012 — has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, Cisco Talos identified around 30 new C2 domains. We assess that PROMETHIUM activity corresponds to five peaks of activity when clustered by the creation date month and year.
Talos telemetry shows that PROMETHIUM is expanding its reach and attempts to infect new targets across several countries. The samples related to StrongPity3 targeted victims in Colombia, India, Canada and Vietnam. The group has at least four new trojanized setup files we observed: Firefox (a browser), VPNpro (a VPN client), DriverPack (a pack of drivers) and 5kPlayer (a media player).
Talos could not pinpoint the initial attack vector, however, the use of trojanized installation files to well-known applications is consistent with the previously documented campaigns. This leads us to believe that just like in the past, the initial vector may be either a watering hole attack or in-path request interception like mentioned in a CitizenLab report from 2018. This group mainly focuses on espionage, and these latest campaigns continue down the same path. The malware will exfiltrate any Microsoft Office file it encounters on the system. Previous research even linked PROMETHIUM to state-sponsored threats. The fact that the group does not refrain from launching new campaigns even after being exposed shows their resolve to accomplish their mission.

Read more >>>

The post PROMETHIUM extends global reach with StrongPity3 APT appeared first on Cisco Blogs.

2020. június 26.

Threat Roundup for June 19 to June 26

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 19 and June 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200626-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for June 19 to June 26 appeared first on Cisco Blogs.