Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.

Cisco patches a command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. The Gamaredon APT is more interested in collection than destruction. Kathleen Smith of ClearedJobs.Net looks at hiring trends in the cleared community. Bennett from Signifyd describes the fraud ring that’s launched a war on commerce against U.S. merchants. And trends in cyberattacks by state-sponsored actors.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/22

Selected reading.
Command-Injection …

actions anti-phishing antiphishing apt campaign cisco cisco patches collection command command injection command injection vulnerability cyber cyber ops destruction distribution exploitation fixes gamaredon gamaredon apt guidance guidelines hiring ics injection issues kathleen smith malware .net nist onenote ops patches phishing russian russian threat actors state threat threat actors trends vulnerabilities vulnerability