Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.

Cisco patches a command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. The Gamaredon APT is more interested in collection than destruction. Kathleen Smith of ClearedJobs.Net looks at hiring trends in the cleared community. Bennett from Signifyd describes the fraud ring that’s launched a war on commerce against U.S. merchants. And trends in cyberattacks by state-sponsored actors.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/22

Selected reading.
Command-Injection Bug in …

actions anti-phishing antiphishing apt campaign cisco cisco patches collection command command injection commerce community cyber destruction distribution exploitation fixes fraud gamaredon gamaredon apt guidance guidelines hiring ics injection kathleen smith malware .net nist onenote patches phishing ring russian signifyd state threat threat actors trends vulnerabilities vulnerability war