Cisco patches a command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. The Gamaredon APT is more interested in collection than destruction. Kathleen Smith of ClearedJobs.Net looks at hiring trends in the cleared community. Bennett from Signifyd describes the fraud ring that’s launched a war on commerce against U.S. merchants. And trends in cyberattacks by state-sponsored actors.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/22

Selected reading.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover (Dark Reading)

Phishing Resistance – Protecting the Keys to Your Kingdom (NIST)

OneNote Documents Increasingly Used to Deliver Malware | Proofpoint UK (Proofpoint)

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign (Aquasec)

Another UAC-0010 Story (The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine)

Russia-backed hacker group Gamaredon attacking Ukraine with info-stealing malware (The Record from Recorded Future News)

City of London traders hit by Russia-linked cyber attack (The Telegraph)

ChristianaCare recovers from cyberattack, restores website service (6abc Philadelphia)

Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report (CSO Online)

Microsoft Digital Defense Report 2022 (Microsoft Security)