Vulnerabilities are identified and patched in Citrix Netscaler products and Adobe Coldfusion. The banking sector should be monitoring the dark web for leaked credentials and insider threats. Spyware vendors are added to the US Entity List. WhatsApp accounts may be at risk. Verizon’s Chris Novak shares insights on Log4j from this year’s DBIR. Our guest is Candid Wüest of Acronis discussing the findings of their Year-end Cyberthreats Report. Skirmishes in the cyber phases of Russia's war. And how do you demobilize cyber forces (especially the auxiliaries) once the war is over?

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/136

Selected reading.
Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns 
New critical Citrix ADC and Gateway flaw exploited as zero-day (BleepingComputer) 
Citrix alerts users to critical vulnerability in Citrix ADC and Gateway (Computing)
Adobe, Microsoft and Citrix vulnerabilities draw warnings from CISA (Record)
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities (Rapid7)
Dark Web Threats Against The Banking Sector › Searchlight Cyber (Searchlight Cyber)
WhatsApp Remote Deactivation Warning For 2 Billion Users (Forbes)
The United States Adds Foreign Companies to Entity List for Malicious Cyber Activities - United States Department of State (United States Department of State) 
Commerce Adds Four Entities to Entity List for Trafficking in Cyber Exploits (Bureau of Industry and Security) 
Russian hackers may be behind 'DDoS' attack on NZ Parliament website (Stuff) 
Russian medical lab suspends some services after ransomware attack (Record) 
If you want peace, prepare for… cyberwar - Friends of Europe (Friends of Europe)