The CyberWire Daily Podcast 3.9.23
Ep 1776 | 3.9.23

PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.

Show Notes

A wormable version of the PlugX USB malware is found. Compromised webcams as a security threat. Emotet botnet out of hibernation. Proof-of-concept: AI used to generate polymorphic keylogger. Turning to alternatives as conventional tactics fail. Dave Bittner speaks with Eve Maler of ForgeRock to discuss how digital identity can help create a more secure connected car experience. Johannes Ullrich from SANS on configuring a proper time server infrastructure. And Phishing messages via legitimate Google notifications.

Selected reading.

A border-hopping PlugX USB worm takes its act on the road (Sophos News)

BitSight identifies thousands of global organizations using insecure webcams and other IoT devices, finding many susceptible to eavesdropping (BitSight) 

Emotet malware attacks return after three-month break (BleepingComputer)

BlackMamba: Using AI to Generate Polymorphic Malware (HYAS) 

Russian Cyberwar in Ukraine Stumbles Just Like Conventional One (Bloomberg)

Australian official demands Russia bring criminal hackers ‘to heel’ (The Record by Recorded Future)

Russia will have to rely on nukes, cyberattacks, and China since its military is being thrashed in Ukraine, US intel director says (Business Insider) 

BEC 3.0 - Legitimate Sites for Illegitimate Purposes  (Avanan)