May 28, 2025

Risky Business #793 -- Scattered Spider is hijacking MX records

1 hour 4 minutes

In this week’s edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week’s news, including:

EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes

The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed

Brian Krebs eats a 6.3Tbps DDoS … ‘cause that’s how you demo your packet cannon

Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers

Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty

CISA’s leadership is fleeing in droves, even though the US needs them more than ever.

This week’s episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year’s RSA conference.

This episode is also available on Youtube.

Show notes

" rel="noopener noreferrer">China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW

" rel="noopener noreferrer">Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media

" rel="noopener noreferrer">KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security

" rel="noopener noreferrer">Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News

" rel="noopener noreferrer">Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive

" rel="noopener noreferrer">Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events🕊️👀 https://t.co/MOjCSMMErK" / X

" rel="noopener noreferrer">Ransomware hackers charged, infrastructure dismantled in international law enforcement operation | The Record from Recorded Future News

" rel="noopener noreferrer">Oops: DanaBot Malware Devs Infected Their Own PCs – Krebs on Security

" rel="noopener noreferrer">DOJ charges man allegedly behind Qakbot malware | The Record from Recorded Future News

" rel="noopener noreferrer">US, Europol arrest 270 dark web drug traffickers in Operation RapTor | The Record from Recorded Future News

" rel="noopener noreferrer">Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars | The Record from Recorded Future News

" rel="noopener noreferrer">Decentralized crypto platform Cetus hit with $223 million hack | The Record from Recorded Future News

" rel="noopener noreferrer">Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand | The Record from Recorded Future News

" rel="noopener noreferrer">USA: Crypto investor charged with kidnapping, torturing man in an NYC apartment

" rel="noopener noreferrer">Vietnam orders ban on Telegram messaging app over security concerns | The Record from Recorded Future News

" rel="noopener noreferrer">Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government | Reuters

" rel="noopener noreferrer">CISA loses nearly all top officials as purge continues | Cybersecurity Dive

" rel="noopener noreferrer">White House dismisses scores of National Security Council staff - The Washington Post

...more

View all episodes

By Patrick Gray

4.6

354354 ratings