Risky Business Risky Business #820 -- Asian fraud kingpin will face Chinese justice (pew pew!)
36 snips
Jan 14, 2026 David Cottingham, co-founder of Airlock Digital and expert in cybersecurity, discusses the risks associated with Microsoft’s ClickOnce application deployment. He explains how attackers exploit ClickOnce to load malicious code and the effectiveness of allow-listing in mitigating these threats. The conversation also dives into the challenges EDR technologies face in detecting such attacks. Additionally, there's a fascinating debate on the potential for AI to enhance allow-list management while maintaining human oversight.
AI Snips
Chapters
Transcript
Episode notes
MongoBleed: Uninitialized Memory Leaks Matter
- MongoBleed leaks uninitialized MongoDB memory allowing theft of tokens and credentials unpredictably.
- Widespread internet-facing MongoDB instances increased real-world exploitation risk despite nondeterministic leak results.
Battle-Test WAFs With Bounties
- Use WAFs as an interim mitigation while rebuilding vulnerable apps and infrastructure.
- Run targeted bounty programs to pay experts for WAF bypasses and harden rules quickly.
GnuPG Risks: Old Code Meets Modern Use
- GnuPG shows legacy-implementation and UX weaknesses that enable signature validation bypasses and terminal trickery.
- The research highlights how old code and common usage patterns together create real attack surface for software distribution.