Links @ Put.as

April 2021

Update on git.php.net incident - A clusterfuck, as usual. Trust is too cheap these days.
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
RANSOM MAFIA. ANALYSIS OF THE WORLD’S FIRST RANSOMWARE CARTEL
Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

INTERNATIONAL SECURITY AND ESTONIA 2021 - The Estonian Foreign Intelligence Service annual report is always a good read.

Persuasion and the Prestige Paradox: Are High Status People More Likely to Lie?
Taboo: Why Is Africa the Global COVID ‘Cold Spot’ and Why Are We Afraid to Talk About It?

It’s hard to draw lessons from your own failures

March 2021

JÓZSEF KARDOS: “THE INEVITABLE FALL OF ARTURO UI,” AN OPEN LETTER TO JÁNOS ÁDER, PRESIDENT OF THE REPUBLIC OF HUNGARY - A well-written, must read open letter. Hungary is a huge problem that EU keeps ignoring.
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

CVE-2021-26855: Microsoft Exchange Server-Side Request Forgery - Exchange RCE root cause analysis.
Stealing arbitrary GitHub Actions secrets"
APT Encounters of the Third Kind - Interesting malware and covert channels. Great catch!
INTERNALSSpeculating The Entire X86-64 Instruction Set In Seconds With This One Weird Trick