Links, notícias e artigos recomendados da última semana. Ainda continuam os eventos da guerra na Ucrânia, fim do YouTube Vanced, talvez a Netlix comece a cobrar mais de quem compartilha conta, 25 anos do VisualStudio, novidades do C#11, risco do fim da internet única e global e bloqueio do Telegram no Brasil.

Estes são os links, notícias e artigos recomendados dos últimos dias.
Vulnerabilidade grave encontrada no Linux, continuidade da guerra Rússia x Ucrânia, confirmação da descoberta de restrição de performance nos celulares Samsung, proposta de tipagem (de alguma forma) no JavaScript, novo processador da Apple, uso dos códigos vazados da NVIDIA e mais!

Notícias, artigos e links recomendados das últimas semanas.
E temos alguns destaques, principalmente os ataques cibernéticos relacionados à guerra russa na Ucrânia, as empresas do grupo B2W (como Americanas e Submarino) que ficaram fora do ar, problemas no Itaú, incidente de segurança na NVIDIA, novo estudo que mostra fragilidade de senhas mais simples, novo tipo de ataque DDOS e descoberta de dispositivos Samsung limitando a performance de uma grande quantidade de aplicativos. Também vale conferir uma lista interessante de alternativas de código aberto para alguns serviços conhecidos (como Postman, Firebase, Heroku, etc).

Links, artigos e notícias recomendadas das últimas duas semanas, que por motivos de força maior (nascimento do meu filho!) não tivemos a publicação na semana passada. Mas voltamos a partir de hoje com a programação normal.

Artigos

• Sha256 Algorithm Explained
• Nmap Vulnerability Scanning Made Easy
• How to Test Various Linux Distros Online
• Top 10 web hacking techniques of 2021
• Google Search Is Dying

Notícias

• Support ends for older versions of Visual Studio
• Announcing .NET 7 Preview 1

Segurança

• Hackers Backdoored Systems at China’s National Games Just Before
• Problema da LGPD é depender demais de confiança no Brasil, diz especialista
• Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks
• Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount
• Linux Malware on the Rise
• Critical RCE Flaws in ‘PHP Everywhere’ Plugin Affect Thousands of WordPress Sites
• CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
• Apple Patches Actively Exploited WebKit Zero Day
• New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP!
• The Unsettling Reason Why Your Help Desk May Be Your Greatest Security Vulnerability
• Pixelating Text Leads to Information Leakage, Warns Firm
• Cybercriminals Have Changed Tactics
• Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
• 4 Cloud Data Security Best Practices All Businesses Should Follow Today
• New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager
• Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks
• ‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• How I Discovered Thousands of Open Databases on AWS
• Authentication in ASP .NET Core

Notícias

• WhatsApp para Android deixará de ter backup ilimitado no Google Drive
• Cidade de Goiás perde R$ 6 milhões em golpe com Pix, mas poderia ser você — com qualquer valor; veja o que não fazer
• Chrome Web Store adota mudança polêmica do Google para bloqueadores de anúncios

Segurança

• Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web
• Beware! Facebook accounts being hijacked via Messenger prize phishing chats
• Critical Log4j Vulnerabilities Are the Ultimate Gift for Cybercriminals
• Megavazamento de 223 milhões de CPFs: um ano se passou e ainda há perguntas sem resposta
• Exclusivo: megavazamento de CPFs segue à venda e rende até US$ 5 milhões para hacker
• Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations
• Descubra se seu CPF está entre os 5,6 milhões do megavazamento de dados
• BC comunica segundo caso de vazamento de chaves Pix em menos de 15 dias
• North Korea Hacked Him. So He Took Down Its Internet
• Mac Malware-Dropping Adware Gets More Dangerous
• Microsoft reminds everyone how advanced a Mac trojan can be with new security report
• Metaverso vira “isca” para atrair usuários de apps no Android e iPhone

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Test Your Team, Not Just Your Disaster Recovery Plan
• Striking a Balance Between Cybersecurity Awareness and Anxiety
• The Biggest Mistake I See Engineers Make
• There’s No Such Thing as Clean Code

Notícias

• Discord is down, it’s not just you
• Google “mata” G Suite grátis, mas planeja alternativa para alguns usuários

Segurança

• New MoonBounce UEFI bootkit can’t be removed by replacing the hard drive
• Hactivists say they hacked Belarus rail system to stop Russian military buildup
• Is Google tracking your location even when you think you’ve turned it off? US states sue over “deception”
• A bug lurking for 12 years gives attackers root on most major Linux distros
• Windows ransomware LockBit makes the jump to Linux
• Distribuições Linux têm falha que existe há 12 anos e dá acesso root
• Apple Releases iOS and iPadOS Updates to Patch Actively Exploited 0-Day Vulnerability
• Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers
• QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
• Malware usa Pix para roubar dinheiro de usuários do PagSeguro
• North Korean hackers use Windows Update and GitHub in spear phishing attack

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Windows Docker development without Docker Desktop
• Backend Engineering Skills Are Emphasized Too Heavily for Principal Engineers
• O que é Web 3.0 e quais as diferenças para a Web 2.0?
• Announcing .NET MAUI Preview 12
• Securing Sensitive Data in an Event Driven Architecture

Notícias

• Síndrome de burnout é reconhecida como fenômeno ocupacional pela OMS

Segurança

• Safari bug can leak some of your Google account info and recent browsing history
• ‘Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls
• Nine-year-old kids are launching DDoS attacks against schools
• Banco Central comunica vazamento de dados de 160,1 mil chaves Pix da Acesso Pagamentos
• Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Introduction to Dotnet MAUI
• Tips for More Efficient .NET Logs
• Neovim para desenvolvedores .NET C#
• Github Copilot Wants to Play Chess Instead of Code

Notícias

• Discontinued Long Term Support for AngularJS

Segurança

• Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps
• Desenvolvedor sabota módulos de código aberto e afeta milhares de sistemas
• Cibersegurança entra na agenda de investimentos para este ano, dizem analistas
• Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Presents
• New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
• Localiza confirma incidente de segurança cibernética; grupo hacker assume autoria
• Hacking group accidentally infects itself with Remote Access Trojan horse
• Why Security Awareness Training Should Begin in the C-Suite
• How Cybercriminals Are Cashing in on the Culture of ‘Yes’
• New Vulnerabilities Highlight Risks of Trust in Public Cloud
• How to Protect Your Phone from Pegasus and Other APTs
• North Korean Hackers Stole Millions from Cryptocurrency Startups
• The Cybersecurity Measures CTOs Are Actually Implementing

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Is it complex? Break it down!
• CQRS & Event Sourcing Code Walk-Through
• The World Is Increasingly Controlled and Transformed by Algorithms
• My first impressions of web3

Notícias

• Fim de uma era: BlackBerry é aposentado hoje
• Microsoft fixed a Y2K-style bug that broke Exchange email

Segurança

• Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities
• Norton 360 Now Comes With a Cryptominer
• New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification
• NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance
• Why Facebook keeps collecting people’s data and building their profiles even when their accounts are deactivated
• Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
• Attack Misuses Google Docs Comments to Spew Out “Massive Wave” of Malicious Links
• Discord hacking is the newest threat for NFT buyers

E voltamos nesse ano de 2022 com a nossa programação normal, com os links, artigos e notícias recomendadas das últimas semanas!

Artigos

• Operator Precedence in JavaScript
• Consider SQLite
• How to poison the data that Big Tech uses to surveil you

Notícias

• Alexa suggests 10-year-old put a penny on partially exposed plug
• Y2K22 bug stops Exchange mail delivery: Antimalware engine stumbles on 2022
• Microsoft working on fix for “Year 2022” bug where Microsoft Exchange emails might be stuck in transport queues

Segurança

• Hackers que invadiram Tribunal da Justiça para reverter pena são condenados
• Google: More than 35,000 Java packages impacted by Log4j vulnerabilities
• Anatel encontra malware em TV Box HTV, modelo pirata mais vendido do Brasil
• Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
• New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML
• China Suspends Deal With Alibaba For Not Sharing Log4j 0-Day First with the Government
• Microsoft Customer Source Code Exposed via Azure App Service Bug
• CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
• Hackers que invadiram Ministério de Saúde atacam Correios
• Microsoft notifies customers of Azure bug that exposed their source code
• Fisher-Price’s Chatter phone has a simple but problematic Bluetooth bug
• New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers
• ‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware
• LastPass users warned their master passwords are compromised
• Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution
• Several LastPass users receive security email scare, but no breach detected
• How did LastPass master passwords get compromised?
• Claro foi invadida? Grupo hacker e funcionário dizem que sim