Links, artigos e notícias recomendadas das últimas duas semanas, que por motivos de força maior (nascimento do meu filho!) não tivemos a publicação na semana passada. Mas voltamos a partir de hoje com a programação normal.

Artigos

• Sha256 Algorithm Explained
• Nmap Vulnerability Scanning Made Easy
• How to Test Various Linux Distros Online
• Top 10 web hacking techniques of 2021
• Google Search Is Dying

Notícias

• Support ends for older versions of Visual Studio
• Announcing .NET 7 Preview 1

Segurança

• Hackers Backdoored Systems at China’s National Games Just Before
• Problema da LGPD é depender demais de confiança no Brasil, diz especialista
• Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks
• Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount
• Linux Malware on the Rise
• Critical RCE Flaws in ‘PHP Everywhere’ Plugin Affect Thousands of WordPress Sites
• CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
• Apple Patches Actively Exploited WebKit Zero Day
• New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP!
• The Unsettling Reason Why Your Help Desk May Be Your Greatest Security Vulnerability
• Pixelating Text Leads to Information Leakage, Warns Firm
• Cybercriminals Have Changed Tactics
• Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
• 4 Cloud Data Security Best Practices All Businesses Should Follow Today
• New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager
• Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks
• ‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• How I Discovered Thousands of Open Databases on AWS
• Authentication in ASP .NET Core

Notícias

• WhatsApp para Android deixará de ter backup ilimitado no Google Drive
• Cidade de Goiás perde R$ 6 milhões em golpe com Pix, mas poderia ser você — com qualquer valor; veja o que não fazer
• Chrome Web Store adota mudança polêmica do Google para bloqueadores de anúncios

Segurança

• Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web
• Beware! Facebook accounts being hijacked via Messenger prize phishing chats
• Critical Log4j Vulnerabilities Are the Ultimate Gift for Cybercriminals
• Megavazamento de 223 milhões de CPFs: um ano se passou e ainda há perguntas sem resposta
• Exclusivo: megavazamento de CPFs segue à venda e rende até US$ 5 milhões para hacker
• Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations
• Descubra se seu CPF está entre os 5,6 milhões do megavazamento de dados
• BC comunica segundo caso de vazamento de chaves Pix em menos de 15 dias
• North Korea Hacked Him. So He Took Down Its Internet
• Mac Malware-Dropping Adware Gets More Dangerous
• Microsoft reminds everyone how advanced a Mac trojan can be with new security report
• Metaverso vira “isca” para atrair usuários de apps no Android e iPhone

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Test Your Team, Not Just Your Disaster Recovery Plan
• Striking a Balance Between Cybersecurity Awareness and Anxiety
• The Biggest Mistake I See Engineers Make
• There’s No Such Thing as Clean Code

Notícias

• Discord is down, it’s not just you
• Google “mata” G Suite grátis, mas planeja alternativa para alguns usuários

Segurança

• New MoonBounce UEFI bootkit can’t be removed by replacing the hard drive
• Hactivists say they hacked Belarus rail system to stop Russian military buildup
• Is Google tracking your location even when you think you’ve turned it off? US states sue over “deception”
• A bug lurking for 12 years gives attackers root on most major Linux distros
• Windows ransomware LockBit makes the jump to Linux
• Distribuições Linux têm falha que existe há 12 anos e dá acesso root
• Apple Releases iOS and iPadOS Updates to Patch Actively Exploited 0-Day Vulnerability
• Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers
• QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
• Malware usa Pix para roubar dinheiro de usuários do PagSeguro
• North Korean hackers use Windows Update and GitHub in spear phishing attack

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Windows Docker development without Docker Desktop
• Backend Engineering Skills Are Emphasized Too Heavily for Principal Engineers
• O que é Web 3.0 e quais as diferenças para a Web 2.0?
• Announcing .NET MAUI Preview 12
• Securing Sensitive Data in an Event Driven Architecture

Notícias

• Síndrome de burnout é reconhecida como fenômeno ocupacional pela OMS

Segurança

• Safari bug can leak some of your Google account info and recent browsing history
• ‘Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls
• Nine-year-old kids are launching DDoS attacks against schools
• Banco Central comunica vazamento de dados de 160,1 mil chaves Pix da Acesso Pagamentos
• Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Introduction to Dotnet MAUI
• Tips for More Efficient .NET Logs
• Neovim para desenvolvedores .NET C#
• Github Copilot Wants to Play Chess Instead of Code

Notícias

• Discontinued Long Term Support for AngularJS

Segurança

• Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps
• Desenvolvedor sabota módulos de código aberto e afeta milhares de sistemas
• Cibersegurança entra na agenda de investimentos para este ano, dizem analistas
• Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Presents
• New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
• Localiza confirma incidente de segurança cibernética; grupo hacker assume autoria
• Hacking group accidentally infects itself with Remote Access Trojan horse
• Why Security Awareness Training Should Begin in the C-Suite
• How Cybercriminals Are Cashing in on the Culture of ‘Yes’
• New Vulnerabilities Highlight Risks of Trust in Public Cloud
• How to Protect Your Phone from Pegasus and Other APTs
• North Korean Hackers Stole Millions from Cryptocurrency Startups
• The Cybersecurity Measures CTOs Are Actually Implementing

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Is it complex? Break it down!
• CQRS & Event Sourcing Code Walk-Through
• The World Is Increasingly Controlled and Transformed by Algorithms
• My first impressions of web3

Notícias

• Fim de uma era: BlackBerry é aposentado hoje
• Microsoft fixed a Y2K-style bug that broke Exchange email

Segurança

• Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities
• Norton 360 Now Comes With a Cryptominer
• New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification
• NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance
• Why Facebook keeps collecting people’s data and building their profiles even when their accounts are deactivated
• Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
• Attack Misuses Google Docs Comments to Spew Out “Massive Wave” of Malicious Links
• Discord hacking is the newest threat for NFT buyers

E voltamos nesse ano de 2022 com a nossa programação normal, com os links, artigos e notícias recomendadas das últimas semanas!

Artigos

• Operator Precedence in JavaScript
• Consider SQLite
• How to poison the data that Big Tech uses to surveil you

Notícias

• Alexa suggests 10-year-old put a penny on partially exposed plug
• Y2K22 bug stops Exchange mail delivery: Antimalware engine stumbles on 2022
• Microsoft working on fix for “Year 2022” bug where Microsoft Exchange emails might be stuck in transport queues

Segurança

• Hackers que invadiram Tribunal da Justiça para reverter pena são condenados
• Google: More than 35,000 Java packages impacted by Log4j vulnerabilities
• Anatel encontra malware em TV Box HTV, modelo pirata mais vendido do Brasil
• Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
• New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML
• China Suspends Deal With Alibaba For Not Sharing Log4j 0-Day First with the Government
• Microsoft Customer Source Code Exposed via Azure App Service Bug
• CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
• Hackers que invadiram Ministério de Saúde atacam Correios
• Microsoft notifies customers of Azure bug that exposed their source code
• Fisher-Price’s Chatter phone has a simple but problematic Bluetooth bug
• New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers
• ‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware
• LastPass users warned their master passwords are compromised
• Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution
• Several LastPass users receive security email scare, but no breach detected
• How did LastPass master passwords get compromised?
• Claro foi invadida? Grupo hacker e funcionário dizem que sim

Links, artigos e notícias recomendadas dos últimos dias!
E este é o último Resumo da Semana de 2021! Voltamos em 2022!

Artigos

• Don’t start with microservices – monoliths are your friend
• Why I don’t use MediatR for CQRS
• CQRS is simpler than you think with .NET 6 and C# 10

Notícias

• Bitcoin: 90% do suprimento total da criptomoeda já foi minerado
• Woman lost @metaverse Instagram handle days after Facebook name change

Segurança

• New Log4j Attack Vector Discovered
• Zero Trust Shouldn’t Mean Zero Trust in Employees
• How Risky Is the Log4J Vulnerability?
• Log4Shell: The Big Picture
• Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
• Why We Need “Developer-First” Application Security
• Why Cloud Storage Isn’t Immune to Ransomware
• Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange
• Top 3 SaaS Security Threats for 2022
• Hackers launch over 840,000 attacks through Log4J flaw
• Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released
• Source Code Leaks: The Real Problem Nobody Is Paying Attention To
• Log4Shell Exploitation Grows as Security Firms Scramble to Contain Log4j Threat
• Ministério da Saúde é alvo de novos ataques hacker e desliga rede interna
• Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
• Log4Shell: The race is on to fix millions of systems and internet-connected devices

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Segurança oferecida pelos provedores de nuvem não é suficiente; mas é mais fácil do que parece
• Newly Found Authentication Flaws Highlight Dangers of Coding From Scratch
• Don’t Do That, Do This: The .NET 6 Edition
• Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)
• Ransomware playbook ITSM.00.099

Segurança

• IKEA é vítima de phishing complexo e tem seu serviço de email interno comprometido
• Why the C-Suite Doesn’t Need Access to All Corporate Data
• Russian Actors Behind SolarWinds Attack Hit Global Business & Government Targets
• Microsoft captura 42 domínios utilizados pelo governo da China para ciberespionagem internacional
• Fundador da Safernet Brasil cita ameaças de morte e deixa o país
• Chrome Users Beware: Manifest V3 is Deceitful and Threatening
• Golpe via WhatsApp usa dados vazados e pede dinheiro a parentes da vítima

Firefox 95

• Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code
• Firefox 95 enhances the browser’s protection against malicious code
• Firefox 95 for Windows and Mac introduces RLBox, a new sandboxing tech

Ataque ao Ministério da saúde

• Sistemas do Ministério da Saúde são desfigurados por hackers
• ConecteSUS não exibe vacinas após ataque hacker ao Ministério da Saúde

Vulnerabilidade Log4J

• RECOMENDAÇÃO 12/2021 - Atualização do Log4j
• Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package
• What to Do While Waiting for the Log4J Updates
• The Log4Shell zeroday 4 days on. What is it and how bad is it really?

Links, artigos e notícias recomendadas dos últimos dias!

Artigos

• Open .NET
• Advent of Code 2021
• I like Microsoft Edge. But if it doesn’t get less annoying, I’ll switch again
• .NET Conf 2021 Recap – Videos, Slides, Demos, and More

Notícias

• New Lightweight JetBrains Editor Draws VS Code Comparisons
• Microsoft backtracks on Windows 11’s controversial default browser changes

Segurança

• Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency
• Phishing Remains the Most Common Cause of Data Breaches, Survey Says
• Panasonic Suffers Data Breach After Hackers Hack Into Its Network
• Finding Your Niche in Cybersecurity
• FBI recupera R$ 13 milhões roubados pelo ransomware REvil
• FBI document shows what data can be obtained from encrypted messaging apps
• APT Groups Adopt New Phishing Method. Will Cybercriminals Follow?
• FluBot malware warning after 70,000 attacks launched over SMS
• A mysterious threat actor is running hundreds of malicious Tor relays
• U.S. State Department phones hacked with Israeli company spyware - sources
• New Malvertising Campaigns Spreading Backdoors, Malicious Chrome
• How Criminals Are Using Synthetic Identities for Fraud