In this post I'll summarize my blogging activity at ZDNet's Zero Day blog throughout 2008-2013 providing my readers with the necessary data information and knowledge to stay ahead of current and emerging threats.
ZDNet Zero Day Blog Posts - May, 2008
- Major career web sites hit by spammers attack
- A U.S military botnet in the works
- DIY phishing kits introducing new features
- Redmond Magazine Successfully SQL Injected by Chinese Hacktivists
- Fast-Fluxing SQL injection attacks executed from the Asprox botnet
- The Storm Worm would love to infect you
- DoS Attacks Using SQL Wildcards Revealed
- Pro-Serbian hacktivists attacking Albanian web sites
- Over 1.5 million pages affected by the recent SQL injection attacks
- No security software, no E-banking fraud claims for you
- Google introducing Safe Browsing diagnostic to help owners of compromised sites
- Facebook vulnerable to critical XSS, could lead to malware attacks
- Tracking down the Storm Worm malware
- Top ten worst spam registrars notified by ICANN
- Open source software security improving
- Who keeps failing their FISMA compliance?
- Botnets committing click fraud observed
- ICANN warning against registrar impersonation phishing attacks
- Attacks on NFC mobile phones demonstrated
- Comcast's DNS records hijacked, redirect to hacked page
- How was Comcast.net hijacked?
- Chinese female hacking group spotted
- Microsoft's CAPTCHA successfully broken
ZDNet Zero Day Blog Posts - June, 2008
- Phoenix Mars Lander's mission site hacked
- Online brand-jacking increasing
- Metasploit Project's site hijacked through ARP poisoning
- Privacy flaw exposes Paris Hilton and Lindsay Lohan's private MySpace photos
- Skype patches security policy bypassing vulnerability
- Who's behind the GPcode ransomware?
- Proof of Concept "carpet bombing" exploit released in the wild
- Fake ImageShack site serving malware, links distributed over IM
- How to recover GPcode encrypted files?
- Photobucket's DNS records hijacked by Turkish hacking group
- A security company wants you to DDoS its servers
- China detains web site defacer spreading earthquake rumors
- Security breach hits DivShare, unauthorized access to its database
- Local root escalation vulnerability in Mac OS X 10.4 and 10.5 discovered
- Phishers targeting Facebook users, fake logins spammed through hacked accounts
- Trojan exploiting unpatched Mac OS X vulnerability in the wild
- Spam attack shut downs Marshall Islands email service
- 200,000 sites spreading web malware, China's hosting the most
- ICANN and IANA's domains hijacked by Turkish hacking group
- HSBC sites vulnerable to XSS flaws, could aid phishing attacks
ZDNet Zero Day Blog Posts - July, 2008
- Blizzard introducing two-factor authentication for WoW gamers
- Sony PlayStation's site SQL injected, redirecting to rogue security software
- 300 Lithuanian sites hacked by Russian hackers
- Antivirus vendor introducing virtual keyboard for secure Ebanking
- Gmail, Yahoo and Hotmail's CAPTCHA broken by spammers
- Storm Worm's Independence Day campaign
- Approximately 800 vulnerabilities discovered in antivirus products
- $1 Million prize offered for cracking an encryption algorithm
- U.K's most spammed person receives 44,000 spam emails daily
- Storm Worm says the U.S have invaded Iran
- Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails
- Verizon, Telecom Italia, and Brasil Telecom top the botnet charts in Q2 of 2008
- XSS worm at Justin.tv infects 2,525 profiles
- Remote code execution through Intel CPU bugs
- Ringleader of cybercrime group to be offered a job as cybercrime fighter
- Spam coming from free email providers increasing
- Kaspersky's Malaysian site hacked by Turkish hacker
- Georgia President's web site under DDoS attack from Russian hackers
- 75% of online banking sites found vulnerable to security design flaws
- McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position
- Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame
- How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability
- DNS cache poisoning attacks exploited in the wild
- The Neosploit cybercrime group abandons its web malware exploitation kit
- OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke"
- HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame
ZDNet Zero Day Blog Posts - August, 2008
- Cuil's stance on privacy - "We have no idea who you are"
- Phishers increasingly scamming other phishers
- Today's assignment : Coding an undetectable malware
- Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection
- Fake CNN news items malware campaign spreading rapidly
- CNET's Clientside developer blog serving Adobe Flash exploits
- Coordinated Russia vs Georgia cyber attack in progress
- Researcher discovers Nokia S40 security vulnerabilities, demands 20,000 euros to release details
- Intel proactively fixes security flaws in its chips
- 1.5m spam emails sent from compromised University accounts
- Fortune 500 companies use of email spoofing countermeasures declining
- China busts hacking ring, managed to penetrate 10 gov't databases
- Scammers caught backdooring chip and PIN terminals
- SpamZa - opt in spamming service fighting to remain online
- FEMA's PBX network hacked, over 400 calls made to the Middle East
- Typosquatting the U.S presidential election - a security risk?
- Hundreds of Dutch web sites hacked by Islamic hackers
- Twitter's "me too" anti-spam strategy
- Malware detected at the International Space Station
- Taiwan busts hacking ring, 50 million personal records compromised
- MSN Norway serving Flash exploits through malvertising
- Inside India's CAPTCHA solving economy
ZDNet Zero Day Blog Posts - September, 2008
- DoS vulnerability hits Google's Chrome, crashes with all tabs
- Malware and spam attacks exploiting Picasa and ImageShack
- Spamming vendor launches managed spamming service
- Facebook introducing new security warning feature
- Google downplays Chrome's carpet-bombing flaw
- Targeted malware attack against U.S schools intercepted
- The most "dangerous" celebrities to search for in 2008
- Norwegian BitTorrent tracker under DDoS attack
- Attacker: Hacking Sarah Palin's email was easy
- Bill O'Reilly's web site hacked, attackers release personal details of users
- India's government: At last, we've cracked Blackberry's encryption
- Memory exhaustion DoS vulnerability hits Google's Chrome
- 44% of second hand mobile devices still contain sensitive data
- Spammers attacking Microsoft's CAPTCHA -- again
ZDNet Zero Day Blog Posts - October, 2008
- Cybercriminals syndicating Google Trends keywords to serve malware
- Scammers introduce ATM skimmers with built-in SMS notification
- Atrivo/Intercage's disconnection briefly disrupts spam levels
- Adobe posts workaround for clickjacking flaw, NoScript releases ClearClick
- Asus ships Eee Box PCs with malware
- Fake Microsoft Patch Tuesday malware campaign spreading
- Secunia: popular security suites failing to block exploits
- Survey: 88% of Mumbai's wireless networks easy to compromise
- Adobe's Serious Magic site SQL Injected by Asprox botnet
- Inside an affiliate spam program for pharmaceuticals
- Google to introduce warnings for potentially hackable sites
- Lack of phishing attacks data sharing puts $300M at stake annually
- CardCops: Stolen credit card details getting cheaper
- Cybercrime friendly EstDomains loses ICANN registrar accreditation
- Phishers apply quality assurance, start validating credit card numbers
- Spammers targeting Bebo, generate thousands of bogus accounts
ZDNet Zero Day Blog Posts - November, 2008
- Black market for zero day vulnerabilities still thriving
- Google and T-Mobile push patch for Android security flaw
- Fake WordPress site distributing backdoored release
- Koobface Facebook worm still spreading
- Cyber terrorists to face death penalty in Pakistan
- AVG and Rising signatures update detects Windows files as malware
- BBC hit by a DDoS attack
- Google fixes critical XSS vulnerability
- $10k hacking contest announced
- Anti fraud site hit by a DDoS attack
- Commercial vendor of spyware under legal fire
- Fake Windows XP activation trojan goes 2.0
- Cybercriminals release Christmas themed web malware exploitation kit
- Google: no evidence of a Gmail vulnerability
- New worm exploiting MS08-067 flaw spotted in the wild
- Microsoft's Live launches malware detection service for webmasters
ZDNet Zero Day Blog Posts - December, 2008
