Summarizing 4 Years of ZDNet Zero Day Posts Research

It's been quite some time since I last posted a quality blog post regarding my ex-employer CBS Interactive's ZDNet where I used to work as a Security Blogger for ZDNet's Zero Day throughout 2008-2013 and I wanted to take the time and effort to say thanks to my Editor-in-Chief including Editorial Director - Larry Dignan and David Grober who provided editorial guidance including the publishing of the original post regarding my disappearance circa 2010 including the search for me.

In this post I'll summarize my blogging activity at ZDNet's Zero Day blog throughout 2008-2013 providing my readers with the necessary data information and knowledge to stay ahead of current and emerging threats.

ZDNet Zero Day Blog Posts - May, 2008

• Major career web sites hit by spammers attack
• A U.S military botnet in the works
• DIY phishing kits introducing new features
• Redmond Magazine Successfully SQL Injected by Chinese Hacktivists
• Fast-Fluxing SQL injection attacks executed from the Asprox botnet
• The Storm Worm would love to infect you
• DoS Attacks Using SQL Wildcards Revealed
• Pro-Serbian hacktivists attacking Albanian web sites
• Over 1.5 million pages affected by the recent SQL injection attacks
• No security software, no E-banking fraud claims for you
• Google introducing Safe Browsing diagnostic to help owners of compromised sites
• Facebook vulnerable to critical XSS, could lead to malware attacks
• Tracking down the Storm Worm malware
• Top ten worst spam registrars notified by ICANN
• Open source software security improving
• Who keeps failing their FISMA compliance?
• Botnets committing click fraud observed
• ICANN warning against registrar impersonation phishing attacks
• Attacks on NFC mobile phones demonstrated
• Comcast's DNS records hijacked, redirect to hacked page
• How was Comcast.net hijacked?
• Chinese female hacking group spotted
• Microsoft's CAPTCHA successfully broken

ZDNet Zero Day Blog Posts - June, 2008

• Phoenix Mars Lander's mission site hacked
• Online brand-jacking increasing
• Metasploit Project's site hijacked through ARP poisoning
• Privacy flaw exposes Paris Hilton and Lindsay Lohan's private MySpace photos
• Skype patches security policy bypassing vulnerability
• Who's behind the GPcode ransomware?
• Proof of Concept "carpet bombing" exploit released in the wild
• Fake ImageShack site serving malware, links distributed over IM
• How to recover GPcode encrypted files?
• Photobucket's DNS records hijacked by Turkish hacking group
• A security company wants you to DDoS its servers
• China detains web site defacer spreading earthquake rumors
• Security breach hits DivShare, unauthorized access to its database
• Local root escalation vulnerability in Mac OS X 10.4 and 10.5 discovered
• Phishers targeting Facebook users, fake logins spammed through hacked accounts
• Trojan exploiting unpatched Mac OS X vulnerability in the wild
• Spam attack shut downs Marshall Islands email service
• 200,000 sites spreading web malware, China's hosting the most
• ICANN and IANA's domains hijacked by Turkish hacking group
• HSBC sites vulnerable to XSS flaws, could aid phishing attacks

ZDNet Zero Day Blog Posts - July, 2008

• Blizzard introducing two-factor authentication for WoW gamers
• Sony PlayStation's site SQL injected, redirecting to rogue security software
• 300 Lithuanian sites hacked by Russian hackers
• Antivirus vendor introducing virtual keyboard for secure Ebanking
• Gmail, Yahoo and Hotmail's CAPTCHA broken by spammers
• Storm Worm's Independence Day campaign
• Approximately 800 vulnerabilities discovered in antivirus products
• $1 Million prize offered for cracking an encryption algorithm
• U.K's most spammed person receives 44,000 spam emails daily
• Storm Worm says the U.S have invaded Iran
• Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails
• Verizon, Telecom Italia, and Brasil Telecom top the botnet charts in Q2 of 2008
• XSS worm at Justin.tv infects 2,525 profiles
• Remote code execution through Intel CPU bugs
• Ringleader of cybercrime group to be offered a job as cybercrime fighter
• Spam coming from free email providers increasing
• Kaspersky's Malaysian site hacked by Turkish hacker
• Georgia President's web site under DDoS attack from Russian hackers
• 75% of online banking sites found vulnerable to security design flaws
• McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position
• Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame
• How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability
• DNS cache poisoning attacks exploited in the wild
• The Neosploit cybercrime group abandons its web malware exploitation kit
• OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke"
• HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame

ZDNet Zero Day Blog Posts - August, 2008

• Cuil's stance on privacy - "We have no idea who you are"
• Phishers increasingly scamming other phishers
• Today's assignment : Coding an undetectable malware
• Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection
• Fake CNN news items malware campaign spreading rapidly
• CNET's Clientside developer blog serving Adobe Flash exploits
• Coordinated Russia vs Georgia cyber attack in progress
• Researcher discovers Nokia S40 security vulnerabilities, demands 20,000 euros to release details
• Intel proactively fixes security flaws in its chips
• 1.5m spam emails sent from compromised University accounts
• Fortune 500 companies use of email spoofing countermeasures declining
• China busts hacking ring, managed to penetrate 10 gov't databases
• Scammers caught backdooring chip and PIN terminals
• SpamZa - opt in spamming service fighting to remain online
• FEMA's PBX network hacked, over 400 calls made to the Middle East
• Typosquatting the U.S presidential election - a security risk?
• Hundreds of Dutch web sites hacked by Islamic hackers
• Twitter's "me too" anti-spam strategy
• Malware detected at the International Space Station
• Taiwan busts hacking ring, 50 million personal records compromised
• MSN Norway serving Flash exploits through malvertising
• Inside India's CAPTCHA solving economy

ZDNet Zero Day Blog Posts - September, 2008

• DoS vulnerability hits Google's Chrome, crashes with all tabs
• Malware and spam attacks exploiting Picasa and ImageShack
• Spamming vendor launches managed spamming service
• Facebook introducing new security warning feature
• Google downplays Chrome's carpet-bombing flaw
• Targeted malware attack against U.S schools intercepted
• The most "dangerous" celebrities to search for in 2008
• Norwegian BitTorrent tracker under DDoS attack
• Attacker: Hacking Sarah Palin's email was easy
• Bill O'Reilly's web site hacked, attackers release personal details of users
• India's government: At last, we've cracked Blackberry's encryption
• Memory exhaustion DoS vulnerability hits Google's Chrome
• 44% of second hand mobile devices still contain sensitive data
• Spammers attacking Microsoft's CAPTCHA -- again

ZDNet Zero Day Blog Posts - October, 2008

• Cybercriminals syndicating Google Trends keywords to serve malware
• Scammers introduce ATM skimmers with built-in SMS notification
• Atrivo/Intercage's disconnection briefly disrupts spam levels
• Adobe posts workaround for clickjacking flaw, NoScript releases ClearClick
• Asus ships Eee Box PCs with malware
• Fake Microsoft Patch Tuesday malware campaign spreading
• Secunia: popular security suites failing to block exploits
• Survey: 88% of Mumbai's wireless networks easy to compromise
• Adobe's Serious Magic site SQL Injected by Asprox botnet
• Inside an affiliate spam program for pharmaceuticals
• Google to introduce warnings for potentially hackable sites
• Lack of phishing attacks data sharing puts $300M at stake annually
• CardCops: Stolen credit card details getting cheaper
• Cybercrime friendly EstDomains loses ICANN registrar accreditation
• Phishers apply quality assurance, start validating credit card numbers
• Spammers targeting Bebo, generate thousands of bogus accounts

ZDNet Zero Day Blog Posts - November, 2008

• Black market for zero day vulnerabilities still thriving
• Google and T-Mobile push patch for Android security flaw
• Fake WordPress site distributing backdoored release
• Koobface Facebook worm still spreading
• Cyber terrorists to face death penalty in Pakistan
• AVG and Rising signatures update detects Windows files as malware
• BBC hit by a DDoS attack
• Google fixes critical XSS vulnerability
• $10k hacking contest announced
• Anti fraud site hit by a DDoS attack
• Commercial vendor of spyware under legal fire
• Fake Windows XP activation trojan goes 2.0
• Cybercriminals release Christmas themed web malware exploitation kit
• Google: no evidence of a Gmail vulnerability
• New worm exploiting MS08-067 flaw spotted in the wild
• Microsoft's Live launches malware detection service for webmasters

ZDNet Zero Day Blog Posts - December, 2008