Thursday, December 6
TOP STORY
CVE-2018-1002105: ZDNet reports about a Kubernetes privilege escalation flaw released on Monday. Time to update to Kubernetes v1.10.11, v1.11.5, v1.12.3, or v1.13.0-rc.1.
OTHER ARTICLES WE’RE READING
Uberducky - a wireless USB Rubber Ducky triggered via BLE
Crowdstrike on the Kelihos peer-to-peer botnet
Surveillance at a national scale: New America’s council for foreign relations writes about how Chinese telecom giant ZTE is exporting surveillance technology to Venezuela and how it’s not an isolated incident.
Olarf Hartong’s theathunting Splunk app mapped to MITRE ATT&CK tis up on GitHub + his Black Hat EU slides from this week.
We launched a thing: Hackboxes
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
If everyone is sophisticated, no one is.
Ben Buchanan, The Legend of Sophistication in Cyber Operations