ZERO DAILY
Hacking, AppSec, and Bug Bounty newsletter
Threathunting splunk app by Olarf Hartong, Kubernetes privilege escalation flaw, and Uberducky
Thursday, December 6
TOP STORY
-
CVE-2018-1002105: ZDNet reports about a Kubernetes privilege escalation flaw released on Monday. Time to update to Kubernetes v1.10.11, v1.11.5, v1.12.3, or v1.13.0-rc.1.
OTHER ARTICLES WE’RE READING
-
Uberducky - a wireless USB Rubber Ducky triggered via BLE
-
Crowdstrike on the Kelihos peer-to-peer botnet
-
Surveillance at a national scale: New America’s council for foreign relations writes about how Chinese telecom giant ZTE is exporting surveillance technology to Venezuela and how it’s not an isolated incident.
-
Olarf Hartong’s theathunting Splunk app mapped to MITRE ATT&CK tis up on GitHub + his Black Hat EU slides from this week.
-
We launched a thing: Hackboxes
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
If everyone is sophisticated, no one is.
Ben Buchanan, The Legend of Sophistication in Cyber Operations