Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Tokyo Day 3: Team Flashback crowned Master of Pwn

On the third day of the Pwn2Own Tokyo 2020 bug bounty hunters hacked a Synology NAS and had multiple partial successes. We are on day three of the popular Pwn2Own Tokyo hacking competition that due to the COVID-19 pandemic has been arranged as a virtual event. The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, […]

Pwn2Own Tokyo 2020

On the third day of the Pwn2Own Tokyo 2020 bug bounty hunters hacked a Synology NAS and had multiple partial successes.

We are on day three of the popular Pwn2Own Tokyo hacking competition that due to the COVID-19 pandemic has been arranged as a virtual event.

Pwn2Own Tokyo 2020

The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, Canada, and white hat hackers taking part in the competition have to demonstrate their ability to find and exploit vulnerabilities in a broad range of devices.

Let’s start with the only success of day 3 obtained by the STARLabs team targeting the Synology DiskStation DS418Play NAS.

The team of experts exploited a race condition and an OOB Read to get a root shell on the NAS. They earned $20,000 and 2 points towards Master of Pwn.

Day three has seen multiple partial successes, below the details of the attempts:

  • DEVCORE team targeting the Western Digital My Cloud Pro Series PR4100 – The team chained 6 bugs to gain code execution, but 2 flaws had previously been reported. They won $17,500 and 1.5 Master of Pwn points.
  • Gaurav Baruah targeting the Western Digital My Cloud Pro Series PR4100 – The expert was able to successfully get a root shell on the device exploiting a flaw that had been previously submitted. He earned 1 point towards Master of Pwn.
  • The Viettel Cyber Security team targeting the Sony X800 television – The team got a partial win because he was able to read sensitive files from a fully patched Sony X800 smart TV by using a bug that was publicly known. The team only earned 1 point towards Master of Pwn.

The only failure of the day was for an attampt of the Team Bugscale targeting the LAN interface on the NETGEAR Nighthawk R7800 router. The team failed in getting their exploit to work within the allotted timeframe.

The Master Pwn winner of Pwn2Own Tokyo is the Team Flashback, Congrats.

If you are interested in Day one and Day two of the competition give a look here:

https://securityaffairs.co/wordpress/110509/hacking/pwn2own-tokyo-2020-day1.html
https://securityaffairs.co/wordpress/110537/hacking/pwn2own-tokyo-day-two.html
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Tokyo)

[adrotate banner=”5″]

[adrotate banner=”13″]