Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Tokyo Day two: TP-Link router and Synology NAS hacked

On the second day of the Pwn2Own Tokyo 2020 hacking competition, bug bounty hunters hacked a TP-Link router and a Synology NAS. Day 2 of the popular Pwn2Own Tokyo hacking competition is concluded, due to the COVID-19 pandemic the competition has been arranged as a virtual event. The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from […]

Pwn2Own Tokyo 2020

On the second day of the Pwn2Own Tokyo 2020 hacking competition, bug bounty hunters hacked a TP-Link router and a Synology NAS.

Day 2 of the popular Pwn2Own Tokyo hacking competition is concluded, due to the COVID-19 pandemic the competition has been arranged as a virtual event.

Pwn2Own Tokyo 2020

The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, Canada, and white hat hackers taking part in the competition have to demonstrate their ability to find and exploit vulnerabilities in a broad range of devices.

On day one of the competition, bug bounty hunters have successfully hacked a vulnerability a NETGEAR router and a Western Digital NAS devices.

On Day 2, the Flashback team successfully chained three bugs to get code execution through the WAN interface on the TP-Link AC1750 Smart WiFi router. The group of bug bounty hunters won another $20,000 and 2 more Master of Pwn points.

The Syacktiv team successfully hacked the TP-Link AC1750 Smart WiFi router targeting the LAN interface with an exploit triggering three unique bugs to get code execution. The team earned $5,000 and 1 point towards Master of Pwn for this exploit.

The DEVCORE team hacked a Synology DiskStation DS418Play NAS exploiting a heap overflow to get arbitrary code execution. The team earned him $20,000 and 2 points twowards Master of Pwn.

In Day 2 there were also the following partial success:

  • Team Bugscale targeting the Western Digital My Cloud Pro Series PR4100
  • 84c0 targeting the LAN interface on the NETGEAR Nighthawk R7800 router
  • F-Secure Labs targeting the Samsung Q60T television
  • Sam Thomas of Pentest Ltd targeting the Western Digital My Cloud Pro Series PR4100
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Tokyo)

[adrotate banner=”5″]

[adrotate banner=”13″]