Researchers at the Black Hat Asia conference revealed vulnerabilities in Microsoft Defender and Kaspersky's Endpoint Detection and Response (EDR) systems that could enable remote file deletion. By manipulating byte signatures used for malware detection, attackers could trick these security products into deleting legitimate files. The attack involves implanting malware signatures into databases or virtual machines, causing EDR to perceive them as infected and delete them remotely, potentially disrupting critical services. Despite patches from Microsoft and planned improvements from Kaspersky, the researchers demonstrated bypasses that could still exploit these vulnerabilities. Microsoft's patches included whitelisting mechanisms, but the researchers were able to bypass them using PowerShell commands, highlighting the challenge in fully mitigating such issues. The complexity of these vulnerabilities underscores the need for multiple layers of security beyond patching, as relying solely on byte signature detection can introduce unexpected risks. The researchers emphasized that while patches are important, they should not be relied upon as the sole defense against such vulnerabilities. They recommended implementing additional security layers and strategies, such as protected folders and configuration changes, to mitigate the risk of remote file deletion and other potential bypasses in security controls.
everal popular Android applications available on the Google Play Store are vulnerable to a path traversal-affiliated vulnerability known as the Dirty Stream attack. This vulnerabil...
The US confirms Russian hackers have breached water systems. They warn North American and European operators about ongoing attempts by pro-Russia activists to infiltrate their tech...
The Simone Veil hospital in Cannes, France, has become the latest target of cybercriminals, with the LockBit ransomware gang claiming to have accessed and published confidential da...