// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of August 7, 2023
Signal Brief · Archived

Week of August 7, 2023

2023-08-07 — 2023-08-13 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of August 7, 2023, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 vuln disclosures, 1 research poc. Vendors in the record this week: Microsoft, Kaspersky, AVG.

The Week's Public Record

Events

2023-08-11
vuln disclosure
Researchers Uncover Remote File Deletion Vulnerabilities in Multiple EDR ProductsEDR Remote File Deletion via Malicious Signature Injection
SafeBreach Labs researchers discovered vulnerabilities in several EDR products that allow remote deletion of critical files and databases without authentication. By inserting minimal malicious signatures into files like web server logs, attackers can trick EDRs into automatically deleting the file, leading to data loss and denial of service. The research was presented at Black Hat USA 2023.
Microsoft · Kaspersky · AVG · Avast · Trend Micro ↗ www.safebreach.com (2023-08-11)
2023-08-09
vuln disclosure
CVE-2023-24934: Windows Defender Update Process Hijack Allows Malware Injection and File DeletionCVE-2023-24934
Researchers at SafeBreach discovered a security feature bypass vulnerability in Microsoft Defender's signature update process, tracked as CVE-2023-24934. The flaw allows an unprivileged user to hijack the update mechanism to inject malware, delete benign files, or remove threat signatures. Microsoft patched the vulnerability in April 2023.
2023-08-08
research poc
Researcher Develops Undetectable Ransomware Using Microsoft OneDriveClouded OneDrive Ransomware
A SafeBreach researcher created a proof-of-concept ransomware that encrypts files on a victim's endpoint by abusing Microsoft OneDrive's sync functionality, without executing malicious code locally. The technique leverages stolen OneDrive access tokens and junction points to manipulate files remotely, evading standard endpoint security detection.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →