vuln disclosure
Researchers Uncover Remote File Deletion Vulnerabilities in Multiple EDR ProductsEDR Remote File Deletion via Malicious Signature Injection
SafeBreach Labs researchers discovered vulnerabilities in several EDR products that allow remote deletion of critical files and databases without authentication. By inserting minimal malicious signatures into files like web server logs, attackers can trick EDRs into automatically deleting the file, leading to data loss and denial of service. The research was presented at Black Hat USA 2023.