Multiple Zero-Day Security vulnerabilities in Top Endpoints Detecting and Responding (EDR) as well as Antivirus (AV) Solutions Found by SafeBreach Labs Researcher
In order to transform endpoint detection and response (EDR) and antivirus (AV) products into next-generation wipers. With the ability to affect hundreds of millions of endpoints worldwide, Or Yair. A security researcher at SafeBreach discovered a number of zero-day vulnerabilities. This wiper may delete practically any file on a system, including system files. And render a machine fully unbootable while operating with the permissions of an ordinary user. It accomplishes all of this without putting any code into the target files, making it completely undetected.
SafeBreach believes it is crucial that EDR and AV vendors proactively test their products against this type of vulnerability. If necessary, develop a remediation plan to ensure they are protected. While the team did its best to test the EDR and AV products we had access. It is not practical to test every product on the market.
Summarizing the importance of this research
Yair said:
“By openly sharing information about this discovery, our goal is to raise a warning flag about the existence of these zero-day vulnerabilities and the ability to exploit them. Organizations must understand that a wiper is much more dangerous if it uses a trusted entity on the system—in this case, an EDR or AV—to complete its malicious actions by proxy.
As cyber criminals continue to evolve their tactics, organizations must understand that having security controls does not mean an organization is secure. In fact, security controls may be a preferred target for attackers because of their high privileges and the very high level of trust they command. Organizations must be prepared to proactively test and evolve their defensive capabilities to protect themselves against this ever-changing threat landscape.”
For technical detail, please visit here: https://www.safebreach.com/resources/blog/safebreach-labs-researcher-discovers-multiple-zero-day-vulnerabilities/
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.