Docker Desktop patched a critical security flaw (CVE-2025-9074) that allowed containers to break out and control the host system, especially on Windows where Docker runs via WSL2, by exposing an open Engine API on a TCP port. The vulnerability could let malicious containers access or modify host files, escalate privileges, and compromise system security. Users are advised to update to version 4.44.3 immediately to close the exposed API and prevent potential attacks.
Ransomware is a serious threat, but Windows includes built-in protections through its Microsoft Defender antivirus software, which can be enabled by following a few steps in the Windows Security app. By turning on Controlled folder access and ensuring you're logged into OneDrive for automatic backups, you can add an extra layer of defense against ransomware attacks. While these measures may cause some inconvenience, they can significantly enhance the security of your files. Additionally, considering other antivirus software options and maintaining offline backups are recommended for comprehensive protection against online threats.
The hacking group TA577 has shifted to using phishing emails to steal NTLM authentication hashes, targeting employees in organizations worldwide. These hashes can be used for offline password cracking or "pass-the-hash" attacks, potentially enabling attackers to escalate privileges, hijack accounts, access sensitive information, and move laterally within a breached network. The phishing emails contain unique ZIP archives with HTML files that trigger automatic connections to steal the NTLM hashes. Security measures such as multi-factor authentication, firewall configurations, email filtering, and Windows 11 security features can help mitigate these attacks.
Ransomware is a serious threat, but Windows users can activate built-in protection through Microsoft Defender by enabling Controlled folder access and ensuring they are logged into OneDrive for automatic backups. While this may cause some inconvenience, such as blocking access to certain folders, it provides an additional layer of defense against ransomware attacks. Users can also consider upgrading their antivirus software for more comprehensive protection.
Threat actors are exploiting a patched security flaw in Microsoft Windows, CVE-2023-36025, to deploy Phemedrone Stealer, an open-source information stealer targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw allows attackers to bypass Windows Defender SmartScreen by tricking users into clicking on malicious Internet Shortcut files, leading to the execution of a control panel file that ultimately downloads and executes the stealer. Despite being patched, threat actors continue to find ways to exploit the vulnerability and evade protections, highlighting the need for ongoing vigilance in cybersecurity.
Zero-day vulnerabilities in the Windows Installers for Atera's remote monitoring and management software have been discovered, posing a risk of privilege escalation attacks. The flaws, assigned CVE-2023-26077 and CVE-2023-26078, have been patched in Atera versions 1.8.3.7 and 1.8.4.9. The vulnerabilities allow for the execution of arbitrary code with elevated privileges and involve misconfigured Custom Actions running as NT AUTHORITY\SYSTEM. Exploitation of these weaknesses could lead to local privilege escalation attacks.
