consumption Archives

AppWizard

August 12, 2025

Android on trial

Google has approached the Supreme Court regarding an antitrust case that could significantly impact India's digital economy, particularly concerning its dominance over the Android operating system and the requirement for app developers to use Google's payment systems, which can impose commissions of 15-30%. The Competition Commission of India (CCI) found Google to be a dominant entity, concluding that its practices constituted abuse of power, resulting in a penalty of ₹936 crores. Google appealed this decision, leading to a reduced penalty of ₹217 crores from the National Company Law Appellate Tribunal (NCLAT), which did not classify Google as a "gatekeeper." Google has since filed additional appeals with the Supreme Court, which is set to hear the case in November. A study on Indian farmers revealed that extreme heat, with temperatures exceeding 43°C, significantly impacts their livelihoods, leading to increased food insecurity and undernutrition. While average calorie consumption remained stable, the incidence of "strong undernutrition" rose, affecting approximately 3 million individuals. The study found that extreme heat forces families to seek non-farm employment and adapt their food sources, often leading to a decline in job retention and increased vulnerability due to limited access to credit. The findings suggest that climate change is exacerbating challenges in Indian agriculture, necessitating policy interventions to enhance resilience and support affected households. India's cabinet approved a one-time ₹300 billion payout to state-run fuel retailers to compensate for losses from selling subsidized LPG. Tata Motors reported a 63% year-on-year drop in Q1 consolidated profit, while Nayara faced scrutiny over Russian oil imports. The Supreme Court upheld a ruling classifying telecom towers as movable property, providing tax relief for telecom companies. Tesla India signed a nine-year lease for a showroom in Delhi, marking its expansion into the Indian market.

Winsage

August 11, 2025

Win-DDoS: Attackers can turn public domain controllers into DDoS agents

SafeBreach researchers have identified critical vulnerabilities in Windows Active Directory domain controllers (DCs), particularly CVE-2025-32724, which can be exploited for distributed denial-of-service (DDoS) attacks using a method called Win-DDoS. This vulnerability allows attackers to manipulate public DCs into connecting to a controlled Lightweight Directory Access Protocol (LDAP) server, directing them to flood a target server with requests. The researchers also highlighted additional vulnerabilities: - CVE-2025-26673 and CVE-2025-49716 enable uncontrolled resource consumption in Windows LDAP and Windows Netlogon, respectively. - CVE-2025-49722 affects Windows Print Spooler Components, potentially crashing DCs and other Windows machines. The first three vulnerabilities can be triggered remotely by unauthenticated attackers, while the last one requires minimal privileges. Microsoft has released security updates for all four vulnerabilities in 2025, and organizations are advised to implement these patches and strengthen their defenses against potential DDoS attacks.

Winsage

August 11, 2025

Silent Cyber Weapon Discovered: Hackers Can Now Turn Your Windows Server into a DDoS Weapon

A new attack method called Win-DDoS can turn publicly accessible Windows domain controllers into a botnet for distributed denial-of-service (DDoS) attacks, as presented by SafeBreach researchers at DEF CON 33. This method exploits vulnerabilities in Windows' Lightweight Directory Access Protocol (LDAP) client code, allowing attackers to redirect traffic from compromised domain controllers to a target server without needing malicious code or stolen credentials. The attack involves initiating an RPC request to the DCs, connecting them to the attacker's CLDAP server, and receiving a referral list that directs traffic to a single IP and port, overwhelming the victim's resources. Microsoft has issued patches for four related vulnerabilities: CVE-2025-26673, CVE-2025-32724, CVE-2025-49716, and CVE-2025-49722, which can allow unauthenticated attackers to crash domain controllers or disrupt internal systems. SafeBreach warns that enterprise security models often underestimate the risks of denial-of-service attacks on internal infrastructure. Organizations are urged to audit domain controller exposure, apply security patches, and reassess the safety of their internal networks.

Winsage

August 11, 2025

Win-DoS Epidemic: New DoS and DDoS Attacks Start with Microsoft Windows

During DEF CON 33, Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic.” They identified four significant Windows DoS vulnerabilities, all categorized as “uncontrolled resource consumption,” including: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in the Windows print spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints and servers, including domain controllers (DCs), which are essential for managing authentication and resources in enterprise networks. The researchers also revealed a new DDoS attack method, termed Win-DDoS, which exploits a flaw in the Windows LDAP client referral process, allowing attackers to redirect DCs to a victim server and continuously repeat this redirection, creating a large-scale DDoS botnet using public DCs without leaving forensic traces.

Winsage

August 11, 2025

New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Servers/Endpoints, Domain Controllers Into DDoS Botnet

Researchers Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic” at DEF CON 33. They identified four new vulnerabilities in Windows DoS and one zero-click distributed denial-of-service (DDoS) flaw, classified as “uncontrolled resource consumption.” The vulnerabilities include: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in Windows Print Spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints or servers, including Domain Controllers (DCs), potentially allowing for the creation of a DDoS botnet. The researchers also discovered a DDoS technique called Win-DDoS that exploits a flaw in the Windows LDAP client’s referral process, enabling attackers to redirect DCs to a victim server for continuous redirection. This method can leverage public DCs globally, creating a large, untraceable DDoS botnet without specialized infrastructure. Additionally, the researchers examined the Remote Procedure Call (RPC) protocol and found three new zero-click, unauthenticated DoS vulnerabilities that can crash any Windows system. They also identified another DoS flaw exploitable by any authenticated user on the network. The researchers released tools named “Win-DoS Epidemic” to exploit these vulnerabilities, highlighting the need for organizations to reassess their security measures regarding internal systems and services like DCs.

Winsage

August 9, 2025

9 Hidden Default Settings and Behaviors on Windows 11

Windows 11 has several default settings that users may not be aware of: 1. Windows Update can utilize renewable energy by scheduling installations during times of lower carbon intensity. 2. Microsoft accounts automatically back up apps and settings, but individual item restoration is not available. 3. Delivery Optimization is enabled by default, allowing updates to be downloaded from both Microsoft servers and local devices. 4. The "Find My Device" feature is automatically turned on for Microsoft account users to help locate lost or stolen computers. 5. Device Encryption (BitLocker) is enabled by default, with the decryption key stored in the user's Microsoft account. 6. System Protection is disabled by default, requiring users to enable it manually for recovery capabilities. 7. Storage Sense is enabled by default to automatically delete unnecessary files and free up disk space. 8. Hibernation is disabled by default, likely due to hardware compatibility issues. 9. The default account lockout policy allows for 10 invalid sign-in attempts before locking the account for 10 minutes.

AppWizard

August 9, 2025

I switched to this YouTube client and I’m never going back

YouTube has evolved into a platform filled with ads and a complex algorithm since its launch in the late 2000s. In response, many users have turned to NewPipe, an open-source streaming client developed in 2015, which offers a lightweight and efficient viewing experience without user data collection. NewPipe allows ad-free video playback, offline downloads, background playback, and picture-in-picture mode, while enabling users to create local playlists. However, it lacks features such as posting comments, YouTube Shorts, and algorithm-driven recommendations, which may limit content discovery. Although using NewPipe does not violate laws, it contravenes YouTube's terms of service, and while it eliminates ads, creators do not receive compensation through this platform. NewPipe is available on F-Droid and operates independently using publicly available data.

AppWizard

August 8, 2025

I’m so tired of being advertised at, man

The digital landscape is saturated with advertisements, infiltrating various platforms such as e-readers, televisions, and music streaming services. This saturation has led to a focus on advertising over product quality, diverting resources from enhancing user experience to creating compelling promotions. While some alternatives like indie games and physical books still prioritize user satisfaction, they are becoming rarer. The aggressive advertising strategy aims to maximize revenue through volume, raising concerns about sustainability and the impact on consumer attention. The current trajectory suggests a need to reconsider the relationship between advertising and media consumption.

AppWizard

August 7, 2025

YouTube Android Bug Resets Playback Speed, Frustrating Users

A glitch in the YouTube app for Android prevents users from adjusting playback speeds, leaving them stuck at the default 1x speed. This issue has been reported by users globally and mirrors a similar problem from the previous year, indicating a recurring vulnerability in YouTube’s Android codebase. YouTube has acknowledged the issue and is investigating it, with speculation that it may be linked to recent Android OS updates or changes to internal APIs. The bug affects both stable version 20.28.39 and beta version 20.29.39, while YouTube Music's podcast controls remain unaffected. Users have shared workarounds, such as uninstalling app updates to revert to a functional version, although this may pose security risks. The incident raises concerns about Google’s quality assurance processes and the balance between innovation and reliability in app development.

AppWizard

August 6, 2025

McDonald’s posts better-that-expected sales as chicken strips, Minecraft meal drive traffic

McDonald’s reported a 5% increase in revenue for the second quarter, reaching .5 billion, surpassing Wall Street's expectations of .3 billion. Same-store sales surged nearly 4%, exceeding predictions of a 1% decline. McDonald’s shares rose 3% in premarket trading. The company faced challenges in the first quarter with declines in same-store sales but saw a turnaround with the launch of a “Minecraft”-themed meal in April, which sold out collectible figures in less than two weeks. The introduction of McCrispy chicken strips in May also drove customer traffic. McDonald’s net income rose by 11% to .25 billion, with adjusted earnings of .14 per share, meeting Wall Street forecasts.