traffic Archives

AppWizard

August 12, 2025

Waze is dropping support for older Android versions

Waze will stop providing updates for devices running Android 9 Pie or earlier, with the latest beta version requiring a minimum of Android 10 for installation. This change affects users with older tablets and in-car entertainment systems. Existing users can still use core functionalities of the app, but new features will not be available. Google Maps remains an alternative for those unable to upgrade, as it supports all systems beyond Android 8 Oreo.

Tech Optimizer

August 12, 2025

How Wiz achieved near-zero downtime for Amazon Aurora PostgreSQL major version upgrades at scale using Aurora Blue/Green Deployments

Wiz upgraded its Aurora PostgreSQL database from version 14 to 16, achieving a significant reduction in downtime from approximately one hour to just 30 seconds. The upgrade was facilitated by an automated process called DB Upgrade Pilot, which utilized Amazon Aurora's Blue/Green Deployments. This process involved several steps: taking a cluster snapshot, provisioning a synchronized replica of the production database, executing a VACUUM ANALYZE for performance optimization, monitoring replication lag, and performing a switchover to the new environment. The upgrade included performance enhancements such as improved parallel query execution and faster aggregations, along with enhanced security features. The solution also incorporated safety measures like automatic rollback capability and robust validation steps to ensure a stable upgrade process.

Winsage

August 12, 2025

Windows DoS Flaws Enable DDoS Attacks on Domain Controllers

Researchers from SafeBreach Labs have identified four denial-of-service (DoS) vulnerabilities in Microsoft’s Windows operating system that could allow attackers to use publicly accessible Windows domain controllers in distributed denial-of-service (DDoS) attacks. These vulnerabilities exploit protocols such as Remote Procedure Call (RPC) and Lightweight Directory Access Protocol (LDAP), enabling the creation of stealthy botnets without authentication. The flaws arise from improper handling of RPC and LDAP requests in Windows Server environments, including versions up to 2025. One flaw allows unauthenticated users to trigger infinite loops, consuming system resources and facilitating reflection attacks. Microsoft released patches for these vulnerabilities in August 2025, but unpatched systems remain at risk. The vulnerabilities were disclosed at DEF CON 33, where proof-of-concept attacks were demonstrated. SafeBreach has labeled these flaws as “Win-DoS” due to their widespread applicability. Organizations are advised to audit network exposures and isolate domain controllers to mitigate risks. The increase in hyper-volumetric DDoS attacks highlights the urgency for proactive defenses, including automated mitigation tools and regular vulnerability scans. Experts recommend implementing stringent firewall rules to restrict RPC and LDAP exposure and using behavioral analytics to detect anomalous traffic.

Winsage

August 11, 2025

‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers

SafeBreach researchers have identified several vulnerabilities in Windows environments that could lead to denial of service (DoS) attacks. These include: 1. CVE-2025-26673: A flaw in the Netlogon service that allows remote crashes via crafted Remote Procedure Call (RPC) requests without authentication, potentially locking users out of domain resources until a reboot. 2. CVE-2025-49716: A vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) that enables remote attackers to destabilize the service through specially crafted Lightweight Directory Access Protocol (LDAP) queries, causing immediate DoS. 3. CVE-2025-49722: A DoS vulnerability in the Windows Print Spooler that can be triggered by malformed RPC requests, disrupting printing operations and system stability. Microsoft has addressed some vulnerabilities but has not yet resolved the three identified by SafeBreach, and there has been no response to inquiries about these issues. SafeBreach recommends organizations apply the latest patches, limit exposure of Domain Controller services, segment critical systems, and monitor for unusual LDAP or RPC traffic for early attack detection.

Winsage

August 11, 2025

Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks

Security researchers have identified a "zero-click" denial-of-service (DoS) exploit that can covertly turn Microsoft Windows Domain Controllers (DCs) into a global botnet. DDoS attacks increased by 56% year-over-year in late 2024, with Cloudflare blocking an attack that peaked at 7.3 Tbps in 2025. The average minute of downtime from these attacks costs businesses approximately ,000, with incidents for small and midsize firms exceeding 0,000. The exploit, known as Win-DDoS, leverages the Lightweight Directory Access Protocol (LDAP) client in Windows, allowing DCs to automatically target victim servers through LDAP referrals without user interaction. This results in thousands of DCs inadvertently overwhelming a target with TCP traffic. Four vulnerabilities (CVEs) related to this exploit were disclosed to Microsoft in March 2025 and addressed in subsequent patch releases in June and July 2025. These vulnerabilities include: - CVE-2025-32724: LSASS (LDAP client) - None needed, causes memory exhaustion/DC crash, patched June 2025. - CVE-2025-26673: NetLogon (RPC) - None needed, causes TorpeDoS memory crash, patched May 2025. - CVE-2025-49716: NetLogon (RPC) - None needed, causes Stateless RPC DoS, patched July 2025. - CVE-2025-49722: Print Spooler (RPC) - Authenticated user needed, causes any Windows endpoint crash, patched July 2025. The vulnerabilities indicate significant architectural flaws in the LDAP client’s referral logic and RPC interfaces. SafeBreach advises administrators to apply patches promptly and limit DC exposure to the Internet. The emergence of Win-DDoS marks a shift in attack strategies, utilizing legitimate servers for amplification without leaving malware traces, complicating detection and response efforts. Enterprises are urged to enhance their threat models and implement DoS hardening measures.

Winsage

August 11, 2025

Silent Cyber Weapon Discovered: Hackers Can Now Turn Your Windows Server into a DDoS Weapon

A new attack method called Win-DDoS can turn publicly accessible Windows domain controllers into a botnet for distributed denial-of-service (DDoS) attacks, as presented by SafeBreach researchers at DEF CON 33. This method exploits vulnerabilities in Windows' Lightweight Directory Access Protocol (LDAP) client code, allowing attackers to redirect traffic from compromised domain controllers to a target server without needing malicious code or stolen credentials. The attack involves initiating an RPC request to the DCs, connecting them to the attacker's CLDAP server, and receiving a referral list that directs traffic to a single IP and port, overwhelming the victim's resources. Microsoft has issued patches for four related vulnerabilities: CVE-2025-26673, CVE-2025-32724, CVE-2025-49716, and CVE-2025-49722, which can allow unauthenticated attackers to crash domain controllers or disrupt internal systems. SafeBreach warns that enterprise security models often underestimate the risks of denial-of-service attacks on internal infrastructure. Organizations are urged to audit domain controller exposure, apply security patches, and reassess the safety of their internal networks.

AppWizard

August 10, 2025

McDonald’s sales improved last quarter, thanks to Minecraft

McDonald’s reported a 2.5% increase in U.S. same-store sales in the second quarter, the highest growth rate since late 2023, driven by the Minecraft Movie Meal promotion. This promotion also contributed to a 3.8% rise in global same-store sales. In the quarter ending June 30, McDonald’s system sales increased by 6%, with revenues of .8 billion and net income rising 11% to .3 billion, or .14 per share. The Minecraft Movie promotion included a Happy Meal for children and an adult meal option featuring either a 10-piece Chicken McNuggets or a Big Mac, along with collectible items. McDonald’s has also introduced value offerings like the McValue Menu and new menu items such as McCrispy Strips to attract customers. The MyMcDonald’s Rewards loyalty program generated billion in sales over the past year, with 0 million in the last quarter. CEO Chris Kempczinski highlighted the significance of technology investments in enhancing the customer experience.

AppWizard

August 8, 2025

Epic Games store’s massive update: You can grab $45worth in free games for a limited period of time

The Epic Games Store is offering two free PC games until August 14. The first game is Road Redemption, an action racing game developed by Redemption Road and Pixel Dash Studios, published by Tripwire Presents, released in 2019, and typically retails for .99. It has an 82% approval rating from over 10,000 user reviews on Steam. The second game is 112 Operator, a simulation and strategy game developed by Jutsu Games and published by Games Operators, released in 2020, and normally costs .99. It has an 89% approval rating from over 5,000 user reviews on Steam.

AppWizard

August 8, 2025

Epic Games Store PC Weekly Free Games 07/08/2025

The Epic Games Store is offering two free games, 112 Operator and Road Redemption, from 4 PM BST on August 7, 2025, until 4 PM BST on August 14, 2025. 112 Operator is a simulation game where players manage emergency calls and dispatch rescue teams, while Road Redemption is a driving combat game where players lead a biker gang across the country.

AppWizard

August 7, 2025

Epic Games Store Updated With $45 Worth of Free Games

The Epic Games Store is offering two free PC games until August 14: Road Redemption and 112 Operator. Road Redemption, an action-packed racing game released in 2019, has an 82% approval rating on Steam and is typically priced at .99. It allows players to lead a motorcycle gang on a cross-country journey with intense driving combat. 112 Operator, a simulation and strategy game released in 2020, has an 89% approval rating on Steam and is usually priced at .99. In this game, players manage emergency services in various cities, responding to calls and navigating different scenarios.