Tuesday, September 1, 2020

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

WordPress logos in various colors.

Enlarge (credit: StickerGiant / Flickr)

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday. Word of the attacks came a few hours after the security flaw was patched.

Attackers are using the exploit to upload files that contain webshells that are hidden in an image. From there, they have a convenient interface that allows them to run commands in plugins/wp-file-manager/lib/files/, the directory where the File Manager plugin resides. While that restriction prevents hackers from executing commands on files outside of the directory, hackers may be able to exact more damage by uploading scripts that can carry out actions on other parts of a vulnerable site.

NinTechNet, a website security firm in Bangkok, Thailand, was among the first to report the in-the-wild attacks. The post said that a hacker was exploiting the vulnerability to upload a script titled hardfork.php and then using it to inject code into the WordPress scripts /wp-admin/admin-ajax.php and /wp-includes/user.php.

Read 8 remaining paragraphs | Comments

https://arstechnica.com

Google says it will raise the price for ads 2% in UK and 5% in Turkey and Austria to cover the cost of digital services taxes in Europe, starting in November (Alex Barker/Financial Times)

Alex Barker / Financial Times:
Google says it will raise the price for ads 2% in UK and 5% in Turkey and Austria to cover the cost of digital services taxes in Europe, starting in November  —  US tech group to charge additional fees in the UK, Turkey and Austria  —  Google is to pass on the cost of digital services taxes …



Patreon says it has raised $90M at a $1.2B+ pre-money valuation, nearly twice the $660M valuation it had prior to a funding round last year (Maria Armental/Wall Street Journal)

Maria Armental / Wall Street Journal:
Patreon says it has raised $90M at a $1.2B+ pre-money valuation, nearly twice the $660M valuation it had prior to a funding round last year  —  New Enterprise Associates and Wellington Management led the $90 million funding round  —  Membership platform Patreon Inc., which enables musicians …



Pakistan says it has blocked dating apps Tinder, Grindr, Tagged, Skout, and SayHi for violating local laws and streaming "immoral content" (Gibran Naiyyar Peshimam/Reuters)

Gibran Naiyyar Peshimam / Reuters:
Pakistan says it has blocked dating apps Tinder, Grindr, Tagged, Skout, and SayHi for violating local laws and streaming “immoral content”  —  KARACHI, Pakistan (Reuters) - Pakistan said on Tuesday it has blocked Tinder, Grindr and three other dating apps for not adhering to local laws …



Brands gain on rising appetite for healthy living

Active content outreach and targeted marketing help brands build trust https://ift.tt/2F0JHkw https://ift.tt/eA8V8J

Facebook says will remove content to mitigate adverse legal or regulatory impact

The changes in Terms of Service come despite growing criticism of Facebook's content moderation policy that is allegedly influenced by employees' political leanings and the company's business considerations in globally and India. https://ift.tt/34RiMTn https://ift.tt/eA8V8J

National Institutes of Health disses FDA on plasma as COVID treatment

Image of an older male with glasses, seated at a microphone.

Enlarge / Francis Collins, director of the U.S. National Institutes of Health, reportedly objected to the FDA's decision to grant an Emergency Use Authorization to plasma treatments. (credit: Bloomberg / Getty Images)

Last week, the FDA announced that it was issuing an emergency use authorization for the treatment of COVID-19: the blood plasma of people who have recovered from a COVID-19 infection. But controversy quickly engulfed that announcement after it became clear that the head of the FDA had exaggerated the effectiveness of the treatment when explaining why it was being approved.

The FDA's salesmanship of blood plasma—which is a treatment of unknown efficacy—was taken as evidence that the emergency use authorization was the product of political pressure exerted by a Trump administration anxious to have some good news to promote its reelection campaign. Additionally, health experts at the National Institute of Health (NIH) didn't agree with the decision and had tried to block it a week ago. Now, the NIH may be striking back, releasing a document that basically says it's looked at the evidence and is not convinced.

Not so fast

While the CDC and FDA have led some aspects of the coronavirus response, the NIH is the employer of Anthony Fauci and the largest biomedical research organization in the world. So it certainly has things to say about how to handle the pandemic, and it maintains a COVID-19 Treatment Guidelines Panel. This, as its name implies, maintains guidelines on different aspects of care for the disease. So, given that the FDA has just given an Emergency Use Authorization to a treatment, it essentially forced the NIH to respond in some way.

Read 6 remaining paragraphs | Comments

https://arstechnica.com

GM, Ford wrap up ventilator production and shift back to auto business

As the COVID-19 pandemic spread to the United States, a number of automakers and other manufacturers announced plans to retrofit factories to help ease the shortage of personal protective gear and ventilators.

Now, two U.S. automakers have fulfilled their separate multi-million-dollar ventilator contracts — together delivering 80,000 of the devices to the U.S. government.

General Motors said Tuesday that it has completed its contract with the U.S. Department of Health and Human Services for 30,000 critical care ventilators delivered to the Strategic National Stockpile. GM said many of its ventilators have been deployed to hospitals. Ford has also completed its 50,000-ventilator contract, Bloomberg reported.

GM and Ford didn’t go it alone. Both automakers partnered with companies to accelerate the ramp up from 0 to thousands of ventilators within five months. GM partnered with Ventec Life Systems to produce ventilators at its engine plant in Kokomo, Ind., using about 1,000 workers. The GM-Ventec partnership grew out of  StopTheSpread.org, a coordinated effort of private companies to respond to COVID-19.

Meanwhile, Ford teamed up with GE Healthcare to produce ventilators at the automaker’s Rawsonville Road plant in Michigan. Ford’s $336 million contract wrapped up August 28 when it shipped its final Model A-E ventilator unit. Ford’s contract was supposed to be fulfilled by mid-July, but said it was delayed by new suppliers that were ramping up parts production, according to Bloomberg. The company was granted an extension by HHS.

In the early days of the contracts, GM and Ford were criticized, and even attacked, by President Trump, although ultimately he applauded the efforts.

Both efforts stretched and showcased the capabilities of the automakers to convert portions of factories used to assemble vehicles and parts into facilities cranking out medical devices. Before GM even announced its partnership with Ventec, the automaker investigated the feasibility of sourcing more than 700 components needed to build Ventec’s critical care ventilators called VOCSN. Ventec describes these VOCSN devices as multi-function ventilators that were cleared in 2017 by the FDA.

GM initially estimated it would cost about $750 million, a price that included retrofitting a portion of the engine plant, purchasing materials to make the ventilators and paying the 1,000 workers needed to scale up production, the source said. However, the Trump Administration balked at the price tag, putting a contract with the U.S. government in limbo. Eventually, GM reached a $490 million contract with the federal government to produce 30,000 ventilators by the end of August. Under the contract, GM produced a different critical care ventilator from Ventec called the VOCSN V+Pro, a simpler device that has 400 parts. The other more expensive and complex machine had a multi-function capability.

Ford and GM also produced other medical supplies. Ford, which called its effort Project Apollo, said it produced more than 75 million pieces of personal protective equipment, including 19 million face shields, 42 million face masks,1.6 million washable isolation gowns and more than 32,000 powered air-purifying respirators in collaboration with 3M.

GM said its Warren facility has two production lines for face masks and a third line making N95 face respirators. To date, the facility has produced more than 10 million masks, with production going to employees at GM facilities or donated to community organizations, the company said.

Amazon is spying on private Facebook Groups for Flex drivers in US, UK, and Spain, monitoring for complaints and labor actions, per internal reports left online (Lauren Kaori Gurley/VICE)

Lauren Kaori Gurley / VICE:
Amazon is spying on private Facebook Groups for Flex drivers in US, UK, and Spain, monitoring for complaints and labor actions, per internal reports left online  —  The company is surveilling dozens of private Facebook groups in the United States, the United Kingdom, and Spain …



Biden campaign releases official yard signs for Animal Crossing that players can use to decorate their virtual homes, as politicians try to reach voters online (Makena Kelly/The Verge)

Makena Kelly / The Verge:
Biden campaign releases official yard signs for Animal Crossing that players can use to decorate their virtual homes, as politicians try to reach voters online  —  It's the campaign's latest foray into online organizing  —  Starting today, September 1st, Animal Crossing …



Monday, August 31, 2020

Everybody is racing to an IPO — even Laird Hamilton’s young “superfood” company

This one is unusual: Laird Superfood, a five-year-old, 100-person, Sisters, Ore.-based startup that was cofounded by famed surfer Laird Hamilton and which makes plant-based packaged beverage products, filed today to raise up to $40 million in an IPO.

We’d reported on this company early last year in large part because it had attracted backing from WeWork, the co-working company that famously made a number of bets that were very afield from its business (including a maker of wave pools) before suffering a major meltdown last fall.

In fact, according to Crunchbase, WeWork Labs provided Laird Superfood with a whopping $32 million — the bulk of the $51 million it has raised altogether, per Crunchbase. (WeWork founder Adam Neumann has said that he surfed with Hamilton in Hawaii.)

At that time, WeWork’s investment was the strangest thing about the business, a largely direct-to-consumer business that makes “superfood” coffee creamers, beverage supplements that include “performance mushrooms,” Peruvian coffee beans, and an assortment of other things, like teas and hot chocolate.

This IPO may be even more curious. Founded by Hamilton and another surfer, Paul Hodge, the company is very young to be going public by today’s standards (biotech startups notwithstanding). The company booked $19 million in sales for the 12 months ended June 30, but it lost $9 million over that same period and at the rate it is spending money, including on sales and marketing, it will see a net loss of $10 million this year.

Management says it has $13.1 million in cash on hand and investments. It would have more if it hadn’t spent $7.5 million buying back Series A-1 preferred shares in November 2019 that were purchased for twice that price. (The investor that sold its shares was also relieved of its commitment to fund another $10 million. It’s easy to imagine this was WeWork, but we don’t know this.) Because of that outlay, the company actually probably did pretty well last year; it just can’t state it that way.

Still, we’re a little intrigued by this one. The only outside shareholder that owns more than 5% of Laird Superfood is Danone Manifesto Ventures, the corporate venture arm of the global food and beverage company. It owns 13.4% of the company. Why wouldn’t Danone, which looks to have invested $10 million in the business in April, just buy out Laird Superfood outright?

It could be that there’s much more than meets the eye here (or is reflected in its S-1). We’re certainly not opposed to companies trying to go public much sooner than has been in the case in recent years. We’re just wondering if this food company is completely baked.

Either way, the decision to go public is certainly becoming an increasingly common one, given how hot the market has been despite the pandemic. According to Renaissance Capital, 27 companies joined the IPO pipeline last week alone.

Hamilton owns 13.2% of the startup. Hodge meanwhile owns 6.4%. Canaccord Genuity and Craig-Hallum Capital Group are the joint bookrunners on the deal. No pricing terms were included in the filing.

Walmart+ launches Sept 15, offering same-day delivery, gas discounts and cashierless checkout for $98/yr

Walmart today officially unveiled its new membership service and Amazon Prime rival, which it’s calling “Walmart+.” The $98 per year service will combine free, unlimited same-day delivery on groceries and thousands of other items, with additional benefits, like fuel discounts and access to a new Scan & Go service, similar to Walmart-owned Sam’s Club, that will allow members to check out at Walmart stores without having to wait in line.

The service will be available starting on September 15, 2020 nationwide, reaching over 4,700 Walmart stores, including 2,700 stores that offer delivery. Members can choose to pay the $98 per year after a 15-day free-trial period, or they can pay $12.95 on a month-to-month basis.

At launch, the new program promises more than 160,000 items for same-day delivery with no per-delivery fee on orders totaling $35 or more. This is the same value proposition that Walmart’s existing “Delivery Unlimited” program offers today. With the launch of Walmart+, “Delivery Unlimited” members will be moved to the rebranded and expanded service.

In addition to delivery savings, the new Walmart+ membership will include fuel discounts of up to 5 cents per gallon on any fuel type at nearly 2,000 Walmart, Murphy USA and Murphy Express stations nationwide. Walmart+ members will enable the discounts by using the Walmart mobile app, either by scanning a QR code or entering a PIN at the pump. Further down the road, the program will expand to include Sam’s Club fuel stations as well.

Image Credits: Walmart

The Scan & Go membership perk, meanwhile, lets Walmart+ members pay without having to wait in checkout lines — a nice perk to have amid a pandemic, where time in store means time exposed to potential carriers of the novel coronavirus. Using the Walmart app, customers scan scan items as they shop, then pay for them using Walmart Pay for a touch-free checkout experience.

Walmart two years ago had tested cashierless Scan & Go technology in its stores, but killed the program due to shopper theft. Arguably, fewer people will use Scan & Go because it’s a paid service, which could help store staff better combat the earlier problems.

Image Credits: Walmart

As with “Delivery Unlimited,” the Walmart+ orders are picked by in-store staff then handed off to partners like Postmates, DoorDash, Roadie and Point Pickup for delivery. Not owning the end-to-end experience can cause issues for consumers, however — especially because a poor delivery experience can damage Walmart’s reputation, or because customer service issues can’t be always dealt with directly when a middleman is involved. Walmart has also seen partners come and go, as delivery services ended their relationship with Walmart over the costs involved.

Walmart claims its new program is not a Prime rival. But it could encourage some number of Prime members to make a switch.

“We’re not launching Walmart+ with the intent to compete with anything else. We’re launching it with the needs of customers in mind,” explained Walmart Chief Customer Officer Janey Whiteside.

“Of course, I hope that brings in more customers and makes them more loyal, but when you’re as big as Walmart is — and serving as many people as we are — this is about really doubling down with the customers that we have and getting more share of wallet and more share of mind,” Whiteside added.

Prime is a much more expansive program. For comparison, Prime offers tens of millions of products for two-day delivery, over 10 million for one-day delivery and over 3 million for same-day delivery on orders of $35 or more. Walmart+ is focused more specifically on same-day delivery, as Walmart.com already offers free one-day or two-day shipping on orders of $35 or more without requiring a membership fee.

Prime today also offers a huge array of other perks — like access to free music, video, audiobooks, Kindle books and more. Walmart+ does not.

Still, for many customers, the value in Prime is rooted in its promise of speedy delivery. But at the same time, Amazon has tested the limits of its customer loyalty by steadily raising Prime’s subscription price over the years to now $119 when paid annually, or $12.99 per month. Walmart+ undercuts Prime at $98 per year or $12.95 per month while largely catering to the online grocery shopper — a target market that has rapidly grown during the pandemic. Walmart recently reported the pandemic helped drive its own e-commerce sales, fueled  by online grocery, up 97% in the past quarter.

Image Credits: Walmart

Meanwhile, Amazon’s grocery strategy since its 2017 purchase of Whole Foods has yet to be streamlined. Amazon today continues to offer two different online grocery services, Amazon Fresh and Whole Foods, with a varying array of pickup and delivery options, potentially leading to consumer confusion.

That said, the pandemic has led to massive sales increases for Amazon and Walmart, along with other essential retailers like Target, with all involved reporting stellar earnings in recent quarters.

Walmart’s plans for a new subscription program had previously been reported and a placeholder website has also been live for some time. In August, Walmart CEO Doug McMillon told investors on the company’s earnings call that it was readying the launch a membership program that would be centered around delivery. He noted also at the time how Walmart’s existing “Delivery Unlimited” subscription, launched last year, would serve a “great base of an offer” for the broader program, but didn’t offer a launch time frame.

Earlier reports said the service would include other perks, like access to more grocery time slots, promotional deals and eventually a Walmart+ credit card. The retailer declined to speak to its plans, only saying that Walmart+ benefits would expand over time.

“As is the case with any great membership offering, these benefits are not intended to be static. We will continue to leverage our assets and scale to bring solutions at unprecedented value, all while holding true to the everyday low prices that customers know they can always expect from Walmart,” Whiteside said. “In the future, we will be leveraging our wide-ranging strengths to add additional benefits for members in a range of both services and offerings,” she added.

Sources: Apple is building ~75M 5G iPhones for later this year, along with two new Apple Watch versions, iPad Air with edge-to-edge screen, and smaller HomePod (Bloomberg)

Bloomberg:
Sources: Apple is building ~75M 5G iPhones for later this year, along with two new Apple Watch versions, iPad Air with edge-to-edge screen, and smaller HomePod  —  - Headphones, new Watch models, iPad Air, smaller HomePod coming  — Supply chain, consumer interest hold up in pandemic, recession



Facebook to block news on Australian sites after new law, riling lawmakers

https://ift.tt/3lJzNoH

Troubleshooting a slow Windows PC

Most of the time a sluggish PC is because of what we unknowingly do to it, the better. The best way to solve this is to weed out the problem by following some basic ​steps. https://ift.tt/2Ghmbk8

Electricians are flocking to regions around the US to build data centers, as AI shapes up to be an economy-bending force that creates boom towns (New York Times)

New York Times : Electricians are flocking to regions around the US to build data centers, as AI shapes up to be an economy-bending force...