Daily Digest (11/11)

EU Sues Amazon on Antitrust Charges Over Use of Data; Vulnerabilities Affect 100,000 Sites Using WordPress Plugin.

Click “Continue reading” below.

EU Sues Amazon on Antitrust Charges Over Use of Data

The European Union filed antitrust charges Tuesday against Amazon, accusing the e-commerce giant of using its access to data from companies that sell products on its platform to gain an unfair advantage over them.

The charges, filed two years after the bloc’s antitrust enforcer began investigating the company, are the latest effort by European regulators to curb the power of big-tech companies, The Associated Press reports.

Earlier this summer, Margrethe Vestager, the EU commissioner in charge of competition issues, slapped Google with antitrust fines totaling nearly $10 billion and opened two antitrust probes into Apple.

The EU’s executive commission also opened its own investigation Tuesday into whether Amazon favored product offers and merchants that use its own logistics and delivery system.

While the U.S. initially criticized the EU for targeting American companies, it more recently has started taking a tougher line on big tech as well, suing Google this year for abusing its dominance in online search and advertising.

According to AP, the EU’s investigation found that Amazon was accessing and analyzing real-time data from other vendors selling goods on its platform to decide which new products of its own to launch and how to price and market them.

That “appears to distort genuine competition,” Vestager said.

Investigators focused on the practice in France and Germany, the company’s two largest EU markets, but Vestager did not give specific examples of merchants affected by Amazon’s behavior, AP reports.

Amazon faces a possible fine of up to 10% of its annual worldwide revenue — or as much as $28 billion, based on last year’s earnings.

The Seattle-based company rejected the accusations.

“We disagree with the preliminary assertions of the European Commission and will continue to make every effort to ensure it has an accurate understanding of the facts,” the company told AP in a statement.

Source:

Vulnerabilities Affect 100,000 Sites Using WordPress Plugin

Researchers have discovered critical privilege-escalation vulnerabilities in a WordPress plugin installed in 100,000 websites.

The three flaws in Ultimate Member were detected by Wordfence’s Threat Intelligence Team, which described them as “critical and severe” and “easy to exploit,” Infosecurity reports.

By abusing the flaws, an attacker could escalate their privileges to administrator level and could completely take over a WordPress site.

“Once an attacker has administrative access to a WordPress site, they have effectively taken over the entire site and can perform any action, from taking the site offline to further infecting the site with malware,” researchers told Infosecurity.

Researchers found the first flaw on Oct. 19 and reached out to the plugin’s developer four days later.

Ultimate Member is a free user-profile plugin deployed to create online communities and membership sites with WordPress. It allows site owners to create custom roles and manage the privileges of site members.

“After establishing an appropriate communication channel, we provided the full disclosure details on Oct. 26,” researchers said.

The developer acted swiftly, sending Wordfence a copy of the first intended patch for testing on Oct. 26. 

The remaining flaws were fixed with an updated copy provided by the developers to Wordfence three days later. A patched version of Ultimate Member, 2.1.12, was released on Oct. 29, Infosecurity reports.

Source:

— By DPN Staff