PuceBaboon writes: Ars Technica is reporting that some owners of Western Digital's My Book network-connected disk drives are experiencing data loss on their devices. The as yet unverified problem appears to be an externally initiated factory-reset, resulting in a loss of all existing data. At this early stage, Western Digital is warning users that they should disconnect their devices from the internet to protect their data. A thread on Western Digital's support forum alerted Ars Technica of the problem. Western Digital representatives write in an email: The incident is under active investigation from Western Digital. We do not have any indications of a breach or compromise of Western Digital cloud services or systems. We have determined that some My Book Live devices have been compromised by a threat actor. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. At this time, we are recommending that customers disconnect their My Book Live devices from the Internet to protect their data on the device. We have issued the following statement to our customers and will provide updates to this thread when they are available: https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147
UPDATE (6/26): Western Digital wrote Friday that "Some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools." After reviewing logs from their affected customers, the company now believes the affected devices were directly accessible from the Internet, allowing attackers to remotely install a malicious Trojan file.

"Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning."

An anonymous reader quotes a report from Bloomberg: Amazon won a Texas trial in which it was accused of incorporating an Israeli company's patented "smart kitchen" inventions for voice commands to shop for groceries online into the Alexa digital assistant. Amazon didn't infringe three patents owned by closely held Ikan Holdings LLC's Freshub unit, the federal jury in Waco, Texas, said Tuesday. Freshub said its inventions allow consumers to create shopping lists, establish a shopping cart and order from their local grocer by using voice commands or scanning bar codes of products with an internet-connected device. Amazon knew of Freshub and its patents when it incorporated the technology into its Alexa assistant and Echo smart speakers, and promoted it for use with its Whole Foods grocery chain, Freshub claimed.

Amazon accused the company of manipulating patent applications to ensure they covered Alexa and Echo after the popular products had already entered the market. Amazon also warned jurors that a victory for Freshub would mean more lawsuits by the company against other tech firms like Apple and Google. Freshub argued consumers using the technology spent more money, so it was entitled to $3.50 per unit sold with the functionality, for a total of $246 million. Amazon argued that the patents were worth at most $1 million.

Google says it will scan the extensions users install in their Chrome browsers and warn users if they are adding an extension from a new or untrusted developer. From a report: The new extension scanning feature will be part of a Google security feature called Enhanced Safe Browsing, which Google added to Chrome in May last year. Google says trusted developers are those who adhere to the Chrome Web Store Developer Program Policies. "For new developers, it will take at least a few months of respecting these conditions to become trusted," the browser maker said in a blog post today. Currently, Google said that almost 75% of all extensions hosted on the Chrome Web Store were developed by "trusted developers." For the rest, the browser will show an alert like the one below if users had enabled Enhanced Safe Browsing in their Chrome settings page.

The European Union (EU) is set to unveil plans for a bloc-wide digital wallet on Wednesday, following requests from member states to find a safe way for citizens to access public and private services online, the Financial Times reported. Reuters reports: The app will allow citizens across the EU to securely access a range of private and public services with a single online ID, according to the FT report on Tuesday. The digital wallet will securely store payment details and passwords and allow citizens from all 27 countries to log onto local government websites or pay utility bills using a single recognized identity, the newspaper said, citing people with direct knowledge of the plans.

The EU-wide app can be accessed via fingerprint or retina scanning among other methods, and will also serve as a vault where users can store official documents like the driver's license, the newspaper reported. EU officials will enforce a structural separation to prevent companies that access user data from using the wallet for any other commercial activity such as marketing new products.

Do gamers need a dedicated browser? Opera sure thinks so. Two years after launching Opera GX, a browser aimed at gamers, on desktop, the company has started to beta test Opera GX on iOS and Android. From a report: So what sets it apart from regular browsers? For starters, Opera GX features a control panel that lets you set limits on CPU, RAM and network bandwidth. Mobile users can also utilize the fast action button to quickly access functions like search and to open and close tabs. Exporting elements from the world of gaming, the button also uses vibrations and haptic feedback. You can also sync the mobile browser with the desktop version by scanning a QR code. Doing this will allow you to transfer across files of up to 10MB, links, YouTube videos, photos and various ephemera. The company says it expects Opera GX for iOS and Android to leave beta in a few weeks.

An anonymous reader quotes a report from Motor1: Roads are lined with unattractive billboards many of us ignore on our daily commutes, but Ford's new tech will make sure we don't miss them anymore. The system works by scanning the billboards, interpreting the information on the sign, and delivering the most useful bits right into the vehicle's display. It sounds invasive and distracting, with a side of Orwellian creepiness tossed on top for good measure. For now, though, this is just a patent application and may never see implementation, but it's not difficult to see how this could be useful to automakers and advertisers. Ford's application says the tech could display an advertiser's products or services, directions to the store, or the phone number.

It's not a stretch to imagine a future where you're driving down the road, and your car sees a sign for your favorite restaurant, prompting you to place an order because the vehicle knows Thursday is take-out night. Cars are only getting infused with more technology designed to assist people in their day-to-day lives, and this would be another avenue to do just that, creating a tailored driving experience. It could also force advertisers to pay Ford to access to its fleet of billboard-scanning-equipped cars, expanding revenue streams beyond the car itself. In a comment to Motor1, Ford says the company submits "patents on new inventions as a normal course of business, but they aren't necessarily an indication of new business or product plans."

Amazon One is now testing its palm-scanning payment technology in Whole Foods, starting with a single store in Amazon's home city of Seattle. The Verge reports: The company has been using Amazon One payment technology in its Amazon-branded stores in the Seattle area (including Amazon Go and Amazon Books), but the Whole Foods rollout will make the most substantial expansion of the technology yet. The company says that thousands of customers have already signed up with Amazon One. According to an Amazon FAQ, the palm-scanning technology analyzes "the minute characteristics of your palm -- both surface-area details like lines and ridges as well as subcutaneous features such as vein patterns" in order to identify a customer, allowing them to use the biometric scan as an alternative (and, theoretically, faster) method of checking out than fumbling around with a credit card or cash.

Customers will be able to register their palms at kiosks in the supported Whole Foods stores, allowing them to associate a physical credit card to that palm scan. And of course, Amazon One users will be able to link their Prime accounts to their scans to get the subscription service's discounts when shopping. Amazon One will debut at the Madison Broadway Whole Foods in Seattle as an additional payment option for customers, with plans to expand it to seven other Whole Foods stores in the Seattle area over the next few months. Amazon hasn't announced plans to further build out the palm-scanning payment system outside of the Seattle area.

Amazon.com has opened a new hair salon in East London to showcase augmented reality and "point and learn" marketing technology that lets customers point their phones at a product to get more information. From a report: The 1,500 square-foot (139 square-meter) salon is set in London's Spitalfields neighborhood, the company said in a blog post on Tuesday. Customers will be able to try out new hair colors virtually and "capture their new look in a dedicated creative area," the company said. Visitors will also be able to order products in the salon via Amazon by scanning QR codes. In recent years, Amazon has started a range of brick-and-mortar formats, including cashierless convenience stores, a supermarket chain, book shops and stores selling a potpourri of bestselling items. The company often launches experiments, learns from them and then moves on -- sometimes folding the expertise into new projects or abandoning the idea entirely. With no current plans to open additional locations, Amazon may consider the salon as one of its signature tests. London is just beginning to ease Covid-19 lockdown restrictions, with salons reopening in England on April 12. Amazon salon customers will be offered free face masks and sanitizer, temperature checks and the venue will operate at a reduced capacity.

Security researcher Brian Krebs wants you to know... "New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let's just get this out of the way right now: It wasn't me." The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with [a domain that begins with brian . krebsonsecurity... Not a safe domain.] Shadowserver has been tracking wave after wave of attacks targeting flaws in Exchange that Microsoft addressed earlier this month in an emergency patch release. The group looks for attacks on Exchange systems using a combination of active Internet scans and "honeypots" — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.

David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. "web shells") that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server's emails)... Shadowserver's honeypots saw multiple hosts with the Babydraco backdoor doing the same thing: Running a Microsoft Powershell script that fetches the file "krebsonsecurity.exe"... Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. The Krebsonsecurity file also installs a root certificate, modifies the system registry, and tells Windows Defender not to scan the file. Watson said the Krebsonsecurity file will attempt to open up an encrypted connection between the Exchange server and the above-mentioned IP address, and send a small amount of traffic to it each minute.

Shadowserver found more than 21,000 Exchange Server systems that had the Babydraco backdoor installed. But Watson said they don't know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain. "Despite the abuse, this is potentially a good opportunity to highlight how vulnerable/compromised MS Exchange servers are being exploited in the wild right now, and hopefully help get the message out to victims that they need to sign up our free daily network reports," Watson said.

A new feature has appeared at smoke shops in Montana, gas stations in the Carolinas and delis in far-flung corners of New York City: a brightly-lit bitcoin ATM, where customers can buy or sell digital currency, and sometimes extract hard cash. From a report: The machines have multiplied quickly through the United States over the past year, fueled by a frenzy in crypto trading that sent bitcoin prices over $58,000. Kiosk operators such as CoinFlip and Coin Cloud have installed thousands of ATMs, scouring areas competitors have not yet reached, executives told Reuters. "I just assumed there was demand and people wanted bitcoin everywhere," said Quad Coin founder Mark Shoiket, who flew to Montana after scanning a U.S. map for bitcoin ATM deserts. During a week-long road trip, he found seven places to install machines, including 406 Glass, a store in Billings, Montana, that sells tobacco, vape juice and colorful glass pipes. As of January, there were 28,185 bitcoin ATMs in the United States, according to howmanybitcoinatms.com, an independent research site. Roughly 10,000 came within the prior five months.

An anonymous reader quotes a report from The Verge: Amazon One, the technology that lets customers pay in shops by scanning their palm, is expanding to more stores in the greater Seattle area. The company says it's available starting today in its 4-star store in Lynnwood, and in the coming weeks, Amazon One is also coming to its Amazon Books store in Bellevue and its 4-star and Pop Up stores in South Lake Union. In total, 12 of Amazon's physical stores will soon feature the technology.

The e-commerce giant announced its palm recognition Amazon One system last year. It works by scanning your hand and identifying its unique characteristics like surface area details and vein patterns. Palm scanning technology has been around for a few years, and it's pretty secure as biometric security methods go, though there are concerns about how Amazon might use the data gathered as part of the system. So far, Amazon has made Amazon One available as a payment option across a number of its own-branded physical stores around Seattle. But in the longer term, the company hopes the convenience factor of being able to confirm your identity using just your hand will convince third-party businesses to use the service, too.

An anonymous reader shares a report: Dark clouds loom over the pine forest surrounding Hummelsta, a town of 1,000 people that hasn't had any local shops for a decade. Since December, a red wooden container, about the size of a mobile home, has offered a lifeline. It's a mini supermarket that locals can access round-the-clock. "We haven't had any shops here during the time we have been here, and getting this now is perfect," says 31-year-old Emma Lundqvist who moved to Hummelsta with her boyfriend three years ago. "You don't need to get into the city to buy this small stuff," she adds, pointing to the packet of bacon she's popped in for. There's a wide assortment of groceries available, from fresh fruit and vegetables to Swedish household staples like frozen meatballs, crisp breads and wafer bars. But there are no staff or checkouts here. You open the doors using the company's app, which works in conjunction with BankID, a secure national identification app operated by Sweden's banks. Then, you can scan barcodes using your smartphone and the bill is automatically charged to a pre-registered bank card.

The store is part of the Lifvs chain, a Stockholm-based start-up that launched in 2018 with the goal of returning stores to remote rural locations where shops had closed down because they'd struggled to stay profitable. In Asia several companies including Alibaba are testing unstaffed stores in more urban locations. Amazon has also opened supermarkets in US cities and this month in the UK, which use sensors and cameras to work out what you've bought, so there's not even the need for self-scanning. But Lifvs co-founder Daniel Lundh saw the opportunity in rural locations: "There were food deserts where people had to travel to the next town or city to pick up their groceries and so we definitely saw that there was a need." Alongside skipping the need to pay cashiers, the firm also avoids pricey long-term rental leases. And if there's less footfall than expected in one location, the wooden containers can easily be picked up and tested elsewhere.

"WhatsApp, the Facebook-owned messaging platform used by 2 billion people largely in the global south, has become a particularly troublesome vector for misinformation," writes Quartz — though it's not clear what the answer is: The core of the problem is its use of end-to-end encryption, a security measure that garbles users' messages while they travel from one phone to another so that no one other than the sender and the recipient can read them. Encryption is a crucial privacy protection, but it also prevents WhatsApp from going as far as many of its peers to moderate misinformation. The app has taken some steps to limit the spread of viral messages, but some researchers and fact-checkers argue it should do more, while privacy purists worry the solutions will compromise users' private conversations...

In April 2020, WhatsApp began slowing the spread of "highly forwarded messages," the smartphone equivalent of 1990s chain emails. If a message has already been forwarded five times, you can only forward it to one person or group at a time. WhatsApp claims that simple design tweak cut the spread of viral messages by 70%, and fact-checkers have cautiously cheered the change. But considering that all messages are encrypted, it's impossible to know how much of an impact the cut had on misinformation, as opposed to more benign content like activist organizing or memes. Researchers who joined and monitored several hundred WhatsApp groups in Brazil, India, and Indonesia found that limiting message forwarding slows down viral misinformation, but doesn't necessarily limit how far the messages eventually spread....

This isn't just a semantic argument, says EFF strategy director Danny O'Brien. Even the smallest erosion of encryption protections gives Facebook a toehold to begin scanning messages in a way that could later be abused, and protecting the sanctity of encryption is worth giving up a potential tool for curbing misinformation. "This is a consequence of a secure internet," O'Brien says. "Dealing with the consequences of that is going to be a much more positive step than dealing with the consequences of an internet where no one is secure and no one is private...."

No matter what WhatsApp does, it will have to contend with dueling constituencies: the privacy hawks who see the app's encryption as its most important feature, and the fact-checkers who are desperate for more tools to curb the spread of misinformation on a platform that counts a quarter of the globe among its users.

Whatever Facebook decides will have widespread consequences in a world witnessing the simultaneous rise of fatal lies and techno-authoritarianism.

Catalin Cimpanu, reporting for The Record: A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered by French security researcher Julien Voisin. It targets Spectre, a major vulnerability that was disclosed in January 2018. [...] The vulnerability, which won a Pwnie Award in 2018 for one of the best security bug discoveries of the year, was considered a milestone moment in the evolution and history of the modern CPU. Its discovery, along with the Meltdown bug, effectively forced CPU vendors to rethink their approach to designing processors, making it clear that they cannot focus on performance alone, to the detriment of data security. Software patches were released at the time, but the Meltdown and Spectre disclosures forced Intel to rethink its entire approach to CPU designs going forward.

At the time, the teams behind the Meltdown and Spectre bugs published their work in the form of research papers and some trivial proof-of-concept code to prove their attacks. Shortly after the Meltdown and Spectre publications, experts at AV-TEST, Fortinet, and Minerva Labs spotted a spike in VirusTotal uploads for both CPU bugs. While initially there was a fear that malware authors might be experimenting with the two bugs as a way to steal data from targeted systems, the exploits were classified as harmless variations of the public PoC code published by the Meltdown and Spectre researchers and no evidence was found of in-the-wild attacks. But today, Voisin said he discovered new Spectre exploits -- one for Windows and one for Linux -- different from the ones before. In particular, Voisin said he found a Linux Spectre exploit capable of dumping the contents of /etc/shadow, a Linux file that stores details on OS user accounts.

While GameStop's surge has been heralded as a victory for underdogs, "Growing evidence casts doubt on the idea that the episode mostly benefited small-time investors..." reports the Washington Post. (Alternate URLs here and here
"And, in at least some cases, novice investors lost their shirts." Giant mutual funds that own the largest stakes in GameStop saw the biggest gains in value. Hedge funds — some that have started using algorithms to track retail investors on social media sites — appear to have bought and sold millions of shares during the stock's most volatile period of trading, industry experts said... Instead of heralding a new wave of investor populism, the rise and fall of GameStop's stock may end up reinforcing what professional investors have known for a long time: Wall Street is very good at making money, and more often than not, smaller investors lose out to wealthy traders and giant institutions.

The four largest asset managers in the world together own 39 percent of GameStop shares, according to regulatory filings. Those stakes, which are mostly held for years in passive index funds, have collectively gained roughly $1 billion in value since the beginning of this year. One hedge fund, Senvest Management, recently boasted to clients that it made more than $700 million from a bet it placed on GameStop in September, the Wall Street Journal reported last week...

The sheer number of shares that changed hands during the stock's most manic trading period in late January suggests the episode was driven by more than just small, retail investors. Some hedge funds bought shares because they were forced to "cover" their short positions — a financial cost imposed on investors who bet a stock will go down before it goes up. Meanwhile, other hedge fund managers were probably taking calculated, short-term risks buying and selling as the stock price traded up, said Robert J. Shapiro, a policy fellow at Georgetown University and former economic adviser to President Bill Clinton. "You have hundreds of millions of shares being traded at prices of $200 to $300 a share," Shapiro said. "The Reddit crew cannot afford to play in this game in any significant way...."

Hedge funds have started to build algorithms or hire outside firms that specialize in scanning conversations on Reddit and Twitter for clues about what retail traders are thinking... "The most innovative investment firms realized that tracking Reddit was important to portfolio management," said Justin Zhen, co-founder of Thinknum Alternative Data, a New York software firm with more than 300 clients who pay for data scraped from various sources across the Web...

industry experts say the soaring stock price was almost certainly given a boost by the hidden hand of larger investors...

Another possibility regulators are examining is whether employees of large Wall Street firms were actively using the Reddit forum to boost their portfolios.
The Post also got this pithy summation from Andrew Hong, an analyst for a financial software company in Toronto. "There are some really smart people on [WallStreetBets], but for the most part, all this is just poor habitual gambling addicts versus rich habitual gambling addicts."

An anonymous reader quotes a report from ZDNet: Analysts from security firm Trend Micro said in a report today that they've spotted a malware botnet that collects and steals Docker and AWS credentials. Researchers have linked the botnet to a cybercrime operation known as TeamTNT; a group first spotted over the 2020 summer installing cryptocurrency-mining malware on misconfigured container platforms. Initial reports at the time said that TeamTNT was breaching container platforms by looking for Docker systems that were exposing their management API port online without a password.

Researchers said the TeamTNT group would access exposed Docker containers, install a crypto-mining malware, but also steal credentials for Amazon Web Services (AWS) servers in order to pivot to a company's other IT systems to infect even more servers and deploy more crypto-miners. At the time, researchers said that TeamTNT was the first crypto-mining botnet that implemented a feature dedicated to collecting and stealing AWS credentials. But in a report today, Trend Micro researchers said that the TeamTNT gang's malware code had received considerable updates since it was first spotted last summer. TeamTNT has now also added a feature to collect Docker API credentials, on top of the AWS creds-stealing code. This feature is most likely used on container platforms where the botnet infects hosts using other entry points than its original Docker API port scanning feature.

According to Reuters, Apple is moving forward with self-driving car technology and is targeting 2024 to produce a passenger vehicle that could include its own breakthrough battery technology. From the report: The iPhone maker's automotive efforts, known as Project Titan, have proceeded unevenly since 2014 when it first started to design its own vehicle from scratch. At one point, Apple drew back the effort to focus on software and reassessed its goals. Doug Field, an Apple veteran who had worked at Tesla Inc, returned to oversee the project in 2018 and laid off 190 people from the team in 2019. Since then, Apple has progressed enough that it now aims to build a vehicle for consumers, two people familiar with the effort said, asking not to be named because Apple's plans are not public. Apple's goal of building a personal vehicle for the mass market contrasts with rivals such as Alphabet Inc's Waymo, which has built robo-taxis to carry passengers for a driverless ride-hailing service.

Central to Apple's strategy is a new battery design that could "radically" reduce the cost of batteries and increase the vehicle's range, according to a third person who has seen Apple's battery design. [...] As for the car's battery, Apple plans to use a unique "monocell" design that bulks up the individual cells in the battery and frees up space inside the battery pack by eliminating pouches and modules that hold battery materials, one of the people said. Apple's design means that more active material can be packed inside the battery, giving the car a potentially longer range. Apple is also examining a chemistry for the battery called LFP, or lithium iron phosphate, the person said, which is inherently less likely to overheat and is thus safer than other types of lithium-ion batteries. [...]

Two people with knowledge of Apple's plans warned pandemic-related delays could push the start of production into 2025 or beyond. Apple has decided to tap outside partners for elements of the system, including lidar sensors, which help self-driving cars get a three-dimensional view of the road, two people familiar with the company's plans said. Apple's car might feature multiple lidar sensors for scanning different distances, another person said. Some sensors could be derived from Apple's internally developed lidar units, that person said. Apple's iPhone 12 Pro and iPad Pro models released this year both feature lidar sensors.

An anonymous reader shares a report: Privacy concerns in Europe have led to some of the world's toughest restrictions on companies like Facebook and Google and the ways they monitor people online. The crackdown has been widely popular, but the regulatory push is now entangled in the global fight against child exploitation, setting off a fierce debate about how far internet companies should be allowed to go when collecting evidence on their platforms of possible crimes against minors. A rule scheduled to take effect on Dec. 20 would inhibit the monitoring of email, messaging apps and other digital services in the European Union. It would also restrict the use of software that scans for child sexual abuse imagery and so-called grooming by online predators. The practice would be banned without a court order. European officials have spent the past several weeks trying to negotiate a deal allowing the detection to continue. But some privacy groups and lawmakers argue that while the criminal activity is abhorrent, scanning for it in personal communications risks violating the privacy rights of Europeans.

"Every time things like these unbelievable crimes are happening, or there is a terrorist attack, it's very easy to say we have to be strong and we have to restrict rights," said Birgit Sippel, a German member of the European Parliament. "We have to be very careful." Of the more than 52 million photos, videos and other materials related to online child sexual abuse reported between January and September this year, over 2.3 million came from the European Union, according to the U.S. federal clearinghouse for the imagery. If the regulation took effect, the rate of reports from Europe would drop precipitously, because automated scanning is responsible for nearly all of them. Photo- and video-scanning software uses algorithms to compare users' content with previously identified abuse imagery. Other software targeted at grooming searches for key words and phrases known to be used by predators. Facebook, the most prolific reporter of child sexual abuse imagery worldwide, said it would stop proactive scanning entirely in the E.U. if the regulation took effect. In an email, Antigone Davis, Facebook's global head of safety, said the company was "concerned that the new rules as written today would limit our ability to prevent, detect and respond to harm," but said it was "committed to complying with the updated privacy laws."

Two metal-detector enthusiasts discovered a Viking hoard. It was worth a fortune -- but it became a nightmare. From a report: Leominster, in the West Midlands area of England, is an ancient market town where the past and the present are jumbled together like coins in a change purse. Shops housed in half-timbered sixteenth-century Tudor buildings face the main square, offering cream teas and antiques. The town's most lurid attraction is a well-preserved ducking stool, a mode of punishment in which an offender was strapped to a seat and dunked into a pond or a river while neighbors jeered; the device, last employed in 1809, is now on incongruous display inside the Priory Church, which dates to the thirteenth century. Christianity has even older roots in Leominster: a monastery was established around 660 by a recent convert, the Saxon leader Merewalh, who is thought to have been a son of Penda, the King of Mercia. For much of the early Middle Ages, Mercia was the most powerful of the four main Anglo-Saxon kingdoms, the others being Wessex, East Anglia, and Northumberland. In the tenth century, these realms were unified to become the Kingdom of England. Although the region surrounding Leominster (pronounced "Lemster") is no longer officially known as Mercia, this legacy is preserved in the name of the local constabulary: the West Mercia Police.

On June 2, 2015, two metal-detector hobbyists aware of the area's heritage, George Powell and Layton Davies, drove ninety minutes north of their homes, in South Wales, to the hamlet of Eye, about four miles outside Leominster. The farmland there is picturesque: narrow, hedgerow-lined lanes wend among pastures dotted with spreading trees and undulating crop fields. Anyone fascinated by the layered accretions of British history -- or eager to learn what might be buried within those layers -- would find it an attractive spot. English place-names, most of which date back to Anglo-Saxon times, are often repositories of meaning: the name Eye, for example, derives from Old English, and translates as "dry ground in a marsh." Just outside the hamlet was a rise in the landscape, identified on maps by the tantalizing appellation of King's Hall Hill. Powell, a warehouse worker in his early thirties, and Davies, a school custodian a dozen years older, were experienced "detectorists." There are approximately twenty thousand such enthusiasts in England and Wales, and usually they find only mundane detritus: a corroded button that popped off a jacket in the eighteen-hundreds, a bolt that fell off a tractor a dozen years ago. But some detectorists make discoveries that are immensely valuable, both to collectors of antiquities and to historians, for whom a single buried coin can help illuminate the past. Scanning the environs of King's Hall Hill, the men suddenly picked up a signal on their devices. They dug into the red-brown soil, and three feet down they started to uncover a thrilling cache of objects: a gold arm bangle in the shape of a snake consuming its own tail; a pendant made from a crystal sphere banded by delicately wrought gold; a gold ring patterned with octagonal facets; a silver ingot measuring close to three inches in length; and, stuck together in a solid clod of earth, what appeared to be hundreds of fragile silver coins.

An anonymous reader quotes a report from Ars Technica: Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department. The attack drew considerable concern because it's the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. The hackers -- who have been linked to a Moscow-based research lab owned by the Russian government -- have also targeted a second facility and been caught scanning US power grids.

Now the Treasury Department is sanctioning the group, which is known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics or its Russian abbreviation TsNIIKhM. Under a provision in the Countering America's Adversaries Through Sanctions Act, or CAATSA, the US is designating the center for "knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation." Under the sanctions, all property of TsNIIKhM that is or has come within the possession of a US person is blocked, and US persons are generally prohibited from engaging in transactions with anyone in the group. What's more, any legal entity that's 50-percent or more owned by one of the center members is also blocked. Some non-US persons who engage in transactions with TsNIIKhM may be subject to sanctions.