The new film about an FBI agent chasing a white supremacist terror cell is based on a true story—and one that connects the headlines of 30 years ago to those of today.

In _The Order,_ director Justin Kurzel’s electric new film, Terry Husk, a haggard, possessed FBI veteran played by Jude Law, pores over a thin paperback with a blood-red cover, paging through diagrams of targeted killings, bombings, and a gallows erected in front of the United States Capitol.

“There are six steps in that book,” says a young sheriff deputized as his assistant, played by Tye Sheridan. He gives the Cliff Notes version as he scours the book, his eyes riveted.

“Recruiting,” he says. “Fundraising. Armed revolution. Domestic terror. Assassination.

“Number six is the day of the rope.”

The book is _The Turner Diaries_, a 1978 novel that depicts the violent overthrow of the American government by armed white supremacist insurgents and the extermination of people of color and Jews in a race war. Photocopied pages from it were found in Oklahoma City bomber Timothy McVeigh’s getaway car when he was apprehended by law enforcement.

Along with Husk and Bob Mathews—the founder of a murderous underground white supremacist guerrilla outfit that counterfeited money and robbed banks and armored cars, played by Nicholas Hoult—_The Turner Diaries_ is the third major character in _The Order_. Though Mathews formally named his group the Silent Brotherhood and claimed he took little inspiration from William Luther Pierce’s incendiary novel, he and his comrades did refer to their group as “The Order”—the same term used in the book for the protagonist’s genocidal militants.

The book’s crimson cover and lurid drawings resurface time and time again. Mathews reads excerpts to his young son before bedtime; a pastor at a neo-Nazi compound in Idaho proffers it to visiting law enforcement agents; and it turns up in the hands of FBI agents desperately seeking to plot out the insurgents’ next moves.

_The Order_ unearths a critical chapter in the history of the American extreme right largely forgotten by the general public. The murder of Jewish talk radio host Alan Berg in 1984 by two of Mathews’ acolytes brought the Order to national attention 30 years ago and inspired not one but two Hollywood films in that decade—_Betrayed_ and Oliver Stone’s _Talk Radio_. Since then, though, only close observers of prison gang and skinhead culture have had cause to track mentions of the Silent Brotherhood by tweaked-out Aryan Brotherhood killers or the annual “Martyrs Day” pilgrimage of Hammerskins from across the West Coast to Whidbey Island in the Puget Sound, where Mathews met his fiery death during a shootout with the FBI.

Now, as the country ponders a return to the 2016-2020 period, when Mathews’ ideological offspring ran riot from Oregon to Washington, DC, his saga is getting marquee billing.

While the film debuts almost a full decade into the American extreme right’s current revival, screenwriter Zach Baylin and producer Bryan Haas began developing the project back in 2016, before the deadly 2017 Unite the Right rally in Charlottesville, Virginia. Baylin tells WIRED that he and Haas stumbled on _The Turner Diaries_ while researching Ruby Ridge, the 1990s militia movement, and McVeigh (who slept with the book under his pillow) and casting around for a lesser-known story to explore the origins of American extremism.

“We were looking to encase the story of one of these groups inside a classic crime thriller,” Baylin says. They stumbled across _The Silent Brotherhood_, a 1989 book by reporters Kevin Flynn and Gary Gerhardt that traced the entire arc of Mathews’ crime spree, from his teenage radicalization through the John Birch Society and Phoenix militias all the way through his death and the subsequent criminal trials of his followers.

“The crimes the Order committed and the way the investigation unfolded, it had the framework of the kind of film that we’d been talking about,” he said.

Flynn and Gerhart’s book, which began with their coverage of Berg’s assassination in his driveway and followed the Order’s saga through the federal pursuit, investigation, and prosecution, is remarkably detailed. Once members of the group were up for trial, Flynn and Gerhart spent hours interviewing them in the Arapahoe County jail, gathering priceless material that allowed them to reconstruct the terrorist group’s inner workings in minute detail. Readers of the book, which is back in print (with a new title) after three decades off the shelves, will note the film’s fidelity to life, particularly in the robbery and heist scenes. However, for Flynn and Gerhardt—who died in 2015—the minutiae of Mathews’ terror campaign were a mechanism to engage audiences with a deeper, darker reality.

“We didn’t write the book for the details. We wrote it to expose the banality of evil, so readers could understand where these folks come from and how endemic it is in American society,” says Flynn, who reported for the Rocky Mountain News for nearly three decades before it shuttered in 2009. Since 2015, he has served as a city councilman in Denver.

_The Order_ is the sort of film America does not produce anymore. Its taut action scenes hearken back to _Heat_, _To Live and Die in L.A._, _The French Connection_, and Sidney Lumet’s police corruption canon (_Serpico_, _Prince of the City_, _Q&A_); the droning soundtrack does not overwhelm viewers; and Adam Arkapaw’s washed-out cinematography encapsulates both the grandeur and the intimidating solitude of the interior Pacific Northwest. The dialog is sparing, direct, and—in spite of Mathews’ grandiose promises of a renewed whites-only bastion in the Pacific Northwest—remarkably free of proselytizing.

For a movie shot in such wide-open landscapes, _The Order_ is tinged through with claustrophobia, a testament to the tension rife throughout Baylin’s writing and Kurzel’s meticulous direction. Like Al Pacino and Robert DeNiro in Michael Mann’s _Heat_, Hoult and Law only come face to face with each other a few times before their penultimate confrontation. However, Kurzel had both actors follow each other for a day and compile dossiers on their opposite number to develop a granular sense of how a manhunt actually functions.

“I wanted them to ask themselves, what does that feel like having a relationship with someone you’re trying to take down? You’re living with a phantom, in a way,” Kurzel says.

Law, whose slow-burn performance is unlike any prior role from his four decades on stage and screen, says the similarities between Husk and Mathews as two opposites of the same coin are at the core of _The Order_’s dramatic tension.

“They’re more alike than they’d ever admit—both are driven, charismatic, and know exactly how to manipulate those around them to achieve their goals,” he says. “Nicholas and I really leaned into that symmetry during our scenes together. It’s almost like they’re looking into a dark mirror—each recognizing qualities in the other that they either admire or fear. That underlying connection adds layers to their conflict, making it not just a clash of ideologies but also a deeply personal battle. It was fascinating to explore that tension with Nicholas.”

Mathews’ brief campaign of armed insurgency and domestic terrorism has continued to inspire generations of extremists in the United States and beyond, from McVeigh and the neo-Nazi bankrollers of the Aryan Republican Army to the killers of Germany’s National Socialist Underground, all the way through to contemporary groups like Atomwaffen Division, the Base and the Terrorgram Collective. The latter group, which federal law enforcement believes to be a “bold-letter, category one” domestic terrorism threat, circulates voluminous propaganda booklets that meld the ethos of _The Turner Diaries_ with Ted Kaczynski’s anti-industrial-civilization ethos and neo-Nazi occultism.

Terrorgram’s materials, which include viable bomb-making instructions, camouflage and tactical guides, and instructions on how to disable critical infrastructure like electrical substations, water treatment plants and dams, have radicalized at least one so-called “saint,” or mass shooter, and are alleged to have been connected to a series of power grid attacks in North Carolina as well as several active federal prosecutions.

“William Pierce doesn’t build bombs,” Mark Potok of the Southern Poverty Law Center, told Rolling Stone a quarter of a century ago. “He builds bombers.” In many ways, the Terrorgram Collective fulfills the same role now, and its publications have become the modern-day version of the _Turner Diaries_. Disseminated worldwide through the moderation-free wilderness of Telegram, the group’s message of hate and violence is now circulating independently of any organized group or ideology for disaffected, unbalanced “lone wolves” to latch onto as justification for future atrocities.

While _The Order_ remains firmly rooted in the past save for one passing reference to the 1995 Oklahoma City bombing in a title card, during production there was no escaping the drumbeat of resurgent far-right militancy in the United States. Kurzel, the director, recalls watching news coverage of the January 6 insurrection and remarking on the gallows erected outside the Capitol building—a drawing of which features in the book and the exposition scene with law. “_The Turner Diaries_ started to become more visible in a present-day setting in a way I was kind of shocked by,” he says, speaking to WIRED from his Tasmania residence. Indeed, following January 6, Amazon removed _The Turner Diaries_ from its online inventory.

Hoult’s bravura portrayal of an ice-cool, controlled yet menacing Mathews through the Order’s campaign of armed robbery, counterfeiting, murder, and armed confrontation with the FBI is one of the film’s dual anchors. Aside from a striking physical resemblance to the Silent Brotherhood’s founder, Hoult closely studied his subject, aping Mathews’ mannerisms and movements from old documentary footage, studying texts that radicalized his subject, lifting weights, and cutting alcohol from his diet.

“Mathews was someone who thought and planned so in advance of what his ultimate goal was, I think he always kept in sight. That’s something Justin and I spoke about, that he wouldn’t lose his head on trivial things or things that would potentially harm his cause. In his mind, he’d already, in some ways, planned his destiny,” Hoult tells WIRED.

By choosing to play Mathews with reserve instead of bombast, as more of a watcher who carefully observes his surroundings and other people to better understand how to turn situations to his advantage, Hoult aimed to show audiences how someone with the charisma of his villain could attract followers and build a movement.

“I think that shows how they penetrate communities and societies in a different way, and perhaps people in the future might be less susceptible to people who behave like him,” he says.

As with any artistic project that focuses on extremism and mass violence, _The Order_’s production team walked a fine line between showing Mathews’ magnetism and the murderous project at the heart of his ideology and actions.

“I think you need to understand the pull of a figure like this,” says Kurzel, whose prior films _Snowtown_ and _Nitram_ depicted, respectively, youthful serial killers and Australia’s worst mass shooting, the 1996 Port Arthur massacre. “Mathews is definitely someone who understands their reach and how to communicate and gather people. There’s gonna be a certain kind of charisma about that.”

Haas, one of the film’s producers, echoed Kurzel's remarks about art pushing the boundaries of acceptability. “It felt like part of the movie was to show the appeal of Bob. He was someone who had charisma, and that tied to these really toxic ideas is really dangerous,” Haas says, praising the “unrelenting realism” the cast brought to their performances.

Ultimately, the hope of slipping an unsparing portrayal of domestic extremism—produced outside of the Hollywood studio system—into the December award season is to reintroduce a discussion of radicalization to American society. “If you don’t learn from history, you’re doomed to repeat it—how a guy that, in the way Nick depicted him, could live down anybody’s street,” says Haas. “There are lots of people right now who are hurting and struggling and looking for answers.”

_Updated: 12/6/2024 4:01 pm EST: This story was updated to clarify which character reads out six steps given in_ The Turner Diaries.

The Real Story of “The Order”

The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.

Source: Photon Photo via Shutterstock

Open source components aimed at connecting applications to cloud resources and those written in Python have jumped up the list of critical packages, according to the latest rankings of the open source software ecosystem — a reordering that underscores the projects that need to be well-funded to improve the security of the software ecosystem.

The data-collection effort — known as the "Census of Free and Open Source Software" — classifies the open source projects into eight top 500 lists, depending on their ecosystem, whether version information is included, and whether direct and indirect dependencies are taken into account. The latest survey of software, known as Census III, found that packages for Python software and those meant to connect developers with specific cloud services — such as a toolkit for Amazon's Elastic Computing Cloud (EC2) or the API for connecting Go programs to Google Cloud — have become much more popular and, thus, critical to software development.

While cloud-native and hybrid development are by no means new, cloud providers have created an increasing number of software development kits (SDKs) for developers. Their widespread use has boosted those tools in the rankings of critical software, says David Wheeler, director of open source supply chain security for the Linux Foundation, which collaborates with Harvard Business School to produce the census.

"Cloud providers offer a lot of specialized services, but the early uses of cloud were a lot of lift-and-shift moves," he says. "Increasingly, we're seeing people write software specifically intended to be run on a cloud, \[and there is a\] rising level of these kinds of packages — it's something that is dramatically increasing."

The third "Census of Free and Open Source Software" report comes more than two years after the official publication of Census II in March 2022 — an initial version of that report was released in 2020 — and nine years after the original census report. The data-collection exercises aim to identify the most critical open source software so that the public and private sectors can effectively invest in the projects as a path to improve software security. Each software package is scored using data from software supply chain firms FOSSA, Snyk, Sonatype, and the Black Duck Cybersecurity Research Center.

The resilience of the software supply chain has become a major concern of the software industry and national governments. The Biden administration, for example, released a National Cybersecurity Strategy that firmly emphasized finding ways to improve the security of software and the open source ecosystem on which most applications rely.

**Critical Connections to the Cloud**

The Amazon Web Services (AWS) software development kit for Python, known as Boto3, rose to fifth place on the list of critical software on the "Non-npm, Direct, Version Agnostic Packages" list. The library was not ranked in the previous Census II. A similar package — aws-sdk — rose to the seventh spot on the JavaScript-ecosystem "npm, Direct, Version Agnostic Packages" list, from 307th in the previous census.

Other cloud-focused packages saw similar jumps: The software development kit to connect Go programs to Google Cloud ranked eighth, while the AWS kit for .NET rose to number 30. Neither were ranked in the previous census.

Because the Node Package Manager (npm) ecosystem sees a significant volume of JavaScript downloads — 4.5 trillion in 2024, compared to 530 billion for Python, according to Sonatype — the data overwhelms measurements of popularity. As a result, the census breaks out npm downloads from those for other software ecosystems.

The data underscores the criticality of open source software to the infrastructure underpinning cloud services, says Brian Fox, CTO and co-founder of Sonatype, a software supply chain management firm.

"Open source across the board just continues to see 'hockey stick' growth year after year, which is shocking — we're starting to see really, really big numbers," he says. "That's the reason why they're doing the census, because it is so important to be shining a light on these things."

**Perils of Python 2 Boost Compatibility Library**

Replacing or patching outdated software has become a central focus of efforts to eliminate vulnerabilities from software. Over the past decade, for example, Python developers have only slowly moved to use Python 3, which was originally introduced in 2006. Last year, 1% of Python developers used Python 2 as their primary programming language, down from 13% in 2019, according to data from JetBrains' annual "Developer Ecosystem" report.

As a result, a project designed to allow compatibility between software written in Python 2 and code in Python 3 — the "Six" project — has become a critical software component, according to Census III. Typically, Python versions are supported for five years. Python 3.11 — currently used by 27% of developers as their primary programming language, making it the most popular version at present — will reach its end of life in October 2027. The final version of Python 2 — version 2.7 — passed its end of life in January 2020.

The data does not address how often developers encounter — and interact with — components written in Python 2. The overwhelming shift to Python 3 is driving the use of Six, as developers need to use older code with programs written in the latest version of Python. In addition, certain groups of developers — such as 29% of data scientists and 19% of Web developers — continue to use some Python 2 code, according to data from JetBrains, a maker of development tools.

"If you look at the raw numbers, Python 3 is far more common, but in various specific domains Python 2 is still widely, widely used, which is why Six is showing up more," the Linux Foundation's Wheeler says. "I would argue it's why we're finally able to get so many more Python 3 users is because the bridge to move from 2 to 3 is easier."

While Census III is available to download from the Linux Foundation, companies should be automating their package management and regularly testing and updating their software, says Sonatype's Fox. The real lesson from the census is not which packages should be given the most attention, but which projects need additional funds and paid maintainers.

"The sustainability of the \[open source ecosystem\] is something that should be top of mind," he says. "We're dependent more and more on largely an aging and unpaid workforce for maintaining critical software — those two things together don't end well."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Open Source Security Priorities Get a Reshuffle

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition…

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition to a more digital approach has become important for businesses that want to stay ahead in the market. A big part of this change is using customer relationship management (CRM) systems. Salesforce is one of the top choices for CRMs because it offers a wide range of features that can be adapted to different industries. This article will explore how using Salesforce can help drive digital transformation in organizations.

****Understanding Digital Transformation****

Digital transformation involves integrating technology into various aspects of business operations to change how companies function and fundamentally provide value to customers. It encompasses a culture shift that requires organizations to question traditional approaches, test new technologies, and adjust to evolving market trends.

According to Skydog Ops, a Salesforce integration company, Salesforce hosts more than 150,000 customers worldwide including Apple, Amazon Web Service and Walmart Inc, showcasing productivity and enhanced customer satisfaction.

****The Significance of CRM Systems****

Customer Relationship Management (CRM) systems play a critical role in driving transformation initiatives by enabling businesses to manage interactions with current and prospective customers more efficiently. These tools assist companies in gathering and analyzing customer data to improve decision-making and tailor experiences. Through the use of CRM systems, businesses can optimize their operations, automate tasks, and cultivate meaningful connections with customers.

****Salesforce: A Leader in CRM Solutions****

Salesforce has emerged as a leader in the CRM industry with its range of cloud-based solutions designed for sales support, customer service, and other business needs. Among the platform’s functionalities are wide applications that help businesses organize customer information, analyze interactions, and gather valuable insights. These tools are customized to fit an organization’s goals during its digital transformation efforts.

****Enhancing Customer Experience****

One of the primary goals of digital transformation is to enhance the customer experience, and Salesforce aids in achieving this by enabling companies to offer personalized and seamless interactions across various platforms. Leveraging real-time customer data allows businesses to customize their marketing strategies, delivering relevant content and promotions. Furthermore, with Salesforce’s automation features, organizations can provide timely responses to customer queries, improving satisfaction and fostering customer loyalty.

**Streamlining Business Processes**

Integrating Salesforce into business operations can greatly improve efficiency by automating routine tasks and enabling employees to focus on strategic priorities instead of manual work such as data entry, reporting, or workflow management. This shift toward automation helps minimize errors and boosts productivity across the organization. These improvements align with the goals of digital transformation, which seek to enhance both efficiency and effectiveness.

****Data-Driven Decision Making****

In today’s digital age, data is a valuable asset, and Salesforce equips businesses with the tools to unlock its full potential. By utilizing the in-depth analytics and reporting tools provided by Salesforce, businesses can gain insights into customer behaviour, discover sales patterns, and identify market opportunities. This data-driven approach allows companies to make informed decisions, refine strategies, and highlight areas for improvement—ultimately leading to enhanced agility and adaptability in response to evolving market dynamics.

****Fostering Collaboration and Innovation****

Salesforce’s use of cloud technology promotes collaboration by improving communication between departments and sparking creativity through shared access to information and ideas across the organization. The ability to work together seamlessly helps foster innovation and drives organizational growth.

****Scalability and Flexibility****

As companies grow and evolve, their requirements change. Salesforce’s scalability allows businesses to adapt their CRM system to meet the demands of growth and shifting circumstances. The platform’s versatility enables organizations to integrate new functionalities and applications, tailoring the system to meet their specific needs. This flexibility ensures that Salesforce remains a valuable tool throughout the entire transformation process.

****Overcoming Implementation Challenges****

Implementing Salesforce comes with its own set of challenges that organizations must address. Proper planning and execution are essential to avoid setbacks. To ensure a smooth rollout, it’s important to evaluate business requirements, set clear goals, and provide adequate training for employees. Working with professionals or consultants can also make the process more efficient, allowing businesses to fully leverage the benefits of Salesforce.

****Conclusion****

The use of Salesforce is crucial in leading the digital evolution of businesses across various sectors. Its wide range of features, flexibility, and focus on customer satisfaction make it an effective tool for improving productivity, promoting creativity, and gaining a competitive advantage. By adopting Salesforce, organizations can unlock the full benefits of digital transformation and position themselves for long-term success in an increasingly digital world.

1.  A Look at the 4 Main Functionalities of NetSuite
2.  The Role of Artificial Intelligence in Lead Generation
3.  How to Find Success with the Salesforce Admin Exam
4.  Types of SaaS Applications: Categories and Examples
5.  Effective, and powerful tools for identifying site visitors

The Role of Salesforce Implementation in Digital Transformation

Consumers are getting caught in a web of scams facilitated by online ads often originating from the same perpetrators.

Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches.

Tech support scammers are leveraging Google ads to lure victims in, getting them on the phone and finally fleecing them. While hard to measure precisely, tech support scams accounted for $924M, according to the FBI’s 2023 Internet Crime Report.

We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year. What’s interesting is that the scammers keep reusing the same accounts over time. For instance, one advertiser had over 30 reported incidents in the past 3 months.

While it would be foolish to assume fraudsters would stop scamming altogether if those accounts were terminated, it also exposes something problematic with our reporting, and to a greater extent with how Google’s policies apply to repeat offenders.

**Search for help, find a scam**

Search engines, and Google’s in particular, are our gateway to the web. Yet, that door sometimes opens up to unsavory places thanks to sponsored search results, AKA ads.

Take this search for ‘_paypal help_‘ which displays an ad as the first result, followed by the official website. While the organic result looks more trustworthy, it does appear under. We should also note that sometimes it shows way below the fold, as documented in our recent blog “_Printer problems? Beware the bogus help_“.

Not only is the ad malicious, it is also linking to a fraudulent page hosted on Google Sites, Google’s free platform to build websites. The scammers created it with PayPal’s logo to make it look legitimate, with — quite literally — a simple call to action.

Somewhere far in Asia, someone in a call centre is waiting to welcome the next victim by starting with “_Hi, welcome to PayPal support, my name is John, how can I help you?_“

We have found and reported many of such fraudulent ads to Google over the past year. At some point, we realized that the same advertiser accounts kept coming up, begging the question: why would an account with multiple incidents not get blocked permanently?

In the screenshot below, you can see the same advertiser ID associated with over 30 incidents in a period of around 3 months.

In fact, these are only the malicious ads we were able to find, using our own tools. For example, not in the list of targeted brands in our tracking for this account is Amazon. Looking at this advertiser via Google’s Ads Transparency Center, we see a fraudulent ad we had missed reporting:

We reported 2 other advertiser accounts with very similar behavior, and perhaps not just a coincidence is that they all belonged to profiles registered and verified by Google from Vietnam.

**Taking down scammers**

Going after scammers is a relentless job that both private individuals, companies and government agencies perform day in and day out. It can be frustrating having to repeat the same thing over and over while the offenders have the upper hand.

Having said that, it is possible to make long lasting change by looking at incidents from a macro level. Rather than chasing one-offs, data shows us that criminals tend to reuse the same techniques, and in this case, the same accounts.

It’s unclear why Google has not taken definitive action on the advertiser profiles we have reported. However, we have escalated this issue and hope to see some changes as a result.

_The banner image for this blog post contains a typo. It was made using Google’s Gemini AI and despite several requests, it kept getting the spelling wrong._

**We don’t just report on threats—we block them**

Cybersecurity risks should never spread beyond a headline. Keep threats off by downloading Malwarebytes Browser Guard today.

 Repeat offenders drive bulk of tech support scams via Google Ads 

A massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the "data vigilante" Nam3L3ss.

****SUMMARY****

*   **MOVEit Flaw and Data Leak**: Data stolen during the MOVEit hack spree is still creating issues for companies.

*   **Nam3L3ss and the Leaks:** A self-proclaimed “data vigilante” named Nam3L3ss has leaked over 760,000 employee records from 27 major companies, including Bank of America, and Nokia + Jll.com’s database containing 12 million rows taking the total number to 13.12 million.

*   **Leaked Data Content:** Leaked data includes sensitive and non-sensitive information such as names, emails, phone numbers, addresses, and company location coordinates.

*   **Cl0p Ransomware Link:** Originally, the data was stolen by the Cl0p ransomware gang after exploiting the MOVEit flaw, while Nam3L3ss is cleaning and leaking the data.

A self-proclaimed “Data Vigilante” named Nam3L3ss has once again caused widespread concern by leaking millions of employee records online, highlighting the fallout from the major security vulnerability in file transfer software called MOVEit.

As seen by Hackread.com, Nam3L3ss has released the information of over 760,000 employees of major organizations on a popular hacking forum ‘BreachForums’ on Monday morning. The leak additionally includes the Jones Lang LaSalle Incorporated (JLL.com) database, containing over 12 million data rows, bringing the total number of leaked records to 13.12 million.

Nam3L3ss on Breach Forums leaking the Bank of America employee data (Source: Hackread.com)

****The MOVEit Mess****

The MOVEit vulnerability was identified in Progress Software’s file transfer tool in 2023 allowing threat actors unauthorized access to sensitive data. Hackers affiliated with the Cl0p ransomware gang exploited this vulnerability and stole information from thousands of companies, impacting an estimated 2,800 organizations and nearly 100 million individuals. They even created clear web websites to leak the stolen data in July 2024.

****Nam3L3ss Leaks Millions****

In November 2024, as reported by Hackread.com, Nam3L3ss emerged on the scene, leaking what they claim is data obtained from the MOVEit breach. These leaks targeted industry giants like Amazon, 3M, HP, and Delta, raising serious concerns about the security practices employed by these corporations. At that time, Nam3L3ss leaked over 7.9 million records from 27 companies.

Hackread.com analyzed the leaked data and found it contained a mix of sensitive and non-sensitive information, including names, email addresses, phone numbers, office and residential addresses, and even company location coordinates. This information could be used by malicious actors for social engineering attacks, identity theft, or targeted phishing scams.

Just weeks after the initial leaks from Nam3L3ss, another batch of employee data surfaced online on Monday. This new data dump contained records from companies like Bank of America, Koch Industries, Nokia, and Morgan Stanley, and appears to be linked to the same MOVEit vulnerability.

Here’s the full list of companies involved in this leak:

*   audible.com – 3,790
*   b-f.com – 1,302
*   xerox.com – 42,735
*   univision.net – 5,954
*   saic.com – 26,917
*   nokia.com – 94,252
*   meijer.com – 7,422
*   cna.com – 6,680
*   cm3.com.au – 6,153
*   ciena.com – 10,820
*   bwater.com – 2,161
*   kochinc.com – 237,486
*   medibank.com.au – 5,201
*   morganstanley.com – 32,860
*   bankofamerica.com – 288,296
*   joneslanglasalle.com aka jll.com – 12,352,524

*   Total: 13,124,553

While Nam3L3ss claims to be a vigilante bringing attention to security flaws, their motives remain unclear. Regardless of their intentions, these leaks expose the significant impact of the MOVEit vulnerability and the risks posed by stolen employee data.

If you’re an employee of one of the affected companies, stay alert for phishing attempts. These could come through email, text messages (smishing), or even phone calls (vishing), as scammers might use this leaked data to target you.

1.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Details**
2.  **Hackers Calling Employees to Steal VPN Credentials from US Firms**
3.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
4.  **Hacker Leaks Data of 33K Accenture Employees in 3rd-Party Breach**
5.  **Indian Ex-Employee Jailed for Wiping 180 Virtual Servers in Singapore**

Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database

This paper provides an in-depth technical explanation, illustration, and verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64 that pertain to Warbird deficiencies, content key sniffer operation, magic XOR keys discovery, white-box crypto attack, and complete client identity compromise attacks.

Microsoft Warbird and PMP Security Research

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

Source: Design Pics Inc Alamy Stock Photo

Researchers are warning that an otherwise positive European data regulation has introduced massive risks to individuals and the companies they work for.

Ever since the passage of the General Data Protection Regulation (GDPR), Internet users in Europe — and in many places around the world following suit — have been able to download the entirety of the data that websites save about them. Besides the obvious benefits to privacy and transparency, the idea was portability: Anyone could take the data one site possessed about them and transfer it to another.

In a new blog post, CyberArk highlights a theoretical yet severe cost to this new right to data portability. Before the rule, everyone's most sensitive data was protected behind brick walls at ultrasecure data centers. Now that users can retrieve that data via a cloud-based mechanism, hackers can access their accounts and steal it all. Considering the extent of the data that websites collect about us today, the possibilities for malfeasance are endless.

"It's my legal right, and it's perfectly fine that I'm capable \[of seeing\] what information is being kept about me," says Lior Yakim, threat researcher at CyberArk Labs, who dubs the attack "White FAANG," since the vulnerable data could be exported from services provided by major tech companies like Facebook, Amazon, Apple, Netflix, and Google (FAANG).

Related:'Bootkitty' First Bootloader to Take Aim at Linux

However, he warns, "Because it's so easy to get all of that highly intrusive information — together with the fact that people use the same devices for corporate and personal purposes — there's a major risk."

**The Data Sites Have on You**

Companies hoard gobs of sensitive information, especially the largest technology companies most central to our online lives. They possess everything from our most sensitive personally identifying information (PII) to the long histories of our online activity. But even the most jaded Internet users might be surprised just how deep this hole goes.

Meta, for example, records not only your documented Facebook activity, but also plenty of undocumented data, like what posts you viewed, and exactly how long you viewed them.

Google, likewise, saves not only your entire search history, but even searches you typed but didn't ultimately execute.

GDPR's well-intentioned data portability regulations forced companies to make all of this information exportable at the click of a button, in a machine-readable format. And what's stopping a hacker in possession of your account from doing just that? "The most common protection is, indeed, multifactor authentication (MFA). But as we know, MFA can be bypassed," Yakim notes.

Related:China's Cyber Offensives Built in Lockstep With Private Firms, Academia

**The Risks to Individuals and Corporations**

With export data, there is no limit to what an attacker can do. They can use your Google search history to blackmail you, your GPS data from Meta to find where you live, and your Apple calendar history to know where you've been and where you'll be, to say nothing of the endless possibilities for cyberattacks.

Beyond all that, there's the risk to employers. Individual accounts can house all kinds of data that pertains to, or can otherwise be used to attack the companies they work for.

Again, the scenarios are limitless. With an Apple export, for example, a hacker could take the MAC address associated with an employee's unpatched AirPods, spoof a Bluetooth connection, exploit CVE-2024-27867 to gain access to them, then listen in on corporate meetings. Or, Yakim suggests, they can leverage information like the operating system version of the employee's mobile phone. "If I know, for example, that the mobile device of the employee is not up to date, I can search for specific, known vulnerabilities in order to target this employee," he says.

And there are far simpler, more present dangers than that. CyberArk surveyed 14,000 employees, finding that around 63% use personal accounts on their work computers, and 80% access work applications from their personal computers. Thanks to this comingling, work passwords tend to end up stored in far less secure personal accounts, from which they can be exported. This was how Cisco got breached in 2022, and Okta in 2023, a case that affected every one of its customers as well.

Related:VISO TRUST Secures $24M to Accelerate Innovation in AI-Powered Third-Party Risk Management

To prevent that from happening, employees need to draw a clear line in the sand between their business and pleasure online. "Personal accounts are less secure than corporate accounts," Yakim says. "That's the message that we're trying to deliver here."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

AWS Security Incident Response will help security teams defend their organizations from account takeovers, breaches, ransomware attacks, and other types of security threats.

Source: Leo Wolfert via Adobe Stock Photo

Amazon Web Services (AWS) has launched a new incident response service to help security teams respond to threats faster and reduce the time it takes for organizations to recover from attacks.

AWS Security Incident Response, unveiled ahead of the company's re:Invent 2024 conference in Las Vegas this week, relies on machine learning to automatically triage and analyze security signals from Amazon GuardDuty and other supported third-party threat detection tools available through the AWS Security Hub cloud security posture management service.

The new service will help security teams investigate incidents, coordinate responses across multiple stakeholders, manage permissions across environments, and document actions taken and decisions made. The automated triage feature filters security alerts based on customer-specific information to identify incidents that require immediate attention.

"Security teams often face an overwhelming number of daily alerts, leading to potential misplaced priorities of resources and reduced effectiveness," wrote Betty Zheng, senior developer advocate at AWS, in a blog post announcing AWS Security Incident Response. "Manual investigation of findings strains resources and may cause customers to overlook critical security alerts."

The service offers preconfigured notification rules and permission settings. It can also be configured to execute containment actions, leading to faster incident response times and potentially reduced impact of security incidents, Zheng wrote. The service will create security cases for alerts that cannot be automatically resolved. For high-priority threats, the service connects to the AWS Customer Incident Response Team (CIRT), which provides support 24 hours a day, seven days a week.

The service provides self-service investigation tools, as well as capabilities such as secure data transfer (to share logs and other forensics data), messaging and video conference scheduling (to communicate with key stakeholders and investigators), and automated case history tracking and reporting. Security teams can either handle incidents independently or collaborate with third-party security vendors, based on their needs and requirements.

Security teams can monitor, measure, and improve their incident response performance over time via a service dashboard that displays critical metrics, such as mean-time-to-resolution (MTTR), number of cases addressed within a specific time period, and number of triaged findings.

AWS Security Incident Response is now available in 12 AWS Regions globally: US East (N. Virginia, Ohio), US West (Oregon), Asia Pacific (Seoul, Singapore, Sydney, Tokyo), Canada (Central), and Europe (Frankfurt, Ireland, London, Stockholm). Interested organizations can enable it via the AWS management console and service-specific APIs. For the service to be able to monitor and analyze security alerts, administrators need to enable the proactive response feature to create service-level permissions. Once done, the alerts are automatically sorted and remediated using service automation and customer-specific data, including common IP addresses, AWS Identity and Access Management (IAM) principals, and other relevant attributes. 

"To experience the full service, we recommend activating Amazon GuardDuty and AWS Security Hub as well," AWS said in its post.

AWS Launches New Incident Response Service

Hackers stole $1.48 billion from the crypto industry in 2024. A new report highlights trends in blockchain security, including shifts in target networks.

**SUMMARY:**

*   **Crypto losses in November 2024 totalled $71 million, marking a 79% decrease from the same month in 2023.**

*   **DeFi projects accounted for all reported losses, with no major CeFi incidents recorded.**

*   **BNB Chain became the top target for attacks, hosting 46.7% of incidents, surpassing Ethereum.**

*   **99.96% of funds lost in November came from hacking, while rug pulls accounted for less than $26,000.**

*   **Year-to-date losses in 2024 reached $1.48 billion, a 15% reduction compared to 2023.**

*   **The $1.48 billion lost to hacks and scams in 2024 shows risks despite a 15% drop compared to the previous year.**

The cryptocurrency industry saw a surprising decrease in losses last month, according to a new report from Immunefi, a leading blockchain security platform. While decentralized finance (DeFi) projects continued to be a prime target, the overall figures show a promising trend.

The Immunefi report, shared with Hackread.com, reveals that $71 million was lost to hacks and rug pulls in November 2024, a notable 79% drop from the same month last year.

That figure, while still large, is the second-lowest monthly total this year and means a 79% decrease compared to November of last year. Overall, for 2024, the crypto industry has lost $1.48 billion ($1,489,921,677). While this is a considerable number, it is a 15% drop compared to the same period of 2023, suggesting progress in cybersecurity measures.

The YTD (year-to-date) total of $1.48 billion – Source: Immunefi

****DeFi: Still a Magnet for Malicious Activity****

Immunefi’s findings suggest that all $71 million in losses happened in the DeFi sector, with not a single report of a major hack or exploit affecting CeFi (centralized exchanges). Two noteworthy incidents that stand out are Thala Labs, a decentralized finance firm, lost $25.5 million, and the memecoin trading platform DEXX saw a $21 million loss.

****Hacks Continue to Dominate, Minimal Rug Pulls****

It’s not just the type of platform that shows a trend; the type of attack also shows clear patterns. Of all the funds stolen in November, 99.96% came from direct hacking incidents. Only a tiny fraction, $25,300, was lost through what are called “rug pulls,” where developers abandon a project after raising funds. This suggests that while scams do occur, the more sophisticated exploits are the more damaging threat.

Source: Immunefi

****BNB Chain Takes the Spotlight, Ethereum Drops Back****

The report showed a switch in which the blockchain network was targeted most often. In November, the BNB Chain surpassed Ethereum to become the leading target, hosting nearly half (46.7%) of all attacks. Ethereum came second with 30% of attacks. The rest of the incidents were found across several other networks.

****What Does This Mean?****

The Immunefi report shows a mixed situation for crypto security. While overall losses are down for the year, the dominance of DeFi exploits and the shift of attacker focus to BNB Chain means the fight is far from over.

While the overall loss figure is down, the YTD (year-to-date) total of $1.48 billion lost to hacks and scams still shows a considerable sum. Nevertheless, Immunefi’s report shows that the blockchain industry cannot afford to overlook vulnerabilities and scams, making a solid cybersecurity plan essential.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Top 5 Platforms for Identifying Smart Contract Vulnerabilities** 
3.  **Crypto Industry Lost $685M in Q3 2023, 30% by Lazarus Group**
4.  **Hackers Posed as Google Support to Steal $243 Million in Crypto**
5.  **From Amazon to Target: Hackers Mimic Top Brands in Crypto Scam  
    **

Hackers Drain $1.48 Billion from Crypto in 2024, Led by DeFi Exploits

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

The 713.1 GB container (an Amazon S3 bucket ) did not have password-protection, and the data was left unencrypted, so anybody who stumbled on them could read the files. The files not only contained thousands of people’s vehicle records (license plate and VIN) and property ownership reports, but also criminal histories, and background checks.

The majority of the records were labelled as background checks which contained full names, home addresses, phone numbers, email addresses, employment history, family members, social media accounts, and criminal record history.

Data brokers collect and sell your information, including financial, personal, behavior and interests, for profit. SL Data Services markets itself as a provider of real estate information reports. But when the researcher contacted its support team, they stated the company also provides criminal checks, division of motor vehicles (DMV) records, death and birth records.

Probably to organize the data to this end, the folders inside the container all had names of separate website domains. The company apparently operates a network of an estimated 16 different websites, offering a range of information services (e.g. PropertyRec).

Background checks can and are often done without the subject’s awareness. But with all the combined information about a person, it paints a very complete picture that insurance companies, advertisers, and even cybercriminals can use to their advantage.

The researcher explained:

> “I am not stating nor implying that Propertyrec’s customers or any individuals are at risk of impersonation, spear phishing, or social engineering attacks, I am only providing a real world risk scenario of how this type of information could possibly be exploited by criminals.”

And to make things worse—if possible– the files had names that used the following format: “First\_Middle\_Last\_State.PDF.” Which makes it incredibly easy for anyone, whether they are supposed to have access or not, to find a person of interest and read that file.

It took the researcher quite a few calls and emails to get the exposed data taken out of public sight, and SL Data Services never provided the researcher with a response, let alone an explanation how this could happen.

**Don’t give up your information, remove it where you can**

Unfortunately, incidents like this are commonplace, so it’s clear that we should take it upon ourselves to make sure our information can’t be found by data brokers.

Removing your personal information from data broker sites can be a complex and time-consuming process. While manual opt-outs are effective, they require considerable effort to keep up with new data entries and the reappearance of your information on various sites. This is where data broker removal services come in handy. 

Data broker removal services are designed to automate the process of finding and removing your personal information from data broker databases. These services regularly scan known databases for your information and submit opt-out requests on your behalf, ensuring a more comprehensive and continuous protection of your privacy. 

Malwarebytes offers a Personal Data Remover service (US only) that can delete your information from search results, spam lists, people search sites, data brokers, and more.

Tag

#amazon