Tag Archive for: Miami

Scammer steals thousands of dollars worth of laptops from South Florida business – WSVN 7News | Miami News, Weather, Sports

/in


(WSVN) – A South Florida business has become the victim of a highly sophisticated scam. Kevin Ozebek exposes the scheme in tonight’s 7 Investigates.

Jake Luther’s company supplies items big and small to a host of clients.

Jake Luther: “Anything from toilet paper at your local museum or sandblasting a trailer for the military.”

So Jake was ecstatic when he got an email from a man saying he was Rodney Cartwright, the senior procurement executive at the National Gallery of Art in Washington, D.C.

Jake Luther: “It was from a dot-gov email address. From there it says, ‘We’d like you to bid on the opportunity to supply us with laptops for a new office expansion.’ We looked him up, we looked up the address, we looked up the National Gallery of Art. Everything lined up.”

Since the museum houses one of the most prestigious art collections in the country, Jake jumped at the chance.

He replied with a bid to send 63 laptops for $97,900.

A few days later, he got an email saying the bid was approved.

Jake Luther: “I was planning for my wedding, so we had a bunch of expenses coming up, so to me, being a Christian guy, this is a blessing from God.”

From his Cutler Bay office, Jake ordered the computers and sent them to a warehouse in Nashua, New Hampshire.

He was told it was the gallery’s distribution center.

Jake Luther: “During this time, he came back to me, and he was like, ‘You know, there’s a chance that we’re doing another expansion. It’s our final one. We need to order like another 60 more units.’”

So Jake sent 60 more laptops for $116,000 to Nashua.

He then focused on his upcoming wedding.

Jake Luther: “When I got back from my honeymoon, we’re about the 30-day mark where this contract should be paid out through wire transfer, which is relatively typical for these type of deals.”

But the money never came, and Jake stopped getting responses from the man he thought was Rodney Cartwright.

Jake Luther: “It’s one of my lowest emotional moments. It was like I could feel my head pounding, I could hear ringing in my ears. I immediately got on my knees and didn’t know what to do.”

Jake then tracked down the real Rodney Cartwright at the museum and…

Source…

ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami 2022

/in


ICS Pwn2Own 2022

Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), has come to an end, with contestants earning a total of $400,000 for their exploits.

The contest, organized by Trend Micro’s Zero Day Initiative (ZDI), saw 11 contestants demonstrating their exploits in the OPC UA Server, Control Server, Human Machine Interface, and Data Gateway categories.

Participants targeted products from Unified Automation, Iconics, Inductive Automation, Prosys, Aveva, Triangle MicroWorks, OPC Foundation, Kepware, and Softing.

A majority of the 32 hacking attempts were successful — two failed and eight involved previously known bugs. These “bug collisions” still earned participants $5,000 for each attempt.

The white hat hackers who attended the event earned either $20,000, typically for remote code execution vulnerabilities, or $5,000, for DoS vulnerabilities. There was only one exception. The Computest Sector 7 team earned $40,000 for successfully bypassing the trusted application check on the OPC UA .NET standard.

This was the maximum amount that Pwn2Own participants could earn for a single exploit, and Computest’s attempt involved what ZDI described as one of the most interesting bugs ever seen at Pwn2Own. In fact, the Computest team earned the most points and a total of $90,000.

In 2020, at the first edition of the ICS-themed Pwn2Own, participants earned a total of $280,000. This event was not held in 2021 due to the COVID-19 pandemic.

Pwn2Own Miami 2022 took place between April 19 and April 21 alongside the S4x22 ICS security conference.

Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Related: Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021

Related: $1.9 Million Paid Out for Exploits at China’s Tianfu Cup Hacking Contest

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by…

Source…

Security Experts Warn About Scanning QR Codes With Your Smart Device – CBS Miami

/in


MIAMI (CBSMiami) – QR codes are those black and white boxes you shoot, your phone interprets, and then everything from menus to deals pops right up on your device via the internet.

Companies share them on social media, signs, and flyers.

READ MORE: AI-Powered Bartender Latest Teaching Tool At FIU’s School Of Hospitality

But security experts say think twice before scanning one with your smart device.

“They’re a cool technology and that means they’re subject to abuse, like all the cool technologies, right?” said Tim Helming, a computer security expert from DomainTools.

Helming says scammers are now in the game, turning those codes into your misery.

“It could be that they are making a fraudulent payment, it could be that they are downloading malware onto your phone,” he said.

The other issue at play is that a person can check a web address to see if it’s legitimate.

A QR code doesn’t give consumers that chance.

READ MORE: ‘This Guy Broke Our Family’: Mother Hurting Weeks After Wilton Manors Hit-&-Run That Killed One Daughter, Severely Injured Another

“You have fewer ways to validate what it is that you’re about to get to, than you do if it’s an actual link,” Helming says.

The Better Business Bureau’s scam tracker shows one person lost $65,000 in a con that used QR codes.

They are easy to get. CBS reporter Jesse Jones found a number of sites that offer QR codes for free.

Just enter the website you want the code to send people to and you’re good to go.

Helming says consumers need to consider the source before pointing and clicking.

“If I saw a QR code that was slapped up on a telephone poll, on the side of the building, or something like that, I don’t care how tempting the offer sounds, I am running away from that thing,” Helming said.

Scammers often send QR codes in emails that appear to be from legitimate companies, so experts say don’t use it unless you can verify the source.

MORE NEWS: ‘Black Men Do Not Get The Same Opportunities’: Brian Flores’ Attorney Blasts NFL

There are scanner apps available that include extra security which can help make sure the code you are seeing is the real deal.

Source…