Multiple Segway Hoverboard Vulnerabilities Place Riders at Risk
Today’s topics include a new report exposing security risks for Segway hoverboard riders; Microsoft launching a program to shore up electric power grid security; a recent survey that finds companies are failing to promptly cut ex-employee data access; and Oracle expanding its Cloud for Customers with PaaS and SaaS services.
Riding a hoverboard requires a certain amount of balance, but no amount of physical dexterity will help a rider whose hoverboard has been taken over by hackers. Security firm IOActive on July 19 publicly issued an advisory on multiple vulnerabilities it found in Segway/Ninebot MiniPRO hoverboards.
The vulnerabilities include the ability to deliver and install an unauthorized firmware update to the hoverboard, as well as the ability to control the hoverboard without proper authentication or Bluetooth PIN authentication.
If hacked, an attacker could take over a hoverboard while a rider is still on it. Segway has issued a security update that addresses some of the critical issues.
Related Reading
Hackers can do more than infiltrate networks and steal data. Under the right set of circumstances, they can also cause vital infrastructure, like power grids, to go dark. To help utility companies avoid that fate, Microsoft has launched a new Azure Cyber Analytics Program for electrical grid customers.
Under the terms of the offering, dubbed Microsoft Azure Certified Elite Partner Program for Cyber Analytics in Power and Utilities, the Redmond, Wash., software maker is covering the initial cost of deploying its cloud-enabled IT and security management offering, Operations Management Suite.
The system collects data from customer logs and analyzes it, applies threat intelligence to block attacks and provides an anti-malware assessment to its customers.
Companies continue to struggle with quickly shutting out former employees from accessing systems once they leave the company, according a survey conducted by Arlington Research and commissioned by OneLogin.
The survey of 500 IT workers found that, while one in five companies has experienced a data breach caused by an ex-employee, 32 percent of companies take more than a week to remove former workers from their systems. The survey also found that almost half of all companies are not confident that they have completely blocked access to all former employees from their systems.
"The problem for most companies is that the issue—and the solution—crosses disciplinary boundaries within their workforce, throwing the human-resource and information-technology groups together," Al Sargent, senior director at cloud-based identity-and-access management company OneLogin, told eWEEK.
Oracle on July 19 announced an expansion of services available through Oracle Cloud at Customer, its latest customer-services cloud. The portfolio now spans all of the major Oracle platform-as-a-service categories, and, for the first time, features Oracle software-as-a-service.
Since its introduction last year, Oracle Cloud at Customer has seen substantial growth, with organizations across six continents and more than 30 countries adopting the solution, including AT&T and Bank of America, according to the company.
Oracle Cloud at Customer is designed to remove one of the biggest obstacles to cloud adoption: data privacy issues related to where the data is stored. While organizations generally want to move their enterprise workloads to the public cloud, many have been constrained by business, legislative and regulatory requirements that have prevented them from being able to adopt the technology. These first-of-a-kind services provide organizations with choice of where their data and applications reside, Oracle said.
