Multiple German banks have announced plans to drop support for SMS-based one-time passcodes (OTP) as a login authentication and transaction verification method. Postbank plans to drop support in August, while Raiffeisen Bank and Volksbank plan to do so in the fall, Handelsblatt reports.
Apple disabled the feature server-side without notifying users, so if you’re a user of this feature and you were wondering why it had stopped working, now you know. The Walkie-Talkie app, introduced in watchOS 5, allows Apple Watch owners to communicate with one another similar to the old physical walkie talkies. There’s no word on when the feature will be reactivated, and there’s no clear indication as to whether the bug is client-side on the device or a server-side issue.
Brace yourself, o ye spillers of data: the fury and the might of the GDPR has been unleashed this week, and lo, it is mighty, scary, and really, really expensive. The UK’s Information Commissioner’s Office (ICO), pumped up with its newfound General Data Protection Regulation (GDPR) legal testosterone, has plans to uber-fine both Marriott and British Airways (BA) for data breaches. On Monday, the ICO said that it’s looking to fine BA a record £183.39 million (US $229.34 million) for a breach discovered in September 2018. By diverting user traffic to a bogus site, attackers managed to steal personal data from about 500,000 customers, including their names, addresses, logins, payment card and travel booking details.
Researchers found that an application available on an unsecured website included credentials that could have allowed compromising consumer-facing Uniguest kiosks used by businesses in various activity sectors. Called SystemSleuth, the tool could be downloaded by anyone accessing a Uniguest subdomain specifically created for hosting programs used by company technicians.
A security flaw has been discovered in a number of GE Healthcare devices used by the NHS that could allow hackers to remotely control the amount of anaesthetic delivered to patients. The remotely exploitable vulnerability requires a “low skill level to exploit” and could enable hackers to silence device alarms, alter date and time settings, adjust anaesthetic dosages and switch anaesthetic agents, according to cyber security firm CyberMDX, which released its findings in partnership with the US Department of Homeland Security