Weekly Threat Report - 4th October 2019
Zendesk breach affects 10,000 accounts
The breach dates from 2016 and may have affected thousands of Zendesk corporate clients and the clients’ customer accounts. Zendesk state that only accounts created prior to 1 November 2016 were affected.
The customer service software company has found that 10,000 support and chat accounts were accessed by an unauthorised third party. Information accessed included emails, names and phone numbers.
In a statement, the company has given more information about the breach and provided advice for their clients. They have also taken the step of emailing the affected clients directly.
Breaches of this kind can lead to an increased risk of phishing against affected email accounts. Users should be aware of this fact, and may find our mitigation guidance on the phishing threat following data breaches useful.
Researchers discover web conferencing snooping flaw
Earlier this week, researchers at Cequence Security blogged that they’d found a flaw that could allow hackers to snoop on video conferences.
The “Prying-Eye” vulnerability, affecting Cisco WebEx and Zoom video conferencing, exposes open meetings or calls that aren’t protected by passwords. Attackers could use an enumeration attack to gain access, using brute force to guess ID numbers.
Cisco and Zoom were alerted by Cequence back in July - both have since altered default security settings and issued advice to customers.
The NCSC advises using three random words to create a strong password. You should also follow the security advice from video conference software vendors, including setting passwords for meetings.
National Cyber Security Centre Weekly Threat Reports