Zendesk Publishes Security Notice That Affects Older ClientsByBill Toulas-October 3, 2019.745 Zendesk was infringed in 2016 but has just been found out. Although password resetting and token rotation are taking place right now, the company is still carrying out their investigation. Zendesk’s successful customer support reported a data breach in 2016. Consequently, the clients impacted by this incident are those who built their accounts on the platform before November 2016. The Zendesk team claims that only a small percentage of their client base have been affected and explain that on September 24, 2019, they only confirmed this. They are currently working with a team of forensic experts from third parties to determine the exact type of data which has been exposed. At the same time, the internal data protection response team at Zendesk has implemented protocol procedures and is also conducting their investigation on the incident. Also informed were the law enforcement authorities and all of the related regulatory agencies. What can be said with confidence right now is that there are about 10000 exposed Zendesk Help and Chat accounts. The leaked data contains user passwords (hashed and salted) names of phone numbers and email addresses. Zendesk points out that many of these accounts have ceased to be operational or trial accounts have expired. Today, as a precaution, Zendesk is going through a “password rotation” measure that will impact all users of all their products (Support Guide Talk Explore) who built their accounts before November 1, 2016. If you attempt to login to the platform and a mandatory password reset phase is met this means you are affected. You may also receive an email from Zendesk informing you about the incident and the chances of leakage of your Pii and other sensitive information. In any case we suggest resetting your password by uploading a new Tls certificate to Zendesk and rotating your Api tokens. Erica Faltous of Zendesk has told “The Register” that they do not assume that any login credentials have actually been compromised as they have not seen any unauthorized access to the sites yet. Since the incident took place so far back in time there should be some sort of an attempt to exploit the stolen data but there was obviously no one. While reporting this event nearly three years after it happened and saying that you’ve just learned it doesn’t help win the trust of your client or convince them of anything.Another important series of side-channel speculative execution vulnerabilitiesSpectre and Meltdown have been discovered by a group of university researchers and cyber-security professionals. This new vulnerability class has been called “Microarchitectural Data Sampling” (Mds) and could potentially allow an attacker to access the microarchitectural data structures within the main Cpu cache. The processor temporarily stores information for quick access and processing inside those caches so that the operation of the user is expressed there without any thought of protection or privileges and this means that an intruder may read and copy anything including passwords for the administrator. Intel has already recognized the problem and is already pushing a microcode patch that clears all data within certain clearly defined safety-respecting intervals from these microcache buffers. It ensures you must already have updates that address the four found vulnerabilities irrespective of what Os you are using. Yes, even Linux users are not free from the bugs that have been exposed and need to update to kernel version 5.1.2 that fixes the issues. Apple users have also received an update with macOs Mojave 10.14.5 which fixes the vulnerabilities today. The four vulnerabilities found are: Cve-2018-12126 Microarchitectural Store Buffer Data Sampling (Msbds) dubbed ‘ Fallout ‘; Cve-2018-12130 Microarchitectural Fill Buffer Data Sampling (Mfbds) dubbed ‘ Zombieload; ‘ Cve-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (Mdsum). While Intel classifies the first three as “Medium Severity” researchers view the “Zombieload” bug as the most nastiest of them all because it operates on a wide range of applications even if it runs within virtual boxes or in the cloud. It is not limited to running native code and functions across the limits of virtualization. According to the researchers, the only way to tackle this is to turn off the hyperthreading and flush the buffers as described above. Check out Intel’s product list here for a full list of the Intel processors that are affected by this new set of Mds flaws. For a bulk calculation if your processor was made between 2011 and 2017 you are most likely affected and should immediately install the microcode patch. Those who use Cpus that left Intel’s production lines in 2018 and later have Mds-resistant processors due to the differences in spectra and meltdown that still occur out there. You are protected when using Amd or Arm chips as this whole story is not applicable to those types of Cpus.