Lmst

🌶️Following the latest around the #Sisense breach? Our researchers identified several industries including: internet and information technology, logistics, energy and utilities as potentially impacted. @ISMG_News has the latest from our team: https://www.careersinfosecurity.com/sisense-breach-highlights-rise-in-major-supply-chain-attacks-a-24864 #CensysResearch

#Sisense latest comms say “company information affected in the incident relates to certian customers in Sisense Fusion (cloud-based) product. At this time we have no evidence that company information related to customers of the Sisense Fusion (on-prem) or Sisense CDT (also known as Periscope) products was affected.”

Do we tell them that “no evidence” means many things:
1) We dont have logs, therefore no evidence
2) We have logs but have not investigated “at this time” so we have no evidence
3) Attackers have done what they need to, cleared logs and therefore now we have “no evidence” “at this time”

#infosec really need to understand having evidence something is not affected should be the priority to communicate than communicating there is no evidence that something is affected.

The analytics firm kept big companies’ secrets in an insecure #AWS bucket. Government says victims include the “critical infrastructure sector.”

#Sisense, a service provider to huge companies including Nasdaq, Verizon and Air Canada, has lost control of its customers’ credentials and access tokens. #CISA, the Cybersecurity and Infrastructure Security Agency, warned users of the service to drop everything and rotate or reset their secrets.

Sources say Sisense stopped storing secrets securely. In #SBBlogwatch, we facepalm hard. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/04/sisense-cisa-warning-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Sisense hit by data breach, CISA warns⤵️
#Sisense #databreach #datasecurity #cybersecurity #infosec #CISA

https://cybernews.com/news/sisense-data-breach-cisa-warning/?utm_source=mastodon&utm_medium=social&utm_campaign=cybernews&utm_content=post

@briankrebs their advise to rotate any creds means rotating:

Database connection strings,
SSO config-Non-SSO config, x.509 certs
Creds on support portal
AD/LDAP
Web tokens

Thats a tall order for customer to do.
What else did i miss anyone?

If their gitlab is affected that would imply it affects their codebase and may affect both hosted and self-hosted.

HugOps for the #sisense IR teams though

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a security breach involving Sisense Inc., a company that provides AI-driven analytics services. This breach could potentially expose customer credentials and cryptographic secrets, posing a significant risk to the data of thousands of customers.

CISA is actively working with private industry partners to address the incident. The agency advises all Sisense customers to immediately change their keys, credentials, and secrets to protect against further potential damage. This advice comes as cybersecurity experts warn that exposed credentials could put company data at risk. The compromise was first reported by security journalist Brian Krebs, and experts suggest that the impact of the breach is still being assessed.

CISA is urging companies to reset their credentials and cryptographic secrets used to access Sisense services, as these may have been compromised. It also encourages companies to report any suspicious activities related to these credentials.

https://www.cisa.gov/news-events/alerts/2024/04/11/compromise-sisense-customer-data

#cybersecurity #sisense #databreach #dataleak #cisa #securitybreach #ai #briankrebs

US #CISA published an alert on the #Sisense data breach
https://securityaffairs.com/161728/hacking/sisense-suffers-a-cyber-attack.html
#securityaffairs #hacking

CISA urges #Sisense customers to reset credentials and secrets potentially exposed to, or used to access, Sisense services.

https://www.cisa.gov/news-events/alerts/2024/04/11/compromise-sisense-customer-data

Data analytics company Sisense is responding to a cybersecurity incident that may have exposed the information of some of the world’s biggest companies. #Sisense

https://therecord.media/sisense-cyberattack-cisa-warning