Sisense Password Breach Triggers Ominous CISA Warning

  /     /     /  
Publicated : 23/11/2024   Category : security


Sisense Password Breach Triggers Ominous CISA Warning


With stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts fear.



While details are still emerging, the US federal government issued a password compromise warning to customers of business analytics platform Sisense and encouraged an immediate reset.
The advisory from the Cybersecurity and Infrastructure Security Agency (CISA) urges Sisense customers not only to
reset credentials to the platform
, but also for passwords to any other sensitive data potentially accessed through Sisense services.
The software-as-a-service (SaaS) platform uses what it calls AI-driven analytics to provide insights to more than 2,000 companies including Air Canada, Nasdaq, and ZoomInfo.
Sisense did not respond to Dark Readings request for comment.
Sisense is an ideal target for threat hunters interested in launching advanced supply chain cyberattacks, according to Patrick Tiquet, vice president of security and architecture at Keeper Security.
Attackers may seek to exploit their access to further infiltrate the connected networks of Sisenses customers, creating a ripple effect down the supply chain, Tiquet said, in a statement. Customers of Sisense should follow CISAs guidance immediately and reset credentials and secrets that have been exposed to or used to access Sisense services.
The federal governments quick response is a sign the Sisense compromise is being taken very seriously, Sean Deuby, principal technologist with Semperis, explained in a statement, characterizing CISAs advisory as ominous at best.
As we know from recent breaches disclosed by
MGM Resorts
and
Caesars Palace
, the supply chain continues to be the most difficult arena to secure, and its fertile ground for cyber adversaries, Deubys statement continued. And these two examples unfortunately pale in comparison to the damage caused by supply chain attacks such as
WannaCry
,
SolarWinds
, and
Kaseya
, which impacted tens of thousands of organizations and cost hundreds of millions in incident response and recovery costs.
In addition to password resets, Jason Soroko, senior vice president of product with Sectigo, recommends Sisense customers take a look at API password keys.
The details around the Sisense breach are unknown; however, my recommendations for action would be to change passwords of any Sisense accounts, reset API keys used for services associated with Sisense, and look for any unusual activity from April 5 onwards, Soroko said in a statement.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sisense Password Breach Triggers Ominous CISA Warning