BrianKrebsApr 11, 2024
There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Show threadWyre
@briankrebs what is sisense? lol
Apr 11, 2024 at 12:27amWeb
Show threadBrianKrebsApr 11, 2024
@wyre they're like a big tech dashboard that orgs use to interact with a lot of different disparate services at once. So, could be a lot of password resets coming b/c apparently a bunch of tokens were breached.
Show threadAdmiral SnackbärApr 11, 2024

@briankrebs @wyre

It's wild to me that we need a company whose entire purpose is to provide an overview of all the bandaids your company has, while seemingly being able to compromise every single one of these bandaids just because one dev had a bad day a few months ago.

The state of enterprise security is abysmal.

Show threadWyreApr 11, 2024
@AdmSnackbar @briankrebs so this was an insider threat issue? aah good old insiders. good luck stopping them! looking at you Mr. Contractor.
Show threadJohn LuskApr 11, 2024

@briankrebs @wyre

Business intelligence software, like PowerBI and Tableaux. They have a cloud in which customers can store their data, or customers can install the software locally and keep their data on-prem.

Show threadWyreApr 11, 2024
@tarheel @briankrebs gotcha thanks that makes sense. sounds uh really bad then.
Show threadJohn LuskApr 11, 2024

@wyre @briankrebs

Looks like PagerDuty and Verizon are among their customers, so, yeah, I can maybe see why people are throwing around the phrase "supply chain".