kaurApr 11, 2024
BrianKrebs
There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Apr 11, 2024 at 12:17amWeb
Show threadBrianKrebsApr 11, 2024

CISA has released an advisory about this:

https://www.cisa.gov/news-events/alerts/2024/04/11/compromise-sisense-customer-data

If you use Sisense, it's time to rotate *any* credentials you stored with them.

CISA urges Sisense customers to:

Reset credentials and secrets potentially exposed to, or used to access, Sisense services.
Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.

Show threadBrianKrebsApr 11, 2024
Meant to add that Sisense has told me they don't wish to respond to questions about the information I've gathered so far.
Show threadGraham Sutherland / PolynomialApr 11, 2024
@briankrebs I mean, yeah, of course they don't WANT to lol
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳApr 11, 2024
@briankrebs Did Sisense ask not to publish anything yet while the investigation is on going? 
Show threadJason Parker (he/they)Apr 11, 2024
@briankrebs "We take cybersecurity very seriously and ..."
Show threadGraham Sutherland / PolynomialApr 11, 2024
@briankrebs "a restricted access server" what does that even mean
Show threadAxel 🚴😷🐧🐪⌨ | #WeAreNatenomApr 11, 2024
@gsuberland @briankrebs: "Darknet forum"? 😉
Show threadGraham Sutherland / PolynomialApr 11, 2024
@xtaran @briankrebs ah, I had misread the brackets as "generally inadvisable" not "generally unavailable". so yeah, ok, it's just a torsite.
Show threadWyreApr 11, 2024
@briankrebs what is sisense? lol
Show threadBrianKrebsApr 11, 2024
@wyre they're like a big tech dashboard that orgs use to interact with a lot of different disparate services at once. So, could be a lot of password resets coming b/c apparently a bunch of tokens were breached.
Show threadAdmiral SnackbärApr 11, 2024

@briankrebs @wyre

It's wild to me that we need a company whose entire purpose is to provide an overview of all the bandaids your company has, while seemingly being able to compromise every single one of these bandaids just because one dev had a bad day a few months ago.

The state of enterprise security is abysmal.

Show threadWyreApr 11, 2024
@AdmSnackbar @briankrebs so this was an insider threat issue? aah good old insiders. good luck stopping them! looking at you Mr. Contractor.
Show threadJohn LuskApr 11, 2024

@briankrebs @wyre

Business intelligence software, like PowerBI and Tableaux. They have a cloud in which customers can store their data, or customers can install the software locally and keep their data on-prem.

Show threadWyreApr 11, 2024
@tarheel @briankrebs gotcha thanks that makes sense. sounds uh really bad then.
Show threadJohn LuskApr 11, 2024

@wyre @briankrebs

Looks like PagerDuty and Verizon are among their customers, so, yeah, I can maybe see why people are throwing around the phrase "supply chain".

Show threadJimyLongs Apr 11, 2024
@briankrebs I keep hearing supply chain, how far does this go?
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳApr 11, 2024
@briankrebs Finally news is catching to it
https://www.bleepingcomputer.com/news/security/cisa-says-sisense-hack-impacts-critical-infrastructure-orgs/
CISA says Sisense hack impacts critical infrastructure orgs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations.

BleepingComputer
Show threadMatt PalmerApr 11, 2024
@briankrebs @hacks4pancakes they "give paramount importance to security" but couldn't be arsed to enable a secret scanner on their code hosting. Mmm hmm...
Show threadMaybeMyMonkeysApr 11, 2024
@briankrebs interesting that this came from the CISO who doesn’t have any responsibilities to the customers and not the CEO who does.