Sisense customers told to reset passwords following possible attack CISA warns users they could be at risk
Date:
Fri, 12 Apr 2024 15:00:48 +0000
Description:
Passwords, session tokens, and email accounts are all potentially at risk after attackers allegedly breach S3 buckets.
FULL STORY ======================================================================
American business intelligence company Sisense warned its customers to reset practically all passwords, key, and tokens, used within the Sisense application.
It said it suffered a data breach earlier this week, hinting that the miscreants obtained different login credentials and session tokens.
As reported by KrebsOnSecurity , last Wednesday, Sisenses Chief Information Security Officer, Sangram Dash, reached out to customers, saying the firm learned that certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.) Compromised Gitlab
We are taking this matter seriously and promptly commenced an investigation, Dash continued. We engaged industry-leading experts to assist us with the investigation. This matter has not resulted in an interruption to our
business operations. Out of an abundance of caution, and while we continue to investigate, we urge you to promptly rotate any credentials that you use within your Sisense application.
In a follow-up note, however, Sisense said users should change their
passwords , replace the Secret in the Base Configuration Security section,
log out all users, update sso.shared_secret, rotate the x.509 certificate, rotate client secrets (for those utilizing OpenID), and make many other updates (the full list can be found here ).
The breach seems to be quite alarming, as even the U.S. Cybersecurity and Infrastructure Security Agency (CISA) chimed in. Issuing an alert, the government body said it was investigating the breach as well: CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations, it said in the alert. We will provide updates as more information becomes available.
While Sisense did not share any details on the nature of the breach, KrebsOnSecurity uncovered that it was likely that hackers somehow breached
the companys Gitlab code repository. This repo contained a token, or credential, which allowed them to access the companys Amazon S3 buckets in
the cloud. From there, the attackers exfiltrated terabytes of customer data, including access tokens, email passwords, and even SSL certificates.
All of this came from two trusted sources with close knowledge of the breach investigation. More from TechRadar Pro Decathlon employee data leaked online following breach Here's a list of the best firewalls around today These are the best endpoint security tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/sisense-customers-told-to-reset-passwor ds-following-possible-attack-cisa-warns-users-they-could-be-at-risk
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)