On April 11, 2024, CISA issued an advisory disclosing a compromise of customer data from Sisense. The previous day, cybersecurity journalist Brian Krebs had published an email sent to Sisense customers by the company’s CISO. The specific details of the compromise have not been made public at this time. Furthermore, Arctic Wolf has not observed any malicious activities conducted by threat actors using compromised credentials from Sisense.
Sisense is a business intelligence firm which produces software with features for analysis and visualization of datasets for decision-making. The company integrates with various platforms such as CRM applications, analytics platforms, databases, APIs, and numerous other applications.
While the extent of this compromise is not fully known, Arctic Wolf strongly recommends that organizations using Sisense rotate credentials and secrets for applications using their services, in line with the guidance provided by CISA. CISA emphasizes that they are actively collaborating private industry partners to respond to this incident, as there is a connection to impacted critical infrastructure sector organizations.
Recommendations
Recommendation: Reset Credentials and Secrets
CISA urges Sisense customers to reset any credentials and secrets (e.g., API Keys) that may have been exposed to or utilized for accessing Sisense services.
References