Techly NewsGet the app

Get the latest tech news

Why CISA Is Warning CISOs About a Breach At Sisense


An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party onlin...

In its alert, CISA said it was working with private industry partners to respond to a recent compromise discovered by independent security researchers involving Sisense. The breach also makes clear that Sisense is somewhat limited in the clean-up actions that it can take on behalf of customers, because access tokens are essentially text files on your computer that allow you to stay logged in for extended periods of time -- sometimes indefinitely. "If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted," said Nicholas Weaver, a researcher at University of California, Berkeley's International Computer Science Institute (ICSI) and lecturer at UC Davis.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of breach

breach

Photo of CISA

CISA

Photo of CISOs

CISOs

Related news:

News photo

Why CISA Is Warning CISOs About a Breach at Sisense

News photo

CISA makes its "Malware Next-Gen" analysis system publicly available

News photo

CISA says Sisense hack impacts critical infrastructure orgs

« Specifying the power and limitations of randomness