Techly NewsGet the app

Get the latest tech news

Why CISA Is Warning CISOs About a Breach at Sisense


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…

“CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations,” the sparse alert reads. The breach also makes clear that Sisense is somewhat limited in the clean-up actions that it can take on behalf of customers, because access tokens are essentially text files on your computer that allow you to stay logged in for extended periods of time — sometimes indefinitely. Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI) and lecturer at UC Davis, said a company entrusted with so many sensitive logins should absolutely be encrypting that information.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of breach

breach

Photo of CISA

CISA

Photo of CISOs

CISOs

Related news:

News photo

CISA makes its "Malware Next-Gen" analysis system publicly available

News photo

CISA says Sisense hack impacts critical infrastructure orgs

News photo

CISA investigates critical infrastructure breach after Sisense hack