Summary
Censys is aware that on April 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published an alert regarding the breach of Sisense and the resulting compromise of customer data.
Asset Description
Sisense’s technology produces business intelligence and data analytics for large enterprises by collecting and analyzing data from an organization’s current tech assets and applications.
Impact
Potential Consequences of Successful Exploitation
From TechCrunch, “Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.”
This likely means that whatever assets Sisense’s technology has access to within an organization, may be at risk if the Sisense product/technology is compromised locally, leveraging the compromised data from the breach.
Exact details regarding the circumstances of the breach/compromise, nor fallout that may include such aforementioned scenarios, have been made available by the vendor or authorities.
Affected Assets
No details regarding specific assets have been made available; however CISA’s alert addresses all Sisense customers.
Censys’ Rapid Response Team was able to identify Sisense’s Prism Global instances as these are the only public internet-facing instances of Sisense products. Other Sisense products are likely embedded with other assets or sit behind firewalls and other network defenses. Below is a query that will uncover the publicly-facing Prism Global assets recently observed from our scans.
Censys ASM Query for Exposed Assets.
The query above will find Prism Global instances associated with your organization in your ASM workspace, within approximately 24 hours.
Censys Search Queries
are shared directly with Censys customers. If you would like to obtain the Censys query to identify global instances related to this issue, or need help, please contact us.
Recommendations for remediation
from CISA “urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used to access, Sisense services.”
If you need assistance in positively identifying these assets, please let us know.
For extended context around this situation, please reference this Censys Research blog.
