市值: $2.1463T 0.98%
體積(24小時): $77.1196B -17.44%
  • 市值: $2.1463T 0.98%
  • 體積(24小時): $77.1196B -17.44%
  • 恐懼與貪婪指數:
  • 市值: $2.1463T 0.98%
加密
主題
加密植物
資訊
加密術
影片
頭號新聞
加密
主題
加密植物
資訊
加密術
影片
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

加密貨幣新聞文章

Sisense 資料外洩危及關鍵基礎設施部門的憑證

2024/04/12 08:08

網路安全和基礎設施安全局 (CISA) 正在調查 Sisense 的違規行為,Sisense 是一家商業情報公司,允許企業追蹤多個第三方線上服務。 Sisense 敦促客戶重置與該公司共享的任何憑證和機密,並建議謹慎行事並輪換 Sisense 應用程式中使用的任何憑證。

Sisense 資料外洩危及關鍵基礎設施部門的憑證

Cybersecurity Breach at Sisense: Critical Infrastructure Sector Organizations Impacted

Sisense 的網路安全漏洞:關鍵基礎設施部門組織受到影響

The United States Cybersecurity and Infrastructure Security Agency (CISA) has initiated an investigation into a data breach at business intelligence company Sisense. Sisense's products enable businesses to monitor the status of various external online services through a centralized dashboard.

美國網路安全與基礎設施安全局 (CISA) 已對商業情報公司 Sisense 的資料外洩事件展開調查。 Sisense 的產品使企業能夠透過集中式儀表板監控各種外部線上服務的狀態。

CISA has strongly advised all Sisense customers to reset any credentials and secrets shared with the company, a recommendation previously issued by Sisense on April 10th.

CISA 強烈建議所有 Sisense 客戶重置與該公司共享的任何憑證和機密,Sisense 此前於 4 月 10 日發布了這項建議。

Sisense, headquartered in New York City, boasts over a thousand customers across multiple industries, including finance, telecommunications, healthcare, and higher education. On April 10th, Sangram Dash, Sisense's Chief Information Security Officer, informed customers of reports indicating that "certain Sisense company information may have been made available on what we have been advised is a restricted access server."

Sisense 總部位於紐約市,擁有金融、電信、醫療保健和高等教育等多個行業的一千多名客戶。 4 月 10 日,Sisense 首席資訊安全官 Sangram Dash 向客戶通報稱,有報告稱「Sisense 公司的某些資訊可能已在我們得知的受限存取伺服器上公開」。

"We are treating this matter with the utmost seriousness and have promptly commenced an investigation," Dash stated. "We have enlisted industry-leading experts to aid in our investigations. Our business operations have not been interrupted by this incident. However, as a precautionary measure, we strongly urge you to immediately change any credentials you use within your Sisense application."

達什表示:“我們正在以最嚴肅的態度對待此事,並已立即開始調查。” 「我們已經聘請了業界領先的專家來協助我們的調查。我們的業務營運並未因此事件而中斷。但是,作為預防措施,我們強烈敦促您立即更改在Sisense 應用程式中使用的任何憑證。 」

CISA's advisory acknowledges its collaboration with private industry partners in response to the incident, particularly considering the potential impact on critical infrastructure sectors. CISA pledged to provide updates as more information becomes available.

CISA 的諮詢承認其與私營行業合作夥伴合作應對這一事件,特別是考慮到對關鍵基礎設施部門的潛在影響。 CISA 承諾在獲得更多資訊後提供更新資訊。

Sisense declined to comment when contacted about the accuracy of information shared by reliable sources close to the investigation. These sources indicate that the breach likely originated with the attackers' access to Sisense's Gitlab code repository. Within this repository, a token or credential provided the attackers access to Sisense's Amazon S3 buckets in the cloud.

當我們聯繫到接近調查的可靠消息來源所分享的資訊的準確性時,Sisense 拒絕發表評論。這些消息來源表明,此次洩漏可能源自於攻擊者存取 Sisense 的 Gitlab 程式碼儲存庫。在此儲存庫中,攻擊者可以透過令牌或憑證存取 Sisense 雲端中的 Amazon S3 儲存桶。

Sources further revealed that the attackers utilized their S3 access to exfiltrate terabytes of Sisense customer data, reportedly including millions of access tokens, email account passwords, and even SSL certificates.

消息人士進一步透露,攻擊者利用 S3 存取權竊取了 TB 級的 Sisense 客戶數據,據報道,其中包括數百萬個存取權杖、電子郵件帳戶密碼,甚至 SSL 憑證。

This incident raises concerns about Sisense's safeguards for protecting sensitive customer data, particularly regarding whether the large volume of stolen data was encrypted while stored on Amazon cloud servers.

這起事件引發了人們對 Sisense 保護敏感客戶資料的保護措施的擔憂,特別是大量被盜資料在儲存在亞馬遜雲端伺服器上時是否經過加密。

Crucially, the breach has compromised all credentials that Sisense customers used within their dashboards.

至關重要的是,這次洩漏破壞了 Sisense 客戶在儀表板中使用的所有憑證。

The incident also highlights the limited scope of Sisense's remediation actions on behalf of customers. Access tokens are essentially text files that enable extended login sessions, sometimes indefinitely. Depending on the service, attackers may be able to reuse these tokens to impersonate victims without presenting valid credentials.

該事件也凸顯了 Sisense 代表客戶採取的補救措施的範圍有限。存取權杖本質上是文字文件,可實現擴展登入會話(有時是無限期的)。根據服務的不同,攻擊者可能能夠重複使用這些令牌來冒充受害者,而無需提供有效的憑證。

Beyond resetting passwords, Sisense customers must assess their individual circumstances and determine whether to change passwords for third-party services previously integrated with Sisense.

除了重置密碼之外,Sisense 客戶還必須評估自己的個人情況,並確定是否更改先前與 Sisense 整合的第三方服務的密碼。

Following the incident, a public relations firm representing Sisense inquired about KrebsOnSecurity's plans for further updates. Sisense requested an opportunity to provide comments before publication.

事件發生後,代表 Sisense 的公關公司詢問了 KrebsOnSecurity 的進一步更新計畫。 Sisense 要求有機會在發表前提供評論。

However, after being confronted with details provided by sources, Sisense reportedly changed its position. "After consulting with Sisense, they have told me that they don't wish to respond," the PR representative stated via email.

然而,據報道,在面對消息人士提供的細節後,Sisense 改變了立場。 「在與 Sisense 協商後,他們告訴我他們不想回應,」公關代表透過電子郵件表示。

Update, 6:49 p.m., ET:

東部時間下午 6:49 更新:

It has been clarified that Sisense utilizes a self-hosted version of Gitlab, not the cloud version managed by Gitlab.com.

已澄清,Sisense 使用自託管版本的 Gitlab,而不是由 Gitlab.com 管理的雲端版本。

Sisense's CISO, Dash, has issued a detailed update to customers. The revised guidance includes resetting access tokens across various technologies, such as Microsoft Active Directory credentials, GIT credentials, web access tokens, and single sign-on (SSO) secrets or tokens.

Sisense 的 CISO Dash 已向客戶發布了詳細的更新資訊。修訂後的指南包括重設各種技術的存取令牌,例如 Microsoft Active Directory 憑證、GIT 憑證、Web 存取權令牌以及單一登入 (SSO) 機密或令牌。

Dash's full message to customers is as follows:

達世幣向客戶傳達的完整訊息如下:

"Good Afternoon,

"午安,

We are following up on our prior communication of April 10, 2024, regarding reports that certain Sisense company information may have been made available on a restricted access server. As noted, we are taking this matter seriously and our investigation remains ongoing.

我們正在跟進 2024 年 4 月 10 日之前的溝通,有關報告稱某些 Sisense 公司資訊可能已在受限存取伺服器上提供。如前所述,我們正在認真對待此事,我們的調查仍在進行中。

Our customers must reset any keys, tokens, or other credentials in their environment used within the Sisense application.

我們的客戶必須重置 Sisense 應用程式中使用的環境中的任何密鑰、令牌或其他憑證。

Specifically, you should:

具體來說,您應該:

  • Change Your Password: Change all Sisense-related passwords on http://my.sisense.com
  • Non-SSO:

    更改您的密碼:更改 http://my.sisense.com 上所有與 Sisense 相關的密碼非 SSO:

    • Replace the Secret in the Base Configuration Security section with your GUID/UUID.
    • Reset passwords for all users in the Sisense application.
    • Logout all users by running GET /api/v1/authentication/logout_all under Admin user.
  • Single Sign-On (SSO):

    將基本設定安全部分中的Secret 替換為您的GUID/UUID。重設Sisense 應用程式中所有使用者的密碼。透過在管理員使用者下執行GET /api/v1/authentication/logout_all 登出所有使用者。單點登入(SSO) :

    • If you use SSO JWT for the user's authentication in Sisense, you will need to update sso.shared_secret in Sisense and then use the newly generated value on the side of the SSO handler.
    • We strongly recommend rotating the x.509 certificate for your SSO SAML identity provider.
    • If you utilize OpenID, it's imperative to rotate the client secret as well.
    • Following these adjustments, update the SSO settings in Sisense with the revised values.
    • Logout all users by running GET /api/v1/authentication/logout_all under Admin user.
  • Customer Database Credentials: Reset credentials in your database that were used in the Sisense application to ensure continuity of connection between the systems.
  • Data Models: Change all usernames and passwords in the database connection string in the data models.
  • User Params: If you are using the User Params feature, reset them.
  • Active Directory/LDAP: Change the username and user password of users whose authorization is used for AD synchronization.
  • HTTP Authentication for GIT: Rotate the credentials in every GIT project.
  • B2D Customers: Use the following API PATCH api/v2/b2d-connection in the admin section to update the B2D connection.
  • Infusion Apps: Rotate the associated keys.
  • Web Access Token: Rotate all tokens.
  • Custom Email Server: Rotate associated credentials.
  • Custom Code: Reset any secrets that appear in custom code Notebooks.

If you need any assistance, please submit a customer support ticket at https://community.sisense.com/t5/support-portal/bd-p/SupportPortal and mark it as critical. We have a dedicated response team on standby to assist with your requests.

如果您在 Sisense 中使用 SSO JWT 進行使用者驗證,則需要更新 Sisense 中的 sso.shared_secret,然後在 SSO 處理程序一側使用新產生的值。我們強烈建議為您的 SSO SAML 輪替 x.509 憑證身分提供者。如果您使用OpenID,您也必須輪換客戶端金鑰。完成這些調整後,使用修改後的值更新Sisense 中的SSO 設定。透過在管理員使用者下執行GET /api/v1/authentication/logout_all 登出所有使用者客戶資料庫憑證:重置資料庫中用於Sisense 應用程式的憑證,以確保系統之間連接的連續性。資料模型:更改資料模型中資料庫連接字串中的所有使用者名稱和密碼。使用者參數:如果您是使用使用者參數功能重設它們。Active Directory/LDAP:更改其授權用於AD 同步的使用者的使用者名稱和使用者密碼。GIT 的HTTP 驗證:輪換每個GIT 專案中的憑證。B2D 客戶:使用以下API在管理部分中修補api/v2/b2d-connection 以更新B2D 連線。Infusion Apps:輪替關聯的金鑰。Web 存取權杖:輪替所有令牌。自訂電子郵件伺服器:輪替關聯的憑證。自訂代碼:重置出現的任何機密在自訂程式碼筆記本中。如果您需要任何協助,請在https://community.sisense.com/t5/support-portal/bd-p/SupportPortal 提交客戶支援票證並將其標記為關鍵。我們有專門的回應團隊隨時待命,以協助滿足您的請求。

At Sisense, we give paramount importance to security and are committed to our customers' success. Thank you for your partnership and commitment to our mutual security.

在 Sisense,我們非常重視安全性並致力於客戶的成功。感謝您的合作以及對我們共同安全的承諾。

Regards,

問候,

Sangram Dash
Chief Information Security Officer"

Sangram Dash首席資訊安全長”

免責聲明:info@kdj.com

所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!

如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。

2026年07月04日 其他文章發表於