{"id":95343,"date":"2023-07-07T07:30:00","date_gmt":"2023-07-07T07:30:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=95343"},"modified":"2023-07-07T07:30:00","modified_gmt":"2023-07-07T07:30:00","slug":"jumpcloud-issues-notice-to-customers-to-refresh-api-keys","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95343","title":{"rendered":"JumpCloud issues notice to customers to refresh API keys"},"content":{"rendered":"
<\/div>\n

JumpCloud, which offers directory-as-a-service products, has issued mandatory application programming interface (API)<\/a> security key replacements, following what is believe to be an ongoing security incident.<\/p>\n

The company offers secure access from any device<\/a> anywhere and can integrate corporate WiFi and VPN devices using its radius-as-a-service offering. It positions itself as a full cloud replacement for Microsoft Active Directory.<\/p>\n

Computer Weekly\u2019s sister publication, SearchSecurity.com, reported that JumpCloud<\/a> notified customers and published a support notification on Thursday warning of an API key reset for IT administrators that affected several services. SearchSecurity.com noted that JumpCloud provided directions to generate a new API key, but did not say what the incident was, what caused it or whether the company network had been breached.<\/p>\n

Among the products and services that have been listed by JumpCloud as being potentially affected are importing Active Directory; BambooHR; Okta Real-time User and Password Import and the JumpCloud App for Slack.<\/p>\n

In a screenshot of the notice sent to customers, JumpCloud said: \u201cOut of an abundance of caution relating to an ongoing security incident, JumpCloud has invalidated your existing API keys\u2026We apologise for any inconvenience this causes your organisation, but the action was taken on your behalf as the most prudent course of action.\u201d <\/p>\n

Jason Kent, hacker in residence at Cequence Security, said that the most important component in any cryptographic system is the key. \u201cAs someone who has given words of caution on the use of long-lasting keys in the past and has commented many times on persistent API keys for sensitive controls, the \u2018I told you so\u2019 phase just isn\u2019t much fun,\u201d he said.<\/p>\n

\u201cAs the teams that utilise these systems now have to see how many integrations have failed, how much backlash it\u2019s going to create internally and will have to set about fixing everything, it\u2019s a very stressful thing.\u201d<\/p>\n

JumpCloud\u2019s support page<\/a> urged JumpCloud admins that are using a JumpCloud API key with an integration that relies on a JumpCloud admin API key to take action by updating integrations with their new API key(s).<\/p>\n

Kent said that reissuing keys means that IT admins now need to set keys on the various IT systems that use JumpCloud APIs then wait for reports of successes and failures. Kent believes optimal key management needs systems capable of generating them at the time of use.<\/p>\n

\u201cThis is because storage of the keys tends to be found by attackers and compromises like this one end up being a huge problem,\u201d he said. \u201cComputers are really good at repetitive tasks, have them log in every time. Utilise privileged access management or similar strategy and make sure you protect the key.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

JumpCloud, which offers directory-as-a-service products, has issued mandatory application programming interface (API) security key replacements, following what is believe to be an ongoing security incident. The company offers secure access from any device anywhere and can integrate corporate WiFi and VPN devices using its radius-as-a-service offering. It positions itself as a full cloud replacement for […]<\/p>\n","protected":false},"author":1,"featured_media":95344,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-95343","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95343"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95343\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95344"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}