Tag Archive for: JumpCloud

North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder


North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address.

Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already being monitored as Jade Sleet and TraderTraitor, a group with a history of striking blockchain and cryptocurrency sectors.

UNC4899 also overlaps with APT43, another hacking crew associated with the Democratic People’s Republic of Korea (DPRK) that was unmasked earlier this March as conducting a series of campaigns to gather intelligence and siphon cryptocurrency from targeted companies.

The adversarial collective’s modus operandi is characterized by the use of Operational Relay Boxes (ORBs) using L2TP IPsec tunnels along with commercial VPN providers to disguise the attacker’s true point of origin, with commercial VPN services acting as the final hop.

“There have been many occasions in which DPRK threat actors did not employ this last hop, or mistakenly did not utilize this while conducting actions on operations on the victim’s network,” the company said in an analysis published Monday, adding it observed “UNC4899 connecting directly to an attacker-controlled ORB from their 175.45.178[.]0/24 subnet.”

The intrusion directed against JumpCloud took place on June 22, 2023, as part of a sophisticated spear-phishing campaign that leveraged the unauthorized access to breach fewer than five customers and less than 10 systems in what’s called a software supply chain attack.

Mandiant’s findings are based on an incident response effort initiated in the aftermath of a cyber attack against one of JumpCloud’s impacted customers, an unnamed software solutions entity, the starting point being a malicious Ruby script (“init.rb”) executed via the JumpCloud agent on June 27, 2023.

A notable aspect of the incident is its targeting of four Apple systems running macOS Ventura versions 13.3 or 13.4.1, underscoring North Korean actors’ continued investment in honing malware specially tailored for the platform in…

Source…

Whitelist JumpCloud Protect™ if You Use Apple’s Focus Functionality


Apple’s iOS 15 introduced Focus mode, a feature that aims to help you disconnect from apps and notifications, only interact with who or what you choose to at set times of the day, and establish a better life/work balance. I’ve found it useful, and my colleague Tom Bridge has documented how well it’s worked for him. The trouble is that it can work too well: some notifications are “buried” if you don’t configure their importance correctly or update your apps list.

Late last year, the JumpCloud Protect™ app launched push prompts to simplify multi-factor authentication (MFA). It offers a secure, user-friendly system that’s designed to increase security. Unfortunately, app notifications like those from JumpCloud Protect don’t “surface” immediately unless you explicitly whitelist the app in Focus’s settings. As a result, it’s possible that your end users will scratch their heads and ask for support if JumpCloud Protect isn’t whitelisted in their “work” profile.

How To Whitelist JumpCloud Protect From Focus

The JumpCloud Protect app is instrumental in cutting through MFA complexity, so ensure that Focus permits it to work as it should. Apple provides more detailed instructions on its website. The basics are:

  1. Go to Settings > Focus. 
  1. Tap a provided Focus option — like Do Not Disturb, Personal, or Sleep — then turn on the Focus.
  1. After you choose a Focus, select options like Allowed Notifications, Time Sensitive Notifications, and Focus Status.

JumpCloud Protect asks for notification privileges on the first run, but that won’t carry through to Focus. It’s important to take this additional step so that notifications are always visible. Mobile device management (MDM) payloads cannot preconfigure this setting, yet.

Try JumpCloud Protect

JumpCloud considered the human side of MFA implementations when JumpCloud Protect launched with a push capability; other methods can be less secure or befuddle end users who aren’t tech-savvy across the board. JumpCloud is much easier to deploy than the security keys I used in my previous role as an IT director. Whitelisting the app ensures that your rollout goes smoothly.
It’s important for IT departments to become…

Source…

JumpCloud to launch free mobile multi-factor authentication product


JumpCloud announced JumpCloud Protect™, a one-touch multi-factor authentication (MFA) solution that makes it easy for IT admins to deploy and enforce MFA without adversely impacting end users.

Available for iOS and Android devices, JumpCloud Protect enables simple and efficient “touch to verify” functionality for employees when accessing corporate IT resources authenticated by the JumpCloud Directory Platform. 

Mobile MFA app

JumpCloud Protect is a fully featured mobile MFA app that allows employees authenticating into protected apps and resources to verify themselves directly from their corporate-issued or BYOD mobile device. 

JumpCloud Protect:

  • Installs on both iOS and Android devices
  • Simple “one-touch” accept or deny functionality to verify identity when accessing IT resources 
  • Alternate Time-based One-time Password (TOTP) token-generation capabilities for any JumpCloud authenticated resources or users’ personal online accounts requiring second-factor verification.

Simplest verification solution

Our IT team is challenged with several requirements. Making employees happy and productive, reducing the total cost of equipping them with the right IT tools, and ensuring we are keeping the company secure while people are remote is our new normal,” said Randy Tanenhaus, IT Manager at ClassPass.

I like JumpCloud’s direction. JumpCloud Protect means we can give our employees the simplest verification solution on the market. Without disrupting their work, we really know it’s them. Further, I have been able to think about other critical priorities versus evaluating, buying, and integrating a 2FA solution into our identity strategy.

Identity and security in one place

JumpCloud Protect will reduce the cost of maintaining a separate MFA solutionAt Employee Zero, we’ve been implementing JumpCloud solutions for our clients for the past six years,” said James Martin, director at Employee Zero, an IT consultancy and managed service provider.

In that time, we have seen so many exciting advancements in features and value-adds to the platform. JumpCloud Protect is a major leap forward in…

Source…

JumpCloud Protect: One-touch featured mobile MFA app


JumpCloud announced JumpCloud Protect, a one-touch multi-factor authentication (MFA) solution that makes it easy for IT admins to deploy and enforce MFA without adversely impacting end users.

Available for iOS and Android devices, JumpCloud Protect enables simple and efficient “touch to verify” functionality for employees when accessing corporate IT resources authenticated by the JumpCloud Directory Platform.

JumpCloud Protect is a fully featured mobile MFA app, that allows employees authenticating into protected apps and resources to verify themselves directly from their corporate-issued or BYOD mobile device. JumpCloud Protect:

  • Installs on both iOS and Android devices
  • Simple “one-touch” accept or deny functionality to verify an identity when accessing IT resources
  • Alternate Time-based One-time Password (TOTP) token-generation capabilities for any JumpCloud authenticated resources or users’ personal online accounts requiring second factor verification

“Our IT team is challenged with a number of requirements. Making employees happy and productive, reducing the total cost of equipping them with the right IT tools, and ensuring we are keeping the company secure while people are remote is our new normal,” said Randy Tanenhaus, IT Manager at ClassPass. “I like JumpCloud’s direction. JumpCloud Protect means we can give our employees the simplest verification solution on the market. Without disrupting their work, we really know it’s them. Further, I have been able to think about other critical priorities versus evaluating, buying, and integrating a 2FA solution into our identity strategy.”

“At Employee Zero, we’ve been implementing JumpCloud solutions for our clients for the past six years,” said James Martin, director at Employee Zero, an IT consultancy and managed service provider. “In that time, we have seen so many exciting advancements in features and value-adds to the platform. JumpCloud Protect is a major leap forward in keeping identity and security in one easy to manage place for both the end user, and for us as IT support. JumpCloud Protect will reduce the cost of maintaining a separate MFA solution for our clients whilst making things…

Source…