What happened:
IT Glue customers received multiple emails over the past couple of days indicating an enforcement of MFA and later a mandatory rotation of tech login credentials. We have copied the information and instructions from IT Glue below and strongly recommend all IT Glue users to follow the instructions immediately, resetting all login passwords and MFA.
IT Glue has publicly stated there has not been a compromise and we have reached out to Kaseya’s security team directly for additional updates on this matter. Our IT Glue integration does not have write access to any CyberQP systems and we have no reason to believe any CyberQP systems are affected.
IT Glue has already sent out email communications about enabling MFA on Wednesday October 5th and a mandatory password reset of your IT Glue login on Saturday October 8th.
What we recommend to harden your ITG instance:
At CyberQP Cybersecurity we’re here to help our partners take steps to harden their IT Glue instance and protect their customers’ privileged accounts. We recommend all CyberQP customers using IT Glue to take the following actions in your IT Glue tenant. In addition, we remind partners to use CyberQP Q Guard to help rotate your privileged account passwords. Please rest easy that there are no issues at CyberQP and the below recommendations are provided to help shared partners harden and further protect their privileged accounts.
Step 1: Reset your IT Glue tenant login password. Make it long, such as 30-40 characters, as longer passwords protect you better than complexity. Store the new password in a password manager outside of IT Glue.
Step 2: Enable MFA enforcement on your IT Glue tenant. Once complete, login to your IT Glue tenant and set up MFA using an Authenticator app on your smartphone. Avoid using one time pass codes with your password manager for added security.
Step 3: Enable IP restrictions (if able to). IT Glue allows the ability to enable IP restrictions on your tenant which you can add approved public IP addresses that are permitted to login to the dashboard and also approved for any integrations such as API keys. Support page:
– Caution: If you enable make sure you collect all the public IPs for each integration you have including CyberQP before you enable this.
Step 4: If you are already a customer of CyberQP you can login to your CyberQP tenant and trigger an on-demand password rotation of all your privileged Active Directory, Office 365 and Local admin accounts. These will rotate immediately and update the password in IT Glue as a part of the process.
Support page:
If your rotations are already scheduled to run automatically every day then these rotations will happen without any intervention.
Note: If your still in the process of on-boarding CyberQP please contact support at [email protected] and we’d be happy to assist.
What we recommend if you would like to migrate your credentials to the CyberQP Vault:
If you wish to separate your passwords from your documentation tool and migrate to the CyberQP Vault, you can contact CyberQP support at [email protected] to enable the CyberQP Password Vault and to assist with migrating your passwords to CyberQP directly.
We understand that many Q Guard users have the majority of their technicians accessing credentials through IT Glue. Those same technicians may not be licensed to use Q Guard, thus, limiting access to the CyberQP Vault to only a small portion of your technical team.
To address this situation, we will not be charging IT Glue customers who wish to migrate technicians to the CyberQP Vault for additional technicians until January 1st, 2023. To be clear, affected users may add additional technicians at no cost for the rest of 2022 provided you let us know you are migrating from IT Glue to the CyberQP Vault for password storage.
If you have any questions please feel free to reach out to us at [email protected].
Sincerely,
The CyberQP Team
