Protecting MantisHub users from Meltdown and Spectre Vulnerabilities

IMPORTANT NOTE: MantisHub services are patched for wide-spread security threats Meltdown and Spectre. Action Required:- Users need to update their browsers and install latest updates for their operating systems. Read on for details…

Security of cloud information is always at the forefront of any SaaS provider and long gone are the days when security was treated lightly. MantisHub prides itself on our high-security rating and we’ve addressed many security queries and concerns of our customers. Many of the security measures we have in place are listed in our KB article here. As well as providing secure infrastructure with SSL, data encryption at rest and data isolation, our team stays on top of all the latest threats, taking precautions needed to ensure the safety of your data and your service.

The Latest threats?  – Meltdown and Spectre

With the new year came reports of 2 major hardware vulnerabilities affecting a large number of modern computer processors. Including some variants of Intel, AMD and ARM processors used in personal computers, mobile devices, tablets and servers. These vulnerabilities, named Meltdown and Spectre, can potentially be exploited by hackers to access unauthorized data. It is a weakness in the hardware barrier between applications and could allow processes within one piece of installed software to access stored data of other software in the system.

The threat was reported by Googles Project Zero on Jan 3rd. It was also published in pdf by independent researchers here for Meltdown and Spectre.

What are we doing?

MantisHub primarily uses Amazon Web Services infrastructure and all security patches and updates protecting against the vulnerability have been deployed. We are also working with our other vendors and providers to ensure steps are taken to mitigate any risk to systems. MantisHub is continuing to keep across any new developments and update requirements so you can be assured that we’re doing what’s needed to make your data safe.

What can you do?

As this vulnerability is wide-spread you need to take steps to ensure all your devices have the latest updates. PC, Macs, Smartphones & tablet operating systems should all be updated and continue to check for updates regularly as some patches are still in development.  Additionally, make sure that all browsers receive the latest updates. Check out updates already available for Mozilla Firefox and MS Edge. Safari has an update “coming soon” and Chrome were due to provide version 64 on Jan 23rd but in the interim, you should follow these instructions to enable site isolation to protect against the threat and be sure to upgrade once version 64 comes out.

You can keep across any updates by following us on twitter and don’t forget to check in on our blog regularly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s