GTN Group Holding Limited

Start your security review
Search items
ControlK

Welcome to GTN's Trust Center! We take data privacy and security very seriously, and our security posture is always improving, and we are confident that we are at the forefront of the industry. Use this Trust Center to learn about our security posture and request access to our security documentation.

GTN Group Holding Limited (referred to as GTN) security portal is intended to assist prospective clients of GTN subsidiaries or affiliates when they engage and use the GTN Cloud infrastructure and GTN platforms. You may review the information in this security portal for your independent assessment. Documents provided in this portal are for informational purposes only, with no contractual commitments or assurances of any kind from GTN to its subsidiaries, affiliates, or clients of its subsidiaries or affiliates, and this is neither a part of nor a modification to any agreement between GTN and its subsidiaries or affiliates and/or GTN's subsidiaries or affiliates and their clients.

To provide information security assurance, GTN environments are regularly updated and audited, and the infrastructure and services are operated under industry-specific compliance standards and best practices. As a result, the information provided in this security portal continues to improve and is subject to change without notice.

Start your security review

Documents

Network Diagram

GTN Group Holding Limited Updates

The Cisco IOS XE vulnerability

VulnerabilitiesCopy link

We would like to inform you that GTN remains unaffected by the zero-day vulnerability CVE-2023-20198, which Cisco recently announced as a severity 10 threat. This vulnerability targets the Web UI of Cisco's Internetworking Operating System (IOS) XE software and has been exploited by threat actors to gain level 15 access, which means they can fully control Cisco IOS XE devices. We are closely reviewing our supplier chain to ensure that we receive timely notifications for any such threats, and we are taking necessary measures to deploy patches in a secure manner.

Published at N/A

HTTP/2 Rapid Reset Attacks and Vulnerability

VulnerabilitiesCopy link

We want to assure you that GTN is not affected by the HTTP/2 vulnerability. This vulnerability can cause massive Distributed Denial of Service (DDoS) attacks by exploiting a weakness in the HTTP/2 protocol. Thanks to the robust protections offered by Cloudflare WAF and the expeditious protection of our GTN Trading Platform. We leverage multi-layered security protection with the support of Cloudflare and AWS security services to ensure that our infrastructure and services remain uninterrupted. While DDoS attacks can only be contained, we have taken all the necessary measures to protect our system.

Published at N/A*

External VAPT 2023 July Release

ComplianceCopy link

The latest external VAPT reports are now available for all prospective and existing clients of GTN affiliates. Third-party qualified penetration testers conducted the VAPT, and remediations were completed. Any pending remediations are already planned or due to re-test by the tester.

Published at N/A

GTN Platform Not Impacted by MOVEit Vulnerabilities

IncidentsCopy link

Recently, the security team at GTN became aware of the news surrounding a high-impact MOVEit vulnerability. Despite the incident being reported by reputable threat intelligence sources in https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/, we do not use this technology/software for our platform services.

Therefore, our systems' confidentiality, integrity, and availability remain unaffected.

Published at N/A*

External VAPT 2022 December Release

ComplianceCopy link

The latest external VAPT reports are now available for all prospective and existing clients of GTN affiliates. Third-party qualified penetration testers conducted the VAPT, and remediations were completed. Any pending remediations are already planned or due to re-test by the tester.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo