Welcome to GTN's Trust Center! We take data privacy and security very seriously, and our security posture is always improving, and we are confident that we are at the forefront of the industry. Use this Trust Center to learn about our security posture and request access to our security and support documentation.
GTN Group Holding Limited (referred to as GTN) Trust Center portal is intended to assist prospective clients of GTN subsidiaries or affiliates when they engage and use the GTN Cloud infrastructure and GTN platforms. You may review the information in this portal for your independent assessment. Documents provided in this portal are for informational purposes only, with no contractual commitments or assurances of any kind from GTN to its subsidiaries, affiliates, or clients of its subsidiaries or affiliates, and this is neither a part of nor a modification to any agreement between GTN and its subsidiaries or affiliates and/or GTN's subsidiaries or affiliates and their clients.
To provide information security assurance, GTN environments are regularly updated and audited, and the infrastructure and services are operated under industry-specific compliance standards and best practices. As a result, the information provided in this security portal continues to improve and is subject to change without notice.
Documents
Trust Center Updates
All prospective and existing clients of GTN affiliates can now access the latest external VAPT final reports. These assessments were performed by qualified third-party penetration testers, and all necessary fixes have been implemented.
GTN is aware of the current outage affecting Crowdstrike. It's important to note that GTN platforms and EUC environments do not rely on Crowdstrike and, therefore, have not been directly affected by this outage.
We are evaluating any potential secondary impact of this outage on our vendors and will provide updates as needed at a later time.
Currently, there is no assessed impact on GTN Platform products and related offerings.
We would like to inform you that GTN remains unaffected by the zero-day vulnerability CVE-2023-20198, which Cisco recently announced as a severity 10 threat. This vulnerability targets the Web UI of Cisco's Internetworking Operating System (IOS) XE software and has been exploited by threat actors to gain level 15 access, which means they can fully control Cisco IOS XE devices. We are closely reviewing our supplier chain to ensure that we receive timely notifications for any such threats, and we are taking necessary measures to deploy patches in a secure manner.
We want to assure you that GTN is not affected by the HTTP/2 vulnerability. This vulnerability can cause massive Distributed Denial of Service (DDoS) attacks by exploiting a weakness in the HTTP/2 protocol. Thanks to the robust protections offered by Cloudflare WAF and the expeditious protection of our GTN Trading Platform. We leverage multi-layered security protection with the support of Cloudflare and AWS security services to ensure that our infrastructure and services remain uninterrupted. While DDoS attacks can only be contained, we have taken all the necessary measures to protect our system.
The latest external VAPT reports are now available for all prospective and existing clients of GTN affiliates. Third-party qualified penetration testers conducted the VAPT, and remediations were completed. Any pending remediations are already planned or due to re-test by the tester.
Recently, the security team at GTN became aware of the news surrounding a high-impact MOVEit vulnerability. Despite the incident being reported by reputable threat intelligence sources in https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/, we do not use this technology/software for our platform services.
Therefore, our systems' confidentiality, integrity, and availability remain unaffected.
The latest external VAPT reports are now available for all prospective and existing clients of GTN affiliates. Third-party qualified penetration testers conducted the VAPT, and remediations were completed. Any pending remediations are already planned or due to re-test by the tester.
If you think you may have discovered a vulnerability, please send us a note.