Security Directory

D

Dubai Tell Limited, Geneva Tell SA, Algiers Tell Markets SPA

tell.group

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that compromises all data transmissions, severely impacting user trust and violating GDPR and NIS2 requirements. Missing essential security headers further increase susceptibility to common web attacks such as clickjacking, XSS, and content injection. Lack of privacy and cookie policies, as well as the absence of consent mechanisms, place the business at high risk of legal penalties under data protection regulations. Critical services like MySQL and FTP are publicly exposed, providing easy attack vectors for threat actors. Additionally, there is a notable deficit in security governance, including lack of incident response, security policies, and information security frameworks, which undermines the organization's ability to manage and mitigate risks effectively. While email and DNS security show some strengths, these are overshadowed by critical gaps in network and application security. Immediate action is required to address these issues to protect business assets, customer data, and maintain regulatory compliance.