Barrick is a leading global mining, exploration and development company. We create real, long-term value for all stakeholders through responsible mining, strong partnerships and a disciplined approach to growth.
Tata Steel group is among the top global steel companies with an annual crude steel capacity of 34 million tonnes per annum. It is one of the world's most geographically-diversified steel producers, with operations and commercial presence across the world. The group (excluding SEA operations) recorded a consolidated turnover of US $19.7 billion in the financial year ending March 31, 2020. A Great Place to Work-CertifiedTM organisation, Tata Steel Ltd., together with its subsidiaries, associates and joint ventures, is spread across five continents with an employee base of over 65,000. Tata Steel has been a part of the DJSI Emerging Markets Index since 2012 and has been consistently ranked amongst top 5 steel companies in the DJSI Corporate Sustainability Assessment since 2016. Besides being a member of ResponsibleSteelTM and worldsteel’s Climate Action Programme, Tata Steel has won several awards and recognitions including the World Economic Forum’s Global Lighthouse recognition for its Kalinganagar Plant - a first in India, and Prime Minister’s Trophy for the best performing integrated steel plant for 2016-17. The Company, ranked as India’s most valuable Metals & Mining brand by Brand Finance, received the ‘Honourable Mention’ at the National CSR Awards 2019, Steel Sustainability Champion 2019 by worldsteel, CII Greenco Star Performer Award 2019, ‘Most Ethical Company’ award 2020 from Ethisphere Institute, Best Risk Management Framework & Systems Award (2020) by CNBC TV-18, and Award for Excellence in Financial Reporting FY20 by ICAI, among several others. To know more, visit www.tatasteel.com and www.wealsomaketomorrow.com.
Security & Compliance Standards Overview
No incidents recorded for Barrick Mining Corporation in 2025.
No incidents recorded for Tata Steel in 2025.
Barrick Mining Corporation cyber incidents detection timeline including parent company and subsidiaries
Tata Steel cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
