CEVA Logistics
Company Details
Linkedin ID:
ceva-logistics
Website:
Employees number:
47,815
Number of followers:
1,648,184
NAICS:
47
Industry Type:
Homepage:
cevalogistics.com
IP Addresses:
0
Company ID:
CEV_2585992
Scan Status:
In-progress
CEVA Logistics Company CyberSecurity Posture
cevalogistics.com
CEVA provides world-class supply chain solutions for large and medium-size national and multinational companies across the globe. As an industry leader, CEVA offers customers complete supply chain design and implementation in contract logistics and freight management, alone or in combination. Together with CMA CGM, a leading worldwide shipping group and CEVA’s strategic partner, we are able to offer our customers end-to-end logistics solutions. CEVA’s integrated global network has over 1,000 facilities in more than 170 countries and 98,000 employees; all dedicated to delivering consistently excellent operations and supply chain solutions.
CEVA Logistics A.I CyberSecurity Scoring
CEVA Logistics Risk Score (AI oriented)Between 800 and 849
CEVA Logistics
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CEVA Logistics Global Score (TPRM)XXXX
CEVA Logistics
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CEVA Logistics Company CyberSecurity News & History
Past Incidents
5
Attack Types
3
CMA CGM (Assumed based on the context of a major container vessel attack in 2017)
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In February 2017, a container vessel operated by a leading global shipping company fell victim to a sophisticated cyber attack orchestrated by African pirates. The hackers targeted the ship’s **Navigation Systems** while it was en route from **Cyprus to Djibouti**, aiming to seize full control and redirect it to a location where they could physically hijack the vessel. The attack rendered the ship **unmaneuverable for 10 hours**, forcing the crew to bring in **IT experts** to restore system functionality after repeated failed attempts. The incident compromised the **availability and integrity** of the ship’s critical systems, posing severe risks to **crew safety, cargo security, and operational continuity**. Had the pirates succeeded in fully controlling the vessel, the consequences could have included **financial losses from ransom demands, cargo theft, reputational damage, and potential environmental hazards** if the ship had been diverted to unsafe waters. The attack highlighted vulnerabilities in **maritime cybersecurity**, particularly in legacy navigation and communication systems, which remain prime targets for cyber-criminals exploiting gaps in industrial control systems (ICS) and operational technology (OT).
CMA CGM
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: CMA CGM was hit by another cyber attack in September 2021, just under one year since its last big breach. The French container line suffered a leak of data on limited customer information involving first and last names, employers, positions, email addresses and phone numbers. Its IT teams however have immediately developed and installed security patches. CMA CGM advised clients not to share their account passwords or any personal information and asked them to check the authenticity of an email requesting to log in to the carrier’s platforms, especially if requested to reset a password.
CMA CGM
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: French carrier company CMA CGM was attacked by the Ragnar Locker ransomware. They had to shut down its network to prevent the spread of malware. The attackers asked the firm to contact them via live chat and pay for the special decryption key to restore their systems.
CMA CGM
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In September 2021, **CMA CGM**, a France-based global shipping and logistics giant, fell victim to a **cyber-attack involving Ragnar Locker ransomware**. The attackers infiltrated the company’s network, **stole and encrypted customer data**, and demanded a ransom. To contain the breach, CMA CGM **disconnected its global network from the internet**, halting all **online booking services, operational requests, and partially disrupting port and vessel operations**. Customers were forced to rely on local offices for bookings and inquiries, causing significant operational delays.After the company **refused to pay the ransom**, the hackers **leaked all stolen data**, exacerbating the impact. The attack not only compromised **sensitive customer information** but also **crippled critical business functions**, leading to financial losses, reputational damage, and logistical chaos across its global supply chain. The incident highlighted vulnerabilities in maritime cybersecurity and the severe consequences of ransomware attacks on large-scale industrial operations.
CMA CGM
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In late September 2020, the French shipping giant **CMA CGM** fell victim to a **Ragnar Locker ransomware attack** orchestrated by the **Ragnar Locker Gang**. The cybercriminals **exfiltrated personal data of clients** and encrypted critical systems, demanding a ransom in exchange for a decryption key. While the **marine and port operations remained functional**, the attack **disrupted online booking services, operational requests, and loading processes**, forcing customers to rely on local offices for assistance. The company **isolated its global network by cutting internet access** to contain the ransomware’s spread. The primary motive was **financial extortion**, though the exact ransom amount was not disclosed publicly. The incident caused **operational slowdowns, reputational damage, and potential long-term trust erosion** among clients, though no evidence suggested a complete halt in core shipping activities. The stolen **customer data** heightened concerns over **privacy breaches and regulatory compliance risks**.
CEVA Logistics Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CEVA Logistics
Incidents vs Transportation, Logistics, Supply Chain and Storage Industry Average (This Year)
No incidents recorded for CEVA Logistics in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CEVA Logistics in 2025.
Incident Types CEVA Logistics vs Transportation, Logistics, Supply Chain and Storage Industry Avg (This Year)
No incidents recorded for CEVA Logistics in 2025.
Incident History — CEVA Logistics (X = Date, Y = Severity)
CEVA Logistics cyber incidents detection timeline including parent company and subsidiaries
CEVA Logistics Company Subsidiaries
CEVA provides world-class supply chain solutions for large and medium-size national and multinational companies across the globe. As an industry leader, CEVA offers customers complete supply chain design and implementation in contract logistics and freight management, alone or in combination. Together with CMA CGM, a leading worldwide shipping group and CEVA’s strategic partner, we are able to offer our customers end-to-end logistics solutions. CEVA’s integrated global network has over 1,000 facilities in more than 170 countries and 98,000 employees; all dedicated to delivering consistently excellent operations and supply chain solutions.
Loading...
CEVA Logistics Similar Companies
C.H. Robinson
C.H. Robinson delivers logistics like no one else™. Companies around the world look to us to reimagine supply chains, advance freight technology, and solve logistics challenges—from the simple to the most complex. Over 90,000 customers and 450,000 contract carriers in our network trust us to manage
FM Logistic
With more than 28 000 collaborators worldwide, FM LOGISTIC ensures the optimization of the global supply chain: warehousing (computerized inventory management, order processing etc), co-packing, food co-manufacturing and industrial manufacturing, transportation / distribution. From production to
ADNOC Logistics & Services
ADNOC L&S is the region’s largest shipping and integrated logistics company and a global energy maritime logistics leader with a world-class asset base. It is the maritime logistics arm of ADNOC Group, a key enabler to ADNOC’s strategy and a catalyst for Abu Dhabi’s growth and diversification, deliv
MSC Mediterranean Shipping Company
MSC is a privately owned global shipping company founded in 1970 by Gianluigi Aponte. As one of the world’s leading container shipping lines with headquarters in Geneva, Switzerland, MSC operates in over 675 offices across more than 155 countries worldwide with over 200,000 MSC Group employees. With
We make everyday life easier. PostNord is a leading provider of parcel and logistics services to, from, and within the Nordic region. We ensure the provision of a postal service to households and businesses in Sweden, regardless of where they live and work. PostNord connects companies, public auth
As the custodian of ports, rail and pipelines, Transnet’s objective is to ensure a globally competitive freight system that enables sustained growth and diversification of the country’s economy. As a state-owned company, Transnet continues to leave an indelible mark on the lives of all South Afri
ZTO Express
Founded on May 8, 2002, ZTO Express (“ZTO” or “the Company”) is one of the leading express delivery companies in China in terms of parcel volume, with a 20.4% market share in 2020. ZTO is both a key enabler and a direct beneficiary of China’s fast-growing e-commerce market, and has established itsel
Trade is the lifeblood of the global economy, creating opportunities and improving the quality of life for people around the world. DP World exists to make the world’s trade flow better, changing what’s possible for the customers and communities we serve globally. With a dedicated, diverse and p
KTZ Express
KTZ Express JSC multimodal company is a sales center of cargo transportation and logistics services for “Kazakhstan Railways” JSC National Company. KTZ Express provides a full range of transport and logistics services in all types of transportation on all routes, integrates transportation by rail, s
.png)
CEVA Logistics CyberSecurity News
October 21, 2025 07:00 AM
Comment The F5 hack – a serious threat to global logistics
A long-running cyber-espionage campaign that infiltrated US network-security vendor F5 Inc* has drawn fresh warnings from governments and...
October 14, 2025 07:00 AM
News DSV targeted by new logistics-focused hacking group
A new hacking group is targeting logistics companies, with several already named as victims, including DSV and Kuehne + Nagel.
September 30, 2025 07:00 AM
Global Luxury Automaker Ferrari Extends Strategic Partnership with CEVA for Racing Logistics Support
Ferrari renews partnership with CEVA Logistics to support racing and logistics operations starting January 2026.
September 24, 2025 07:00 AM
Navigating Modern Supply Chain Crime: Expert Insights on Supply Chain Risks and Security
Statistics show an increasing frequency of supply chain disruptions, among them theft, cyber threats and insider collusion.
September 22, 2025 07:00 AM
News Europe's airports disrupted by cyber-attack– but no cargo delays, claim
Airports in Europe impacted by a cyberattack on Collins Aerospace claim there are no cargo delays, despite hundreds of flight cancellations.
September 09, 2025 07:00 AM
CEVA Logistics launches reverse logistics solution for EV batteries to address 80% of European volumes by 2030
Circular value chain supporting automotive industry electric mobility transition; First Battery Logistics Center successfully tested at CEVA...
August 22, 2025 07:00 AM
CEVA Logistics Expands into Kribi, Cameroon with New Logistics Base
CEVA Logistics is expanding its presence in Central Africa with the construction of a new logistics base in the port area of Kribi,...
May 23, 2025 07:00 AM
Ceva Logistics using Stradot conveyor robots for vehicle handling at Nanteuil-le-Haudouin facility
Ceva Logistics will start using two automated straddle conveyors from Stradot to move vehicles at its vehicle distribution yard in...
May 15, 2025 07:00 AM
News MSC Antonia, a casualty of the epidemic of GPS area-denial
As one of the most common forms of cyber-interference, ships have had to contend with GPS spoofing for more than a decade at this point.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CEVA Logistics CyberSecurity History Information
Official Website of CEVA Logistics
The official website of CEVA Logistics is http://www.cevalogistics.com.
CEVA Logistics’s AI-Generated Cybersecurity Score
According to Rankiteo, CEVA Logistics’s AI-generated cybersecurity score is 809, reflecting their Good security posture.
How many security badges does CEVA Logistics’ have ?
According to Rankiteo, CEVA Logistics currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CEVA Logistics have SOC 2 Type 1 certification ?
According to Rankiteo, CEVA Logistics is not certified under SOC 2 Type 1.
Does CEVA Logistics have SOC 2 Type 2 certification ?
According to Rankiteo, CEVA Logistics does not hold a SOC 2 Type 2 certification.
Does CEVA Logistics comply with GDPR ?
According to Rankiteo, CEVA Logistics is not listed as GDPR compliant.
Does CEVA Logistics have PCI DSS certification ?
According to Rankiteo, CEVA Logistics does not currently maintain PCI DSS compliance.
Does CEVA Logistics comply with HIPAA ?
According to Rankiteo, CEVA Logistics is not compliant with HIPAA regulations.
Does CEVA Logistics have ISO 27001 certification ?
According to Rankiteo,CEVA Logistics is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CEVA Logistics
CEVA Logistics operates primarily in the Transportation, Logistics, Supply Chain and Storage industry.
Number of Employees at CEVA Logistics
CEVA Logistics employs approximately 47,815 people worldwide.
Subsidiaries Owned by CEVA Logistics
CEVA Logistics presently has no subsidiaries across any sectors.
CEVA Logistics’s LinkedIn Followers
CEVA Logistics’s official LinkedIn profile has approximately 1,648,184 followers.
NAICS Classification of CEVA Logistics
CEVA Logistics is classified under the NAICS code 47, which corresponds to Transportation and Warehousing.
CEVA Logistics’s Presence on Crunchbase
No, CEVA Logistics does not have a profile on Crunchbase.
CEVA Logistics’s Presence on LinkedIn
Yes, CEVA Logistics maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ceva-logistics.
Cybersecurity Incidents Involving CEVA Logistics
As of November 27, 2025, Rankiteo reports that CEVA Logistics has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
CEVA Logistics has an estimated 6,011 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CEVA Logistics ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Cyber Attack and Ransomware.
How does CEVA Logistics detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with network shutdown, and containment measures with developed and installed security patches, and remediation measures with advised clients not to share account passwords or personal information, remediation measures with asked clients to check the authenticity of emails requesting login or password reset, and and containment measures with disabled internet connection to prevent ransomware spread, and recovery measures with directed customers to local offices for bookings and queries, and and containment measures with shut down internet access to prevent ransomware spread, and communication strategy with customers directed to local offices for bookings/inquiries, and incident response plan activated with yes (crew attempted recovery; it experts boarded), and third party assistance with it experts (onsite), and containment measures with manual override attempts, containment measures with it expert intervention, and remediation measures with restoration of navigation systems..
Incident Details
Can you provide details on each incident ?
Title: CMA CGM Ragnar Locker Ransomware Attack
Description: French carrier company CMA CGM was attacked by the Ragnar Locker ransomware. They had to shut down its network to prevent the spread of malware. The attackers asked the firm to contact them via live chat and pay for the special decryption key to restore their systems.
Type: Ransomware
Motivation: Financial
Title: CMA CGM Data Leak
Description: CMA CGM experienced a data leak in September 2021, resulting in the exposure of limited customer information including first and last names, employers, positions, email addresses, and phone numbers. IT teams quickly developed and installed security patches to mitigate the impact.
Date Detected: September 2021
Type: Data Leak
Title: Ransomware Attack on CMA CGM by Ragnar Locker Gang
Description: In September 2020, the French shipping company CMA CGM was targeted by the Ragnar Locker ransomware gang. The attackers stole personal client data and demanded a ransom for a decryption key. The company disabled its internet connection to contain the attack, disrupting online booking services while keeping marine and port operations functional. The attack aimed at financial gain, though the exact ransom amount was not disclosed.
Date Detected: 2020-09-25
Date Publicly Disclosed: 2020-09-27
Type: ransomware
Threat Actor: Ragnar Locker Gang
Motivation: financial gain
Title: CMA CGM Ransomware Attack (September 2021)
Description: In September 2021, France-based CMA CGM experienced a cyber-attack on their network involving hacking and ransomware. The hackers used Ragnar Locker ransomware to steal and encrypt customer data. The company shut down internet access to prevent further spread, disrupting online booking services, operational requests, and partially impacting ports and vessels. After refusing to pay the ransom, all stolen data was leaked.
Date Detected: 2021-09
Type: cyber-attack
Attack Vector: ransomware (Ragnar Locker)
Motivation: financial gaindata theft
Title: Cyber Attack on Container Vessel by African Pirates (2017)
Description: In February 2017, a container vessel en route from Cyprus to Djibouti was targeted by a hacking attack carried out by African pirates. The attackers aimed to gain full control of the vessel's Navigation Systems to redirect the ship to an area where they could physically seize it. The hack rendered the ship unable to maneuver, and the attackers maintained control for 10 hours. The crew attempted to regain control but required onboard IT experts to restore the Navigation Systems after hours of intervention. The incident compromised the availability and integrity of the vessel's systems under the CIA triad.
Date Detected: February 2017
Date Resolved: February 2017 (within 10 hours of detection)
Type: cyber-physical attack
Attack Vector: remote hackingnavigation system compromise
Threat Actor: African pirates (cyber-enabled)
Motivation: financial gain (piracy)physical seizure of vesselransom
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak CMA213413123
Data Compromised: First and last names, Employers, Positions, Email addresses, Phone numbers
Incident : ransomware CMA642092025
Data Compromised: Personal data of clients
Systems Affected: online booking servicesoperational request systems
Downtime: partial (online services suspended, local offices used for bookings)
Operational Impact: loading processes hampered, but marine and port activities remained operational
Identity Theft Risk: likely (personal data stolen)
Incident : cyber-attack CMA330092125
Data Compromised: Customer data
Systems Affected: online booking servicesoperational request systemsports (partial)vessels (partial)
Downtime: True
Operational Impact: disruption of booking servicespartial disruption of ports and vesselscustomers redirected to local offices
Incident : cyber-physical attack CMA840092125
Systems Affected: Navigation Systems
Downtime: 10 hours
Operational Impact: loss of vessel maneuverabilitytemporary loss of control to attackersrequirement for emergency IT intervention
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Pii, , Personal Data, , Customer Data and .
Which entities were affected by each incident ?
Incident : Ransomware CMA195410222
Entity Name: CMA CGM
Entity Type: Carrier Company
Industry: Transportation
Location: France
Incident : Data Leak CMA213413123
Entity Name: CMA CGM
Entity Type: Company
Industry: Shipping
Location: France
Incident : ransomware CMA642092025
Entity Name: CMA CGM
Entity Type: corporation
Industry: shipping/logistics
Location: France (global operations)
Size: large
Incident : cyber-attack CMA330092125
Entity Name: CMA CGM
Entity Type: company
Industry: shipping, logistics, maritime
Location: France (global operations)
Customers Affected: True
Incident : cyber-physical attack CMA840092125
Entity Type: container vessel (maritime shipping)
Industry: maritime/logistics
Location: Cyprus (departure)Djibouti (destination)unknown (attack location)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware CMA195410222
Containment Measures: Network shutdown
Incident : Data Leak CMA213413123
Containment Measures: Developed and installed security patches
Remediation Measures: Advised clients not to share account passwords or personal informationAsked clients to check the authenticity of emails requesting login or password reset
Incident : ransomware CMA642092025
Incident Response Plan Activated: True
Containment Measures: disabled internet connection to prevent ransomware spread
Recovery Measures: directed customers to local offices for bookings and queries
Incident : cyber-attack CMA330092125
Incident Response Plan Activated: True
Containment Measures: shut down internet access to prevent ransomware spread
Communication Strategy: customers directed to local offices for bookings/inquiries
Incident : cyber-physical attack CMA840092125
Incident Response Plan Activated: Yes (crew attempted recovery; IT experts boarded)
Third Party Assistance: It Experts (Onsite).
Containment Measures: manual override attemptsIT expert intervention
Remediation Measures: restoration of Navigation Systems
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (crew attempted recovery; IT experts boarded).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IT experts (onsite), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak CMA213413123
Type of Data Compromised: Pii
Sensitivity of Data: Moderate
Personally Identifiable Information: First and last namesEmployersPositionsEmail addressesPhone numbers
Incident : ransomware CMA642092025
Type of Data Compromised: Personal data
Sensitivity of Data: high (personal client data)
Data Encryption: True
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Advised clients not to share account passwords or personal information, Asked clients to check the authenticity of emails requesting login or password reset, , restoration of Navigation Systems, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network shutdown, developed and installed security patches, , disabled internet connection to prevent ransomware spread, , shut down internet access to prevent ransomware spread, , manual override attempts, it expert intervention and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware CMA195410222
Ransomware Strain: Ragnar Locker
Incident : ransomware CMA642092025
Ransom Demanded: True
Ransomware Strain: Ragnar Locker
Data Encryption: True
Data Exfiltration: True
Incident : cyber-attack CMA330092125
Ransom Demanded: True
Ransomware Strain: Ragnar Locker
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through directed customers to local offices for bookings and queries, .
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Port Technology International TeamDate Accessed: 2021.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : cyber-physical attack CMA840092125
Investigation Status: Resolved (systems restored; no further public details)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customers Directed To Local Offices For Bookings/Inquiries.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Leak CMA213413123
Customer Advisories: Advised clients not to share account passwords or personal informationAsked clients to check the authenticity of emails requesting login or password reset
Incident : ransomware CMA642092025
Customer Advisories: customers directed to local offices for bookings and queries
Incident : cyber-attack CMA330092125
Customer Advisories: customers advised to contact local offices for bookings/inquiries
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Advised Clients Not To Share Account Passwords Or Personal Information, Asked Clients To Check The Authenticity Of Emails Requesting Login Or Password Reset, , Customers Directed To Local Offices For Bookings And Queries, , Customers Advised To Contact Local Offices For Bookings/Inquiries and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : cyber-physical attack CMA840092125
High Value Targets: Navigation Systems,
Data Sold on Dark Web: Navigation Systems,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : cyber-physical attack CMA840092125
Root Causes: Vulnerabilities In Navigation Systems, Lack Of Cyber-Physical Security Measures,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as It Experts (Onsite), .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Ragnar Locker Gang and African pirates (cyber-enabled).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on September 2021.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-09-27.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on February 2017 (within 10 hours of detection).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were First and last names, Employers, Positions, Email addresses, Phone numbers, , personal data of clients, , customer data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was online booking servicesoperational request systems and online booking servicesoperational request systemsports (partial)vessels (partial) and Navigation Systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was it experts (onsite), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Network shutdown, Developed and installed security patches, disabled internet connection to prevent ransomware spread, shut down internet access to prevent ransomware spread and manual override attemptsIT expert intervention.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, customer data, Phone numbers, Positions, Employers, First and last names and personal data of clients.
Ransomware Information
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Port Technology International Team.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (systems restored; no further public details).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Advised clients not to share account passwords or personal informationAsked clients to check the authenticity of emails requesting login or password reset, customers directed to local offices for bookings and queries and customers advised to contact local offices for bookings/inquiries.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ceva-logistics' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
