CISA
Company Details
Linkedin ID:
cisa
Website:
Employees number:
141
Number of followers:
0
NAICS:
5417
Industry Type:
Homepage:
cisa.org.br
IP Addresses:
0
Company ID:
CIS_1178364
Scan Status:
In-progress
CISA Company CyberSecurity Posture
cisa.org.br
O Centro de Informações sobre Saúde e Álcool (CISA) é uma das principais referências no Brasil sobre o tema e, ao longo dos 15 anos de atividades, tem contribuído para a ampliação do debate sobre a relação álcool-saúde e para a conscientização e prevenção do uso nocivo de bebidas alcoólicas.
CISA A.I CyberSecurity Scoring
CISA Risk Score (AI oriented)Between 800 and 849
CISA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CISA Global Score (TPRM)XXXX
CISA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CISA Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
CISA: Chinese hackers used Brickworm malware to breach critical US infrastructure
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: Chinese state-sponsored actors deploy Brickworm malware to infiltrate government and IT networks worldwide Malware targets VMware vSphere and Windows, enabling persistence, file manipulation, and Active Directory compromise CISA warns of long-term espionage and sabotage risks; China denies accusations, calling the US a “cyber-bully" Chinese state-sponsored threat actors have been using Brickworm malware against government organizations around the world - maintaining access, exfiltrating files, and eavesdropping. This is according to a joint report published by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security. The report outlines how the malware operates based on the analysis of eight samples obtained from victim networks. In this, it was said that PRC hackers are targeting “government and information technology” organizations, without detailing who the victims are, or where they’re located. At the same time, Crowdstrike said it observed this being used against an Asia-Pacific government organization. Catch the price drop- Get 30% OFF for Enterprise and Business plans The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. It’s valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. Manipulating files To break into target networks, the threat actors would go for VMware
CISA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CISA
Incidents vs Research Services Industry Average (This Year)
CISA has 81.82% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
CISA has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types CISA vs Research Services Industry Avg (This Year)
CISA reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — CISA (X = Date, Y = Severity)
CISA cyber incidents detection timeline including parent company and subsidiaries
CISA Company Subsidiaries
O Centro de Informações sobre Saúde e Álcool (CISA) é uma das principais referências no Brasil sobre o tema e, ao longo dos 15 anos de atividades, tem contribuído para a ampliação do debate sobre a relação álcool-saúde e para a conscientização e prevenção do uso nocivo de bebidas alcoólicas.
Loading...
CISA Similar Companies
King's College London
King’s College London is amongst the top 40 universities in the world and top 10 in Europe (THE World University Rankings 2024), and one of England’s oldest and most prestigious universities. With an outstanding reputation for world-class teaching and cutting-edge research, King’s maintained its si
UCL
UCL (University College London) is London's leading multidisciplinary university, ranked 9th in the QS World University Rankings. Established in 1826 UCL opened up education in England for the first time to students of any race, class or religion and was also the first university to welcome female
Los Alamos National Laboratory is one of the world’s most innovative multidisciplinary research institutions. We're engaged in strategic science on behalf of national security to ensure the safety and reliability of the U.S. nuclear stockpile. Our workforce specializes in a wide range of progressive
The PPD™ clinical research business of Thermo Fisher Scientific, the world leader in serving science, enables customers to accelerate innovation and drug development through patient-centered strategies and data analytics. Our services, which span multiple therapeutic areas, include early development
Chinese Academy of Sciences
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 res
University of Cambridge
The University of Cambridge is one of the world's foremost research universities. The University is made up of 31 Colleges and over 150 departments, faculties, schools and other institutions. Its mission is 'to contribute to society through the pursuit of education, learning, and research at the hi
CEA
The CEA is the French Alternative Energies and Atomic Energy Commission ("Commissariat à l'énergie atomique et aux énergies alternatives"). It is a public body established in October 1945 by General de Gaulle. A leader in research, development and innovation, the CEA mission statement has two main
The University of Edinburgh
Imagine what you could do at a world-leading university that is globally recognised for its teaching, research and innovation. The University of Edinburgh has been providing students with world-class teaching for more than 425 years, unlocking the potential of some of the world's leading thinkers
CNRS
The French National Centre for Scientific Research is among the world's leading research institutions. Its scientists explore the living world, matter, the Universe, and the functioning of human societies in order to meet the major challenges of today and tomorrow. Internationally recognised for the
.png)
CISA CyberSecurity News
December 01, 2025 08:09 PM
No Cost Cybersecurity Services & Tools
CISA-Provided Cybersecurity Services. A single database that provides users with access to information on CISA cybersecurity services that are available to our...
December 01, 2025 08:00 PM
How the inefficiencies of TIC 2.0 hinder agencies’ cybersecurity progress
TIC 3.0 isn't simply an evolution of policy; it's the foundation for how the federal enterprise securely connects to the future.
December 01, 2025 11:06 AM
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack
The cybersecurity agency CISA has expanded its Known Exploited Vulnerabilities (KEV) catalog with an old 'OpenPLC ScadaBR' flaw that was...
December 01, 2025 09:13 AM
U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog.
November 30, 2025 09:34 PM
CISA Adds CVE-2021-26829 to KEV Catalog Amid Russian Hacktivist Exploits
In the shadowy world of cybersecurity, where outdated software can become a hacker's playground, a four-year-old vulnerability has roared...
November 30, 2025 09:23 AM
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a...
November 29, 2025 12:34 PM
CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to...
November 28, 2025 06:00 PM
The U.S. has been cutting cyber defenses as AI boosts attacks
While artificial intelligence powers the offense, defense guidance is spotty and fewer officials are in a position to help fend off hackers...
November 28, 2025 03:47 PM
The Federal Pivot: CISA Accelerates Artificial Intelligence Integration to Counteract Hyper-Speed Cyber Threats
In the high-stakes arena of national defense, the Cybersecurity and Infrastructure Security Agency (CISA) is executing a strategic pivot...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CISA CyberSecurity History Information
Official Website of CISA
The official website of CISA is https://cisa.org.br/.
CISA’s AI-Generated Cybersecurity Score
According to Rankiteo, CISA’s AI-generated cybersecurity score is 813, reflecting their Good security posture.
How many security badges does CISA’ have ?
According to Rankiteo, CISA currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CISA have SOC 2 Type 1 certification ?
According to Rankiteo, CISA is not certified under SOC 2 Type 1.
Does CISA have SOC 2 Type 2 certification ?
According to Rankiteo, CISA does not hold a SOC 2 Type 2 certification.
Does CISA comply with GDPR ?
According to Rankiteo, CISA is not listed as GDPR compliant.
Does CISA have PCI DSS certification ?
According to Rankiteo, CISA does not currently maintain PCI DSS compliance.
Does CISA comply with HIPAA ?
According to Rankiteo, CISA is not compliant with HIPAA regulations.
Does CISA have ISO 27001 certification ?
According to Rankiteo,CISA is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CISA
CISA operates primarily in the Research Services industry.
Number of Employees at CISA
CISA employs approximately 141 people worldwide.
Subsidiaries Owned by CISA
CISA presently has no subsidiaries across any sectors.
CISA’s LinkedIn Followers
CISA’s official LinkedIn profile has approximately 0 followers.
NAICS Classification of CISA
CISA is classified under the NAICS code 5417, which corresponds to Scientific Research and Development Services.
CISA’s Presence on Crunchbase
No, CISA does not have a profile on Crunchbase.
CISA’s Presence on LinkedIn
Yes, CISA maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cisa.
Cybersecurity Incidents Involving CISA
As of December 05, 2025, Rankiteo reports that CISA has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
CISA has an estimated 4,947 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CISA ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).
Risk Information
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Description
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
Risk Information
cvss4
Base: 8.0
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cisa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
