FHRI
Company Details
Linkedin ID:
full-house-resorts-inc
Website:
Employees number:
75
Number of followers:
976
NAICS:
7132
Industry Type:
Homepage:
fullhouseresorts.com
IP Addresses:
0
Company ID:
FUL_2873009
Scan Status:
In-progress
Full House Resorts, Inc Company CyberSecurity Posture
fullhouseresorts.com
Full House Resorts, Inc. develops, owns, operates and manages casinos and related hospitality and entertainment facilities in regional U.S. markets. Based in Las Vegas, Full House operates five casino facilities in Mississippi, Colorado, Indiana and Nevada. Each of our gaming properties reflects a unique atmosphere custom-designed for each regional market. Our management team joined Full House in late 2014, and has been focused on making all of our properties fresh, competitive and financially successful. While each of our casinos has a distinctive look and feel, they all have the same goal: to provide our guests with the best experience in entertainment and customer service in an inviting, comfortable atmosphere. We don’t aim to be the biggest—just the place that our guests want to visit again and again. While Full House may be a boutique casino company, our management team has been an integral part of the development and operation of some of the most successful casino resorts in the U.S. Our team also has extensive financial experience, and a record of success in building shareholder value. We believe in financial discipline, and investing in both our assets and our people. Our strategy depends on prudent spending, but cost controls are just part of the story. We evaluate each property and all of its related assets, from our buildings to parking to undeveloped land. Where we see opportunities to maximize profits, we will invest for the longer term, whether it’s in new hotel rooms and suites, better parking facilities, new guest amenities or improved access to our casinos. On behalf of our employees, our investors and our communities, we thank you for your interest and support. We look forward to sharing an exciting future with you.
Full House Resorts, Inc A.I CyberSecurity Scoring
FHRI Risk Score (AI oriented)Between 650 and 699
FHRI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
FHRI Global Score (TPRM)XXXX
FHRI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
FHRI Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Full House Resorts, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Full House Resorts, Inc., a publicly traded casino and hospitality company operating seven properties across the U.S. (including American Place, Silver Slipper Casino, and Rising Star Casino Resort), suffered a **data breach on November 14, 2025**. The incident exposed **sensitive personally identifiable information (PII)** of current and former employees, including **names and Social Security numbers (SSNs)**. The breach was disclosed to the **Massachusetts Attorney General’s office**, though the exact number of affected individuals remains undisclosed. Victims were offered **two years of free credit monitoring (Experian IdentityWorks)** and advised to monitor financial accounts, place fraud alerts, and seek legal recourse. The breach poses risks of **identity theft, financial fraud, and unauthorized account openings**, with law firms investigating potential compensation claims for damages like account monitoring costs, out-of-pocket expenses, and emotional distress.
FHRI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for FHRI
Incidents vs Gambling Facilities and Casinos Industry Average (This Year)
Full House Resorts, Inc has 75.44% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Full House Resorts, Inc has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types FHRI vs Gambling Facilities and Casinos Industry Avg (This Year)
Full House Resorts, Inc reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — FHRI (X = Date, Y = Severity)
FHRI cyber incidents detection timeline including parent company and subsidiaries
FHRI Company Subsidiaries
Full House Resorts, Inc. develops, owns, operates and manages casinos and related hospitality and entertainment facilities in regional U.S. markets. Based in Las Vegas, Full House operates five casino facilities in Mississippi, Colorado, Indiana and Nevada. Each of our gaming properties reflects a unique atmosphere custom-designed for each regional market. Our management team joined Full House in late 2014, and has been focused on making all of our properties fresh, competitive and financially successful. While each of our casinos has a distinctive look and feel, they all have the same goal: to provide our guests with the best experience in entertainment and customer service in an inviting, comfortable atmosphere. We don’t aim to be the biggest—just the place that our guests want to visit again and again. While Full House may be a boutique casino company, our management team has been an integral part of the development and operation of some of the most successful casino resorts in the U.S. Our team also has extensive financial experience, and a record of success in building shareholder value. We believe in financial discipline, and investing in both our assets and our people. Our strategy depends on prudent spending, but cost controls are just part of the story. We evaluate each property and all of its related assets, from our buildings to parking to undeveloped land. Where we see opportunities to maximize profits, we will invest for the longer term, whether it’s in new hotel rooms and suites, better parking facilities, new guest amenities or improved access to our casinos. On behalf of our employees, our investors and our communities, we thank you for your interest and support. We look forward to sharing an exciting future with you.
Loading...
FHRI Similar Companies
Prairie Flower Casino
Located just south of the Omaha airport, Abbott Drive & Avenue H in Carter Lake, IA. Prairie Flower Casino is owned and operated by the Ponca Tribe of Nebraska. We are proud of our Mission: As diverse and caring allies of the Ponca Tribe of Nebraska, the Prairie Flower Casino team continually focus
The Gilpin Casino
Fabulous food, friendly staff and 24-hour gaming excitement – The Gilpin’s Got It! Winning comes easy with our non-stop casino action and the most rewarding Winners Club in Colorado. Our Sudden Strike Jackpots could hit any time, any spin. Join in exciting table game action in the Winners Circle or
Trident Virtual Football Championship
THE VIRTUAL FOOTBALL LEAGUE YOU’VE BEEN WAITING FOR Trident is a championship football competition with full HD graphics. All matches can be followed in real-time on the live results screen, with 8 or 10 events shown simultaneously. The standard configuration package provides 30 different markets b
CORE Gaming Ltd
Part of Flutter Studios, Core Gaming is a leading developer of HTML5 games specifically produced to give the best user experience possible on desktop and all of the most popular mobile devices, operating systems and current browsers. Utilising their vast industry knowledge and expertise in multiple
Gamesys
Gamesys is a Bally’s Corporation company and forms part of one of the world’s leading entertainment providers, with tens of millions of players and thousands of employees across the globe. Take a look at our Gamesys brands & sites - Virgin, Jackpotjoy, Vera&John, Monopoly - they’re some of the be
Fox Cub Games
Fox Cub Games is a profitable startup founded by a group of ex-Zynga employees. We are focusing on bringing mobile entertainment to the masses. Currently, Fox Cub Games is focused on creating mobile free-to-play Slots. Slots Vacation is our main live game, currently ranked #7 for Slots download
.png)
FHRI CyberSecurity News
November 17, 2025 11:20 PM
Full House Resorts Data Breach Lawsuit Investigation
If you were affected by the Full House Resorts, Inc data breach, you may be entitled to compensation.
November 17, 2025 11:15 PM
Full House Resorts Data Breach Affects SSNs
Data breach at Full House Resorts exposed names and SSNs. Check if you're affected and take action.
November 06, 2025 02:10 PM
Full House (Nasdaq: FLL) American Place hits $32.0M record, up 14% in third quarter
Full House Resorts (NASDAQ: FLL) reported third quarter 2025 consolidated revenues of $78.0 million, up from $75.7 million a year earlier.
November 06, 2025 08:00 AM
Full House Resorts Announces Strong Third Quarter Results
American Place Casino Continued Its Strong Growth, With Revenues Increasing 14.0% to a New Property Record in the Third Quarter of 2025...
October 09, 2025 07:00 AM
Full House Resorts Announces Third Quarter Earnings Release Date
Full House Resorts, Inc. LAS VEGAS, Oct. 09, 2025 (GLOBE NEWSWIRE) -- Full House Resorts (NASDAQ: FLL) announced today that it will report...
August 10, 2025 07:00 AM
Full House Resorts, Inc. (NASDAQ:FLL) Just Released Its Second-Quarter Results And Analysts Are Updating Their Estimates
Full House Resorts, Inc. ( NASDAQ:FLL ) just released its latest second-quarter report and things are not looking...
July 09, 2025 07:00 AM
Investing in Full House Resorts (NASDAQ:FLL) five years ago would have delivered you a 222% gain
The worst result, after buying shares in a company (assuming no leverage), would be if you lose all the money you put in.
May 29, 2025 07:00 AM
Full House Resorts, Inc. (NASDAQ:FLL) is largely controlled by institutional shareholders who own 51% of the company
Key Insights Significantly high institutional ownership implies Full House Resorts' stock price is sensitive to their...
February 11, 2025 08:00 AM
Why Full House Resorts Inc (FLL) is Skyrocketing So Far in 2025
We recently published an article titled Why These 15 Travel & Leisure Stocks Are Skyrocketing So Far In 2025. In this article, we are going...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
FHRI CyberSecurity History Information
Official Website of Full House Resorts, Inc
The official website of Full House Resorts, Inc is http://www.fullhouseresorts.com.
Full House Resorts, Inc’s AI-Generated Cybersecurity Score
According to Rankiteo, Full House Resorts, Inc’s AI-generated cybersecurity score is 689, reflecting their Weak security posture.
How many security badges does Full House Resorts, Inc’ have ?
According to Rankiteo, Full House Resorts, Inc currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Full House Resorts, Inc have SOC 2 Type 1 certification ?
According to Rankiteo, Full House Resorts, Inc is not certified under SOC 2 Type 1.
Does Full House Resorts, Inc have SOC 2 Type 2 certification ?
According to Rankiteo, Full House Resorts, Inc does not hold a SOC 2 Type 2 certification.
Does Full House Resorts, Inc comply with GDPR ?
According to Rankiteo, Full House Resorts, Inc is not listed as GDPR compliant.
Does Full House Resorts, Inc have PCI DSS certification ?
According to Rankiteo, Full House Resorts, Inc does not currently maintain PCI DSS compliance.
Does Full House Resorts, Inc comply with HIPAA ?
According to Rankiteo, Full House Resorts, Inc is not compliant with HIPAA regulations.
Does Full House Resorts, Inc have ISO 27001 certification ?
According to Rankiteo,Full House Resorts, Inc is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Full House Resorts, Inc
Full House Resorts, Inc operates primarily in the Gambling Facilities and Casinos industry.
Number of Employees at Full House Resorts, Inc
Full House Resorts, Inc employs approximately 75 people worldwide.
Subsidiaries Owned by Full House Resorts, Inc
Full House Resorts, Inc presently has no subsidiaries across any sectors.
Full House Resorts, Inc’s LinkedIn Followers
Full House Resorts, Inc’s official LinkedIn profile has approximately 976 followers.
NAICS Classification of Full House Resorts, Inc
Full House Resorts, Inc is classified under the NAICS code 7132, which corresponds to Gambling Industries.
Full House Resorts, Inc’s Presence on Crunchbase
Yes, Full House Resorts, Inc has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/full-house-resorts.
Full House Resorts, Inc’s Presence on LinkedIn
Yes, Full House Resorts, Inc maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/full-house-resorts-inc.
Cybersecurity Incidents Involving Full House Resorts, Inc
As of November 28, 2025, Rankiteo reports that Full House Resorts, Inc has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Full House Resorts, Inc has an estimated 896 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Full House Resorts, Inc ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Full House Resorts, Inc detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with likely (credit monitoring offered), and third party assistance with experian (identityworks credit monitoring), and remediation measures with free credit monitoring (experian identityworks) for affected individuals, and communication strategy with public disclosure (nov. 14, 2025); notification to massachusetts attorney general; advisories for affected individuals to enroll in credit monitoring and seek legal help...
Incident Details
Can you provide details on each incident ?
Title: Full House Resorts, Inc. Data Breach (2025)
Description: Full House Resorts, Inc., a publicly traded casino and hospitality company, reported a data breach on November 14, 2025, exposing sensitive personally identifiable information (PII) of current and former employees across multiple properties. The breach included names and Social Security numbers. The company disclosed the incident to the Massachusetts Attorney General's office on the same date. Affected individuals are being offered two years of free Experian IdentityWorks credit monitoring and identity protection services. Legal investigations are underway for potential compensation claims.
Date Publicly Disclosed: 2025-11-14
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach FUL0702807111825
Data Compromised: Name, Social security number
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive employee data; ongoing legal investigations and compensation claims.
Legal Liabilities: Potential lawsuits and compensation claims for affected individuals; investigation by Shamis & Gentile P.A.
Identity Theft Risk: High (due to exposure of Social Security numbers)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach FUL0702807111825
Entity Name: Full House Resorts, Inc.
Entity Type: Publicly Traded Company
Industry: Gambling and Casino (Hospitality & Entertainment)
Location: Las Vegas, Nevada, USA
Customers Affected: Unknown (current and former employees across multiple properties)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach FUL0702807111825
Incident Response Plan Activated: Likely (credit monitoring offered)
Third Party Assistance: Experian (Identityworks Credit Monitoring).
Remediation Measures: Free credit monitoring (Experian IdentityWorks) for affected individuals
Communication Strategy: Public disclosure (Nov. 14, 2025); notification to Massachusetts Attorney General; advisories for affected individuals to enroll in credit monitoring and seek legal help.
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Likely (credit monitoring offered).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian (IdentityWorks credit monitoring), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach FUL0702807111825
Type of Data Compromised: Personally identifiable information (pii)
Sensitivity of Data: High (includes Social Security numbers)
Data Exfiltration: Likely (data exposed, but exfiltration details unspecified)
Personally Identifiable Information: NameSocial Security number
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Free credit monitoring (Experian IdentityWorks) for affected individuals, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach FUL0702807111825
Legal Actions: Investigation by Shamis & Gentile P.A. for potential class action lawsuits; compensation claims for affected individuals.
Regulatory Notifications: Massachusetts Attorney General's office (disclosed on Nov. 14, 2025)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Investigation by Shamis & Gentile P.A. for potential class action lawsuits; compensation claims for affected individuals..
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach FUL0702807111825
Recommendations: Enroll in free Experian IdentityWorks credit monitoring for two years., Monitor financial statements for suspicious activity., Place a fraud alert on credit reports., Request free annual credit reports from major bureaus., Seek legal counsel for potential compensation claims.Enroll in free Experian IdentityWorks credit monitoring for two years., Monitor financial statements for suspicious activity., Place a fraud alert on credit reports., Request free annual credit reports from major bureaus., Seek legal counsel for potential compensation claims.Enroll in free Experian IdentityWorks credit monitoring for two years., Monitor financial statements for suspicious activity., Place a fraud alert on credit reports., Request free annual credit reports from major bureaus., Seek legal counsel for potential compensation claims.Enroll in free Experian IdentityWorks credit monitoring for two years., Monitor financial statements for suspicious activity., Place a fraud alert on credit reports., Request free annual credit reports from major bureaus., Seek legal counsel for potential compensation claims.Enroll in free Experian IdentityWorks credit monitoring for two years., Monitor financial statements for suspicious activity., Place a fraud alert on credit reports., Request free annual credit reports from major bureaus., Seek legal counsel for potential compensation claims.
References
Where can I find more information about each incident ?
Incident : Data Breach FUL0702807111825
Source: Shamis & Gentile P.A. Investigation Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Shamis & Gentile P.A. Investigation Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach FUL0702807111825
Investigation Status: Ongoing (legal investigations by Shamis & Gentile P.A.)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure (Nov. 14 and 2025); notification to Massachusetts Attorney General; advisories for affected individuals to enroll in credit monitoring and seek legal help..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach FUL0702807111825
Stakeholder Advisories: Affected individuals advised to enroll in credit monitoring and seek legal help.
Customer Advisories: Notifications sent to impacted individuals (current/former employees) with instructions for credit monitoring enrollment and legal recourse.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Affected individuals advised to enroll in credit monitoring and seek legal help. and Notifications sent to impacted individuals (current/former employees) with instructions for credit monitoring enrollment and legal recourse..
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian (Identityworks Credit Monitoring), .
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Name, Social Security number and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experian (identityworks credit monitoring), .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Name and Social Security number.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Investigation by Shamis & Gentile P.A. for potential class action lawsuits; compensation claims for affected individuals..
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Seek legal counsel for potential compensation claims., Enroll in free Experian IdentityWorks credit monitoring for two years., Monitor financial statements for suspicious activity., Request free annual credit reports from major bureaus. and Place a fraud alert on credit reports..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Shamis & Gentile P.A. Investigation Notice.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (legal investigations by Shamis & Gentile P.A.).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Affected individuals advised to enroll in credit monitoring and seek legal help., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notifications sent to impacted individuals (current/former employees) with instructions for credit monitoring enrollment and legal recourse.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=full-house-resorts-inc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
