KFC
Company Details
Linkedin ID:
kfc
Website:
Employees number:
87,836
Number of followers:
278,684
NAICS:
7225
Industry Type:
Homepage:
kfc.com
IP Addresses:
0
Company ID:
KFC_2603812
Scan Status:
In-progress
KFC Company CyberSecurity Posture
kfc.com
We’re KFC. The iconic, brand making world-famous finger lickin’ good fried chicken since 1952. Our unrivaled people and culture are the true heart and soul of our brand. It’s where our people promise comes to life every day. Where our employees can be their best selves, make a difference, and have fun — serving chicken and delighting customers at more than 28,000 restaurants in 150 countries and territories around the world. There’s room for all people and voices at our table. Pull up a chair. At the center of our restaurant system is the KFC Global division, which serves as our global Restaurant Support Center (RSC) headquartered in Dallas, TX. Here, we support our regional in-market teams, franchise business partners, and nearly one million team members who serve up our delicious fried chicken around the world. We’re redefining what the future of work looks like. Our 15 business units partner to develop strategies, tools, and best practices for success. KFC Global offers a hybrid work environment — trusting our people to work their best way, whether in the office or at home. No matter your role or function, everyone works with teams from across the globe to drive our shared vision — sharing the joy of our best-tasting fried chicken with the world. No matter how or when you connect with us, KFC will be making the best chicken, hands down, for generations to come. In addition to our growing global footprint, as a subsidiary of Yum! Brands (NYSE: YUM), we also get to collaborate on exciting projects with our sister brands, Taco Bell, Pizza Hut, and The Habit Burger Grill. All you have to do is bring it. Bring your individuality to the table. Bring your passion and grit. We’re all about our people. The Originals. Their ideas, stories, and unique contributions make us who we are. And we want you to be part of it.
KFC A.I CyberSecurity Scoring
KFC Risk Score (AI oriented)Between 800 and 849
KFC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
KFC Global Score (TPRM)XXXX
KFC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
KFC Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
Pizza Hut, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that Pizza Hut, Inc. experienced a data breach due to a security intrusion on its website from October 1, 2017 to October 2, 2017. The breach potentially compromised customer information, including names, billing zip codes, delivery addresses, email addresses, and payment card information. Approximately less than one percent of customers may have been affected.
Pizza Hut, LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported on October 16, 2017, that Pizza Hut, LLC experienced unauthorized access compromising customer information from October 1, 2017, to October 2, 2017. Approximately 1,896 Washington residents were affected, with potential exposure of names, billing zip codes, delivery addresses, email addresses, and payment card information. Pizza Hut took immediate action to mitigate the breach and offered free credit monitoring services to impacted customers.
Yum! Brands
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Yum! Approximately 300 restaurants in the UK were closed for one day as a result of a cyberattack that Brands had to endure that required the company to shut down its systems. The exposed information includes names, driver’s license numbers, non-driver Identification Card Number, and other types of personal identifiers. The company investigated the security breach with the help of third-party cybersecurity experts, to identify the scope of the incident. They investigated the incident and also provided complimentary credit monitoring and identity protection services for two years via IDX.
Yum! Brands, Inc.
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported a data breach involving Yum! Brands, Inc. on April 7, 2023. The breach, which occurred on January 13, 2023, involved a ransomware attack and affected 11 residents, with potential exposure of driver's license numbers.
KFC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for KFC
Incidents vs Restaurants Industry Average (This Year)
No incidents recorded for KFC in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for KFC in 2025.
Incident Types KFC vs Restaurants Industry Avg (This Year)
No incidents recorded for KFC in 2025.
Incident History — KFC (X = Date, Y = Severity)
KFC cyber incidents detection timeline including parent company and subsidiaries
KFC Company Subsidiaries
We’re KFC. The iconic, brand making world-famous finger lickin’ good fried chicken since 1952. Our unrivaled people and culture are the true heart and soul of our brand. It’s where our people promise comes to life every day. Where our employees can be their best selves, make a difference, and have fun — serving chicken and delighting customers at more than 28,000 restaurants in 150 countries and territories around the world. There’s room for all people and voices at our table. Pull up a chair. At the center of our restaurant system is the KFC Global division, which serves as our global Restaurant Support Center (RSC) headquartered in Dallas, TX. Here, we support our regional in-market teams, franchise business partners, and nearly one million team members who serve up our delicious fried chicken around the world. We’re redefining what the future of work looks like. Our 15 business units partner to develop strategies, tools, and best practices for success. KFC Global offers a hybrid work environment — trusting our people to work their best way, whether in the office or at home. No matter your role or function, everyone works with teams from across the globe to drive our shared vision — sharing the joy of our best-tasting fried chicken with the world. No matter how or when you connect with us, KFC will be making the best chicken, hands down, for generations to come. In addition to our growing global footprint, as a subsidiary of Yum! Brands (NYSE: YUM), we also get to collaborate on exciting projects with our sister brands, Taco Bell, Pizza Hut, and The Habit Burger Grill. All you have to do is bring it. Bring your individuality to the table. Bring your passion and grit. We’re all about our people. The Originals. Their ideas, stories, and unique contributions make us who we are. And we want you to be part of it.
Loading...
KFC Similar Companies
With 58,000 employees and more than 700 restaurants in the United States and Canada, and a growing international presence, Red Lobster is the world’s largest seafood restaurant company. Our vision is to be where the world goes for seafood now and for generations. Red Lobster is an innovative, v
Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically-cooked, real food with wholesome ingredients without artificial colors, flavors or preservatives. Chipotle has over 3,250 restaurants in the United States, Canada, the United Kingdom, F
Olive Garden
Founded in 1982, Olive Garden is owned by Darden Restaurants, Inc. (NYSE:DRI), the world's largest company-owned and operated full-service restaurant company. With more than 800 restaurants, more than 92,000 employees and more than $3.5 billion in annual sales, Olive Garden is the leading restaurant
TGI Fridays
In 1965, TGI Fridays opened its first location in New York City. Today, there are 890 restaurants in 60 countries offering high quality, authentic American food and legendary drinks, bringing together all people from all places. The freeing and liberating spirit of "Friday" combined with our belief
Bloomin' Brands, Inc.
Since the first Outback Steakhouse opened, our family of brands has expanded to include Carrabba's Italian Grill, Bonefish Grill, and Fleming's Prime Steakhouse & Wine Bar. Together, these unique, Founder-inspired restaurants make up Bloomin' Brands, Inc. Today, we are one of the world's largest cas
Five Guys Enterprises
History: *1986: The first Five Guys location opens in Arlington, VA. *1986 - 2001: Five Guys opens five locations around the DC metro-area and perfected their business of making burgers… and starts to build a cult-like following. * 2002: Five Guys decides DC metro-area residents shouldn't be the
Taco Bell was born and raised in California and has been around since 1962. We went from selling everyone’s favorite Crunchy Tacos on the West Coast to a global brand with 8,200+ restaurants, 350 franchise organizations, that serve 42+ million fans each week around the globe. We’re not only the larg
THE SANDWICH OF SANDWICHES℠ At Jimmy John's, we don't make sandwiches. We make The Sandwich of Sandwiches℠. We use fresh vegetables because we don't hate salads, we just feel bad for them. We hand-slice our provolone cheese and meats in-house every day, because packaged pre-sliced meats doesn't ha
ZAMP
Somos um grande ecossistema de restaurantes que reúne marcas internacionais como Burger King®, Popeyes®, Starbucks® e Subway®. E, por trás de cada receita de sucesso, estão os Zampers: gente que faz acontecer, que joga junto e que deixa sua marca todos os dias. Aqui, a gente acredita que o verdad
.png)
KFC CyberSecurity News
October 10, 2025 07:00 AM
KFC Venezuela Suffers Alleged Data Breach Exposing 1 Million Customer Records
A threat actor is claiming responsibility for a data breach at KFC's Venezuela operations, offering for sale a database containing personal...
October 09, 2025 07:00 AM
KFC Venezuela Alleged Data Breach - 1 Million Customer Records Exposed
A threat actor has allegedly breached KFC Venezuela, offering a database containing the personal and order information of over one million...
October 03, 2025 07:00 AM
Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site
A cybercrime collective known as Scattered LAPSUS$ Hunters has launched a new data leak site on the dark web, claiming it holds nearly one...
May 27, 2025 07:00 AM
Bridging the Gap: Integrating Legal and Insurance Considerations into Restaurant Cybersecurity Response
Learn how to effectively integrate legal and insurance considerations into your restaurant's cybersecurity incident response plan.
July 08, 2024 07:00 AM
‘The will of the people’: OzBargain users keep hacking KFC for cheap chicken
OzBargain users keep hacking the KFC app in an attempt to get cheap chicken. Crikey takes you inside their cat-and-mouse game.
July 08, 2024 07:00 AM
Hacker Takes to KFC in Bold Bid to Seize Cheap Chicken, Expose 'Very Bad Cybersecurity'
Latest Videos. A hacker in Australia has come up with a unique method to bag delicious fried chicken from KFC at prices way lower than the...
May 25, 2024 07:00 AM
Anti-Israel boycotts hurting McDonald's, KFC in West Asia and Europe
McDonald's and KFC are facing a challenging operating environment in the West Asia and some parts of Europe weighed by calls to boycott their brands due to...
September 26, 2023 07:00 AM
Pizza Hut Australia’s Data Breach Impacts over 190K Customers
Pizza Hut Australia has sent data breach notifications to 193000 customers after a third party accessed a database containing personal and...
September 25, 2023 07:00 AM
The relationship between security, IT and risk is what guides an organisation to success: Manan Leo Qureshi, Yum! Brands
In an exclusive interaction with us, Manan Leo Qureshi, APAC Regional Security Leader at Yum Brands for KFC & PizzaHut, sheds light on the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
KFC CyberSecurity History Information
Official Website of KFC
The official website of KFC is https://global.kfc.com/.
KFC’s AI-Generated Cybersecurity Score
According to Rankiteo, KFC’s AI-generated cybersecurity score is 806, reflecting their Good security posture.
How many security badges does KFC’ have ?
According to Rankiteo, KFC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does KFC have SOC 2 Type 1 certification ?
According to Rankiteo, KFC is not certified under SOC 2 Type 1.
Does KFC have SOC 2 Type 2 certification ?
According to Rankiteo, KFC does not hold a SOC 2 Type 2 certification.
Does KFC comply with GDPR ?
According to Rankiteo, KFC is not listed as GDPR compliant.
Does KFC have PCI DSS certification ?
According to Rankiteo, KFC does not currently maintain PCI DSS compliance.
Does KFC comply with HIPAA ?
According to Rankiteo, KFC is not compliant with HIPAA regulations.
Does KFC have ISO 27001 certification ?
According to Rankiteo,KFC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of KFC
KFC operates primarily in the Restaurants industry.
Number of Employees at KFC
KFC employs approximately 87,836 people worldwide.
Subsidiaries Owned by KFC
KFC presently has no subsidiaries across any sectors.
KFC’s LinkedIn Followers
KFC’s official LinkedIn profile has approximately 278,684 followers.
NAICS Classification of KFC
KFC is classified under the NAICS code 7225, which corresponds to Restaurants and Other Eating Places.
KFC’s Presence on Crunchbase
No, KFC does not have a profile on Crunchbase.
KFC’s Presence on LinkedIn
Yes, KFC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/kfc.
Cybersecurity Incidents Involving KFC
As of November 27, 2025, Rankiteo reports that KFC has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
KFC has an estimated 4,808 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at KFC ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
How does KFC detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with third-party cybersecurity experts, and remediation measures with complimentary credit monitoring and identity protection services for two years via idx, and containment measures with immediate action to mitigate the breach, and communication strategy with offered free credit monitoring services to impacted customers..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on Yum! Brands
Description: Approximately 300 restaurants in the UK were closed for one day as a result of a cyberattack that Yum! Brands had to endure, requiring the company to shut down its systems.
Type: Cyberattack
Title: Yum! Brands, Inc. Data Breach
Description: The Maine Office of the Attorney General reported a data breach involving Yum! Brands, Inc. on April 7, 2023. The breach, which occurred on January 13, 2023, involved a ransomware attack and affected 11 residents, with potential exposure of driver's license numbers.
Date Detected: 2023-01-13
Date Publicly Disclosed: 2023-04-07
Type: Data Breach
Attack Vector: Ransomware
Title: Pizza Hut Data Breach
Description: Unauthorized access compromising customer information including names, billing zip codes, delivery addresses, email addresses, and payment card information.
Date Detected: 2017-10-16
Date Publicly Disclosed: 2017-10-16
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Pizza Hut Data Breach
Description: The California Office of the Attorney General reported that Pizza Hut, Inc. experienced a data breach due to a security intrusion on its website from October 1, 2017 to October 2, 2017. The breach potentially compromised customer information, including names, billing zip codes, delivery addresses, email addresses, and payment card information. Approximately less than one percent of customers may have been affected.
Date Detected: 2017-10-01
Type: Data Breach
Attack Vector: Website Intrusion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack YUM33429523
Data Compromised: Names, Driver’s license numbers, Non-driver identification card number, Other types of personal identifiers
Downtime: One day
Operational Impact: 300 restaurants closed
Identity Theft Risk: High
Incident : Data Breach YUM407072625
Data Compromised: Driver's license numbers
Incident : Data Breach PIZ857072725
Data Compromised: Names, Billing zip codes, Delivery addresses, Email addresses, Payment card information
Incident : Data Breach PIZ031080525
Data Compromised: Names, Billing zip codes, Delivery addresses, Email addresses, Payment card information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Driver’S License Numbers, Non-Driver Identification Card Number, Other Types Of Personal Identifiers, , Driver'S License Numbers, , Names, Billing Zip Codes, Delivery Addresses, Email Addresses, Payment Card Information, , Names, Billing Zip Codes, Delivery Addresses, Email Addresses, Payment Card Information and .
Which entities were affected by each incident ?
Incident : Cyberattack YUM33429523
Entity Name: Yum! Brands
Entity Type: Company
Industry: Food and Beverage
Location: UK
Incident : Data Breach YUM407072625
Entity Name: Yum! Brands, Inc.
Entity Type: Corporation
Industry: Food and Beverage
Customers Affected: 11
Incident : Data Breach PIZ857072725
Entity Name: Pizza Hut, LLC
Entity Type: Company
Industry: Food and Beverage
Location: Washington State
Customers Affected: 1896
Incident : Data Breach PIZ031080525
Entity Name: Pizza Hut, Inc.
Entity Type: Corporation
Industry: Food and Beverage
Customers Affected: less than one percent
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack YUM33429523
Third Party Assistance: Third-party cybersecurity experts
Remediation Measures: Complimentary credit monitoring and identity protection services for two years via IDX
Incident : Data Breach PIZ857072725
Containment Measures: Immediate action to mitigate the breach
Communication Strategy: Offered free credit monitoring services to impacted customers
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Third-party cybersecurity experts.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyberattack YUM33429523
Type of Data Compromised: Names, Driver’s license numbers, Non-driver identification card number, Other types of personal identifiers
Sensitivity of Data: High
Incident : Data Breach YUM407072625
Type of Data Compromised: Driver's license numbers
Number of Records Exposed: 11
Personally Identifiable Information: Driver's license numbers
Incident : Data Breach PIZ857072725
Type of Data Compromised: Names, Billing zip codes, Delivery addresses, Email addresses, Payment card information
Number of Records Exposed: 1896
Personally Identifiable Information: namesbilling zip codesdelivery addressesemail addresses
Incident : Data Breach PIZ031080525
Type of Data Compromised: Names, Billing zip codes, Delivery addresses, Email addresses, Payment card information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Complimentary credit monitoring and identity protection services for two years via IDX.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by immediate action to mitigate the breach.
References
Where can I find more information about each incident ?
Incident : Data Breach YUM407072625
Source: Maine Office of the Attorney General
Date Accessed: 2023-04-07
Incident : Data Breach PIZ857072725
Source: Washington State Office of the Attorney General
Date Accessed: 2017-10-16
Incident : Data Breach PIZ031080525
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-04-07, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2017-10-16, and Source: California Office of the Attorney General.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyberattack YUM33429523
Investigation Status: Investigation completed
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Offered free credit monitoring services to impacted customers.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Third-party cybersecurity experts.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-01-13.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-10-16.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, driver’s license numbers, non-driver Identification Card Number, other types of personal identifiers, , Driver's license numbers, , names, billing zip codes, delivery addresses, email addresses, payment card information, , names, billing zip codes, delivery addresses, email addresses, payment card information and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Third-party cybersecurity experts.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Immediate action to mitigate the breach.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were billing zip codes, driver’s license numbers, delivery addresses, email addresses, Driver's license numbers, non-driver Identification Card Number, payment card information, names and other types of personal identifiers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 206.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General, California Office of the Attorney General and Washington State Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigation completed.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=kfc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
