NFCU
Company Details
Linkedin ID:
navy-federal-credit-union
Website:
Employees number:
23,853
Number of followers:
164,441
NAICS:
52
Industry Type:
Homepage:
navyfederal.org
IP Addresses:
0
Company ID:
NAV_1378981
Scan Status:
In-progress
Navy Federal Credit Union Company CyberSecurity Posture
navyfederal.org
Navy Federal is the world’s largest credit union, with more than 14 million members, $180 billion+ in assets and 24,000+ employees. Throughout campuses in Vienna, VA Pensacola, FL and Winchester, VA, as well as more than 360 branches, we serve the Armed Forces, Department of Defense, Veterans and their families with world-class financial products and services. Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks. Our approach to careers is simple yet powerful: Make our mission your passion. Federally insured by NCUA. Equal opportunity employer. Android™ is a trademark of Google, Inc. iPhone® is a registered trademark of Apple, Inc. iPad® is a registered trademark of Apple, Inc. App Store(SM) is a service mark of Apple, Inc. Message and data rates may apply. FORTUNE and 100 Best Companies to Work For are registered trademarks of Time Inc., and are used under license. FORTUNE and Time Inc., are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union. For more info, visit navyfederal.org. Images used for representational purposes only; do not imply government endorsement. Equal Housing Lender Equal Opportunity Employer, including disability/vets
Navy Federal Credit Union A.I CyberSecurity Scoring
NFCU Risk Score (AI oriented)Between 700 and 749
NFCU
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NFCU Global Score (TPRM)XXXX
NFCU
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NFCU Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Navy Federal Credit Union (NFCU)
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Cybersecurity researcher Jeremiah Fowler discovered an unprotected 378 GB database belonging to **Navy Federal Credit Union (NFCU)**, exposed publicly without encryption or password protection. The breach revealed sensitive internal files, including operational metadata, hashed passwords, system logs, plain-text usernames/emails, and Tableau workbooks containing database connection details, financial formulas, and loan portfolio metrics. While **no direct customer data (e.g., account numbers, SSNs) was exposed in plain text**, the leaked internal details—such as employee credentials, system architectures, and business intelligence—create severe risks. Attackers could exploit this information for **phishing, credential stuffing, or supply-chain attacks**, potentially escalating access to member data or financial systems. The incident underscores systemic vulnerabilities in third-party handling of sensitive data, though NFCU secured the database after discovery. The exposure, while not immediately catastrophic, provides cybercriminals with a **roadmap for deeper intrusions**, threatening long-term operational and member security.
NFCU Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NFCU
Incidents vs Financial Services Industry Average (This Year)
Navy Federal Credit Union has 28.21% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Navy Federal Credit Union has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types NFCU vs Financial Services Industry Avg (This Year)
Navy Federal Credit Union reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — NFCU (X = Date, Y = Severity)
NFCU cyber incidents detection timeline including parent company and subsidiaries
NFCU Company Subsidiaries
Navy Federal is the world’s largest credit union, with more than 14 million members, $180 billion+ in assets and 24,000+ employees. Throughout campuses in Vienna, VA Pensacola, FL and Winchester, VA, as well as more than 360 branches, we serve the Armed Forces, Department of Defense, Veterans and their families with world-class financial products and services. Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks. Our approach to careers is simple yet powerful: Make our mission your passion. Federally insured by NCUA. Equal opportunity employer. Android™ is a trademark of Google, Inc. iPhone® is a registered trademark of Apple, Inc. iPad® is a registered trademark of Apple, Inc. App Store(SM) is a service mark of Apple, Inc. Message and data rates may apply. FORTUNE and 100 Best Companies to Work For are registered trademarks of Time Inc., and are used under license. FORTUNE and Time Inc., are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union. For more info, visit navyfederal.org. Images used for representational purposes only; do not imply government endorsement. Equal Housing Lender Equal Opportunity Employer, including disability/vets
Loading...
NFCU Similar Companies
L&T Finance
L&T Finance is one of the leading NBFCs offering a range of loans across Rural | Housing | Two-Wheeler | Personal & Business (SME) The company is promoted by Larsen and Toubro Ltd. (L&T), one of the largest conglomerates in India. LTF is publicly listed on both the exchanges of India - BSE & NSE an
TIAA
At TIAA, we believe everyone has the right to retire with dignity. For more than 100 years, we’ve provided retirement plans, insurance, and investment services, empowering millions of people— in education, healthcare, and nonprofit —with the knowledge, guidance, and lifetime income needed to plan th
MassMutual
Living mutual has always been at the core of our human existence, and it's the principle that's guided us since our founding in 1851. It's not a concept we invented, but one we champion for the simple reason that people take it for granted today. While the world would have us strive for independenc
Imagine a world where people live healthier, more enhanced and protected lives… A world in which each organisation is a powerful influencer and responsible corporate citizen, committed to being a force for social good. As a leading innovator in healthcare, wellness, insurance, investments, financial
Northwestern Mutual
Northwestern Mutual is here for what’s most important—helping families and businesses experience the freedom of financial security for over 160 years. Through our personalized, holistic approach, including both insurance and investments, we’re helping people make the most of life today, and for days
SBI Card was launched in 1998 with the State Bank of India, India's largest bank, as the majority stakeholder. In March 2020, SBI Card was listed on BSE and NSE. Today, SBI Card is India’s largest pure-play credit card issuer with over 19.5 million cards in force, as of September 2024. Its wide arra
Sahara India Pariwar
Sahara India was founded in 1978 and now has book value of gross assets of more than USD 63 billion. Today, the Sahara Group is a major business conglomerate in India with diversified business interest including financial services, housing finance, mutual funds, life insurance, City development, rea
LPL Financial
LPL Financial Holdings Inc. (Nasdaq: LPLA) is among the fastest growing wealth management firms in the U.S. As a leader in the financial advisor-mediated marketplace, LPL supports over 29,000 financial advisors and the wealth management practices of approximately 1,100 financial institutions, servic
In a world shaped by increasingly interconnected risks, Moody’s helps customers develop a holistic view of these risks to advance their business and act decisively. With a rich history of expertise in global markets and a diverse workforce in more than 40 countries, Moody’s unites the brightest mind
.png)
NFCU CyberSecurity News
November 03, 2025 08:00 AM
Federal employee loan applications surge as shutdown continues
With many federal employees heading toward a possible second missed paycheck at the end of the week — and little promise of an end to the...
November 03, 2025 08:00 AM
Navy Federal Credit Union Certificate (CD) Rates: 2025
Some Navy Federal CDs have competitive rates, but you'll need to meet eligibility requirements to bank with the military-focused credit...
October 20, 2025 07:00 AM
Navy Federal, Truist, Chime among victims of AWS outage
A failure at an Amazon Web Services data center in Virginia caused widespread outages, hitting services at several banks and fintechs.
October 01, 2025 07:00 AM
Best Navy Federal Credit Cards Of 2025: Top Picks
Explore the best Navy Federal Credit Union credit cards tailored to military members and their families. Find cards offering rewards and low...
September 29, 2025 07:00 AM
Navy Federal Credit Union Names John V. Menoni as SVP of Branch Operations
Navy Federal Credit Union today announced Rear Admiral John V. Menoni, USN (Ret.) has been named its next senior vice president of Branch...
September 26, 2025 07:00 AM
Feds bust scammers known as 'Wildboy,' 'Low Ball' and others for targeting military members
Wildboy” and “Jizzle” are in trouble with federal prosecutors after allegedly scamming 500 military members in a bank scheme.
September 24, 2025 07:00 AM
Navy Federal Members Lose Millions In Years-Long Scam; 10 Arrested
NORFOLK, Va. — Hundreds of Navy Federal Credit Union members have been victimized in a long-running scam that cost millions of dollars,...
September 22, 2025 07:00 AM
Military service members targeted in scam, prosecutors believe went on for years
10 suspects arrested for targeting military personnel in a scam costing up to $2M. Navy Federal urges caution with phone security in public...
September 10, 2025 07:00 AM
The Week in Breach News: September 10, 2025
Supply chain attacks hit finance firms, a breach at Jaguar halts production and Kaseya Labs probes new Akira ransomware.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NFCU CyberSecurity History Information
Official Website of Navy Federal Credit Union
The official website of Navy Federal Credit Union is http://www.navyfederal.org.
Navy Federal Credit Union’s AI-Generated Cybersecurity Score
According to Rankiteo, Navy Federal Credit Union’s AI-generated cybersecurity score is 726, reflecting their Moderate security posture.
How many security badges does Navy Federal Credit Union’ have ?
According to Rankiteo, Navy Federal Credit Union currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Navy Federal Credit Union have SOC 2 Type 1 certification ?
According to Rankiteo, Navy Federal Credit Union is not certified under SOC 2 Type 1.
Does Navy Federal Credit Union have SOC 2 Type 2 certification ?
According to Rankiteo, Navy Federal Credit Union does not hold a SOC 2 Type 2 certification.
Does Navy Federal Credit Union comply with GDPR ?
According to Rankiteo, Navy Federal Credit Union is not listed as GDPR compliant.
Does Navy Federal Credit Union have PCI DSS certification ?
According to Rankiteo, Navy Federal Credit Union does not currently maintain PCI DSS compliance.
Does Navy Federal Credit Union comply with HIPAA ?
According to Rankiteo, Navy Federal Credit Union is not compliant with HIPAA regulations.
Does Navy Federal Credit Union have ISO 27001 certification ?
According to Rankiteo,Navy Federal Credit Union is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Navy Federal Credit Union
Navy Federal Credit Union operates primarily in the Financial Services industry.
Number of Employees at Navy Federal Credit Union
Navy Federal Credit Union employs approximately 23,853 people worldwide.
Subsidiaries Owned by Navy Federal Credit Union
Navy Federal Credit Union presently has no subsidiaries across any sectors.
Navy Federal Credit Union’s LinkedIn Followers
Navy Federal Credit Union’s official LinkedIn profile has approximately 164,441 followers.
NAICS Classification of Navy Federal Credit Union
Navy Federal Credit Union is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Navy Federal Credit Union’s Presence on Crunchbase
No, Navy Federal Credit Union does not have a profile on Crunchbase.
Navy Federal Credit Union’s Presence on LinkedIn
Yes, Navy Federal Credit Union maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/navy-federal-credit-union.
Cybersecurity Incidents Involving Navy Federal Credit Union
As of November 27, 2025, Rankiteo reports that Navy Federal Credit Union has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Navy Federal Credit Union has an estimated 29,517 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Navy Federal Credit Union ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Navy Federal Credit Union detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with database secured post-discovery..
Incident Details
Can you provide details on each incident ?
Title: Unprotected Database Exposure at Navy Federal Credit Union (NFCU)
Description: Cybersecurity researcher Jeremiah Fowler discovered an unprotected 378 GB database containing sensitive internal files linked to Navy Federal Credit Union (NFCU). The database was publicly accessible without encryption or password protection, exposing operational metadata, hashed passwords, internal usernames, emails, and business intelligence workbooks. While no customer data was visible in plain text, the exposed internal details could facilitate phishing, credential stuffing, or further intrusions by cybercriminals.
Type: data exposure
Attack Vector: unsecured databaselack of encryptionlack of authentication
Vulnerability Exploited: misconfigured databaseunprotected storage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : data exposure NAV0465604090625
Data Compromised: Operational metadata, Hashed passwords, Storage locations, System logs, Internal usernames, Emails (plain text), Tableau business intelligence workbooks (database connection details, financial performance formulas, loan portfolio metrics)
Operational Impact: potential for targeted phishingcredential stuffingsocial engineering attacksfuture exploitation via operational blueprints
Brand Reputation Impact: potential erosion of trust due to exposure of sensitive internal data
Identity Theft Risk: ['increased risk due to exposed internal usernames, emails, and operational details']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Operational Metadata, Hashed Passwords, Internal Usernames, Emails, Business Intelligence Workbooks, System Logs, Database Connection Details, Financial Performance Formulas, Loan Portfolio Metrics and .
Which entities were affected by each incident ?
Incident : data exposure NAV0465604090625
Entity Name: Navy Federal Credit Union (NFCU)
Entity Type: financial institution
Industry: banking/credit union
Location: United States
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data exposure NAV0465604090625
Containment Measures: database secured post-discovery
Data Breach Information
What type of data was compromised in each breach ?
Incident : data exposure NAV0465604090625
Type of Data Compromised: Operational metadata, Hashed passwords, Internal usernames, Emails, Business intelligence workbooks, System logs, Database connection details, Financial performance formulas, Loan portfolio metrics
Sensitivity of Data: high (internal operational and financial details)
Data Encryption: ['no (database was unencrypted)']
File Types Exposed: .gz.sql.twbx
Personally Identifiable Information: internal usernamesemails
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by database secured post-discovery and .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : data exposure NAV0465604090625
Lessons Learned: The incident underscores the critical importance of securing databases with encryption and authentication, even for internal or operational data. Exposure of non-customer data (e.g., internal usernames, system logs, business intelligence) can still enable targeted attacks like phishing or credential stuffing, posing significant downstream risks to both the organization and its members.
What recommendations were made to prevent future incidents ?
Incident : data exposure NAV0465604090625
Recommendations: Implement robust encryption and access controls for all databases, including those containing operational or internal data., Regularly audit third-party vendors and contractors for security vulnerabilities to mitigate supply chain risks., Monitor for exposed credentials or internal details on the Dark Web to preemptively address potential threats., Educate employees and members on recognizing phishing and social engineering attempts, especially following data exposures., Adopt tools like Bitdefender Digital Identity Protection to proactively detect and respond to identity-related risks.Implement robust encryption and access controls for all databases, including those containing operational or internal data., Regularly audit third-party vendors and contractors for security vulnerabilities to mitigate supply chain risks., Monitor for exposed credentials or internal details on the Dark Web to preemptively address potential threats., Educate employees and members on recognizing phishing and social engineering attempts, especially following data exposures., Adopt tools like Bitdefender Digital Identity Protection to proactively detect and respond to identity-related risks.Implement robust encryption and access controls for all databases, including those containing operational or internal data., Regularly audit third-party vendors and contractors for security vulnerabilities to mitigate supply chain risks., Monitor for exposed credentials or internal details on the Dark Web to preemptively address potential threats., Educate employees and members on recognizing phishing and social engineering attempts, especially following data exposures., Adopt tools like Bitdefender Digital Identity Protection to proactively detect and respond to identity-related risks.Implement robust encryption and access controls for all databases, including those containing operational or internal data., Regularly audit third-party vendors and contractors for security vulnerabilities to mitigate supply chain risks., Monitor for exposed credentials or internal details on the Dark Web to preemptively address potential threats., Educate employees and members on recognizing phishing and social engineering attempts, especially following data exposures., Adopt tools like Bitdefender Digital Identity Protection to proactively detect and respond to identity-related risks.Implement robust encryption and access controls for all databases, including those containing operational or internal data., Regularly audit third-party vendors and contractors for security vulnerabilities to mitigate supply chain risks., Monitor for exposed credentials or internal details on the Dark Web to preemptively address potential threats., Educate employees and members on recognizing phishing and social engineering attempts, especially following data exposures., Adopt tools like Bitdefender Digital Identity Protection to proactively detect and respond to identity-related risks.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The incident underscores the critical importance of securing databases with encryption and authentication, even for internal or operational data. Exposure of non-customer data (e.g., internal usernames, system logs, business intelligence) can still enable targeted attacks like phishing or credential stuffing, posing significant downstream risks to both the organization and its members.
References
Where can I find more information about each incident ?
Incident : data exposure NAV0465604090625
Source: Jeremiah Fowler (Cybersecurity Researcher)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Jeremiah Fowler (Cybersecurity Researcher).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data exposure NAV0465604090625
Investigation Status: Resolved (database secured post-discovery)
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data exposure NAV0465604090625
Customer Advisories: Consumers advised to use identity protection tools (e.g., Bitdefender Digital Identity Protection) and monitor for phishing or credential stuffing attempts.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Consumers Advised To Use Identity Protection Tools (E.G., Bitdefender Digital Identity Protection) And Monitor For Phishing Or Credential Stuffing Attempts. and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : data exposure NAV0465604090625
Root Causes: Unprotected Database Lacking Encryption And Authentication, Potential Third-Party Mishandling Of Sensitive Data,
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were operational metadata, hashed passwords, storage locations, system logs, internal usernames, emails (plain text), Tableau business intelligence workbooks (database connection details, financial performance formulas, loan portfolio metrics) and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was database secured post-discovery.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were internal usernames, system logs, Tableau business intelligence workbooks (database connection details, financial performance formulas, loan portfolio metrics), hashed passwords, emails (plain text), operational metadata and storage locations.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The incident underscores the critical importance of securing databases with encryption and authentication, even for internal or operational data. Exposure of non-customer data (e.g., internal usernames, system logs, business intelligence) can still enable targeted attacks like phishing or credential stuffing, posing significant downstream risks to both the organization and its members.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Adopt tools like Bitdefender Digital Identity Protection to proactively detect and respond to identity-related risks., Educate employees and members on recognizing phishing and social engineering attempts, especially following data exposures., Regularly audit third-party vendors and contractors for security vulnerabilities to mitigate supply chain risks., Monitor for exposed credentials or internal details on the Dark Web to preemptively address potential threats., Implement robust encryption and access controls for all databases and including those containing operational or internal data..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Jeremiah Fowler (Cybersecurity Researcher).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (database secured post-discovery).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Consumers advised to use identity protection tools (e.g. and Bitdefender Digital Identity Protection) and monitor for phishing or credential stuffing attempts.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=navy-federal-credit-union' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
