NHS
Company Details
Linkedin ID:
nhs
Website:
Employees number:
238,427
Number of followers:
669,093
NAICS:
62
Industry Type:
Homepage:
www.nhs.uk
IP Addresses:
0
Company ID:
NHS_2552503
Scan Status:
In-progress
NHS Company CyberSecurity Posture
www.nhs.uk
The NHS was launched in 1948. It was born out of a long-held ideal that good healthcare should be available to all, regardless of wealth – one of the NHS's core principles. With the exception of some charges, such as prescriptions, optical services and dental services, the NHS in England remains free at the point of use for all UK residents. This currently stands at more than 64.6 million people in the UK and 54.3 million people in England alone. The NHS in England deals with over 1 million patients every 36 hours. It covers everything, including antenatal screening, routine screenings (such as the NHS Health Check), treatments for long-term conditions, transplants, emergency treatment and end-of-life care. Responsibility for healthcare in Northern Ireland, Scotland and Wales is devolved to the Northern Ireland Assembly, the Scottish Government and the Welsh Assembly Government respectively. The NHS employs more than 1.5 million people, putting it in the top five of the world’s largest workforces, together with the US Department of Defence, McDonalds, Walmart and the Chinese People’s Liberation Army. The NHS in England is the biggest part of the system by far, catering to a population of 54.3 million and employing around 1.2 million people. Of those, the clinically qualified staff include 150,273 doctors, 40,584 general practitioners (GPs), 314,966 nurses and health visitors, 18,862 ambulance staff, and 111,127 hospital and community health service (HCHS) medical and dental staff. The NHS in Scotland, Wales and Northern Ireland employs 161,415; 84,000 and 66,000 people respectively.
NHS A.I CyberSecurity Scoring
NHS Risk Score (AI oriented)Between 750 and 799
NHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NHS Global Score (TPRM)XXXX
NHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NHS Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
NHS
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Islamist hackers associated with Isis launched a cyberattack on a number of NHS websites, revealing major security weaknesses. Patient data was allegedly vulnerable to the attacks.
NHS
Data Leak
Rankiteo Explanation
Attack without any consequences
Description: The NHS is blaming a coding error for 150,000 patients in England being involved in a data breach. There was a problem with the software used by GPs to record objections to the same data being used for research and auditing purposes. There is not any risk to patient care as a result of this error.
NHS
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Patient information was taken from an NHS appointment booking system by a computer whiz with connections to the international hacking group Anonymous. The criminal exploited a private contractor's security to gain access to a database that contained private information on up to 1.2 million people. Attack limited to names, dates of birth, phone numbers and, in some cases, email addresses. For the management of a website where patients can schedule appointments with a doctor, hospital, or clinic, eight NHS trusts have paid SwiftQueue. They also manage terminals that patients can use to check in when they arrive in the waiting areas.
NHS
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: NHS trusts lost almost 10,000 patient records last year. The massive number of unavailable or lost documents also includes “many incidents” where the files were eventually located. Rather than ensconce patient data on encrypted platforms, the NHS often opts to use cheaper and more vulnerable means of recording , 94% of NHS Trusts still use handwritten notes for patient record keeping.
NHS
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: NHS trusts are violating their promises to never share private information with Facebook on patients' medical conditions, appointments, and treatments. Investigations have found a hidden monitoring feature in 20 NHS trusts' websites that has been sharing users' browsing data with the internet giant for years in a serious privacy violation. Pages viewed, buttons clicked, and keyword searches are all described in depth in the data. It is compared to the user's IP address, which is an identifier associated with an individual or household, and in many cases, Facebook account information. NHS websites have transferred records of information to the company that include information that, when linked to an individual, could reveal personal medical information.
NHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for NHS in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for NHS in 2025.
Incident Types NHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for NHS in 2025.
Incident History — NHS (X = Date, Y = Severity)
NHS cyber incidents detection timeline including parent company and subsidiaries
NHS Company Subsidiaries
The NHS was launched in 1948. It was born out of a long-held ideal that good healthcare should be available to all, regardless of wealth – one of the NHS's core principles. With the exception of some charges, such as prescriptions, optical services and dental services, the NHS in England remains free at the point of use for all UK residents. This currently stands at more than 64.6 million people in the UK and 54.3 million people in England alone. The NHS in England deals with over 1 million patients every 36 hours. It covers everything, including antenatal screening, routine screenings (such as the NHS Health Check), treatments for long-term conditions, transplants, emergency treatment and end-of-life care. Responsibility for healthcare in Northern Ireland, Scotland and Wales is devolved to the Northern Ireland Assembly, the Scottish Government and the Welsh Assembly Government respectively. The NHS employs more than 1.5 million people, putting it in the top five of the world’s largest workforces, together with the US Department of Defence, McDonalds, Walmart and the Chinese People’s Liberation Army. The NHS in England is the biggest part of the system by far, catering to a population of 54.3 million and employing around 1.2 million people. Of those, the clinically qualified staff include 150,273 doctors, 40,584 general practitioners (GPs), 314,966 nurses and health visitors, 18,862 ambulance staff, and 111,127 hospital and community health service (HCHS) medical and dental staff. The NHS in Scotland, Wales and Northern Ireland employs 161,415; 84,000 and 66,000 people respectively.
Loading...
NHS Similar Companies
Fresenius Medical Care is the world’s leading provider of products and services for individuals with renal diseases. We aim to create a future worth living for chronically and critically ill patients – worldwide and every day. Thanks to our decades of experience in dialysis, our innovative research
NYU Langone Health is a fully integrated health system that consistently achieves the best patient outcomes through a rigorous focus on quality that has resulted in some of the lowest mortality rates in the nation. Vizient Inc. has ranked NYU Langone the No. 1 comprehensive academic medical center i
Advocate Aurora Health
Advocate Aurora Health and Atrium Health are now Advocate Health – the fifth-largest nonprofit integrated health system in the U.S. Advocate Health is the fifth-largest nonprofit integrated health system in the United States –created from the combination of Advocate Aurora Health and Atrium Health
Mount Sinai Health System
The Mount Sinai Health System is an integrated health system committed to providing distinguished care, conducting transformative research, and advancing biomedical education. Structured around seven hospital campuses and a single medical school, the Health System has an extensive ambulatory netwo
Penn Medicine, University of Pennsylvania Health System
Penn Medicine’s mission is to advance knowledge and improve health through research, patient care, and the education of trainees in an inclusive culture that embraces diversity, fosters innovation, stimulates critical thinking, supports lifelong learning, and sustains our legacy of excellence. Penn
Dr. Sulaiman Al Habib Medical Group
Leading Private Healthcare Provider in the Middle East With a vision to be the most trusted healthcare provider in medical excellence and patient experience globally, Dr. Sulaiman Al-Habib Medical Group (HMG) has become the largest provider of comprehensive healthcare services in the Middle East. A
A Dasa é a maior rede de saúde integrada do Brasil. Faz parte da vida de mais de 20 milhões de pessoas por ano, com alta tecnologia, experiência intuitiva e atitude à frente do tempo. Com mais de 50 mil colaboradores e 250 mil médicos parceiros, existe para ser a saúde que as pessoas desejam e que
Every day millions of people feel the impact of our intelligent devices, advanced analytics and artificial intelligence. As a leading global medical technology and digital solutions innovator, GE HealthCare enables clinicians to make faster, more informed decisions through intelligent devices, data
Baylor Scott & White Health
With us by your side, there's no stopping you. It's why we're creating a new kind of healthcare at Baylor Scott & White. And we're just getting started. As the largest not-for-profit health system in the state of Texas, Baylor Scott & White promotes the health and well-being of every individual, fa
.png)
NHS CyberSecurity News
November 18, 2025 05:00 AM
The cyber threat to water, energy and the NHS – and the £15bn cost to businesses
Cyber attacks which threaten our access to water, energy and the NHS are costing the UK economy nearly £15bn a year.
November 17, 2025 06:47 AM
Clop Claims It Breached The NHS, But Offers No Proof And Even Less Detail
Notorious ransomware gang Clop is back with another bold claim, this time insisting it hacked “the NHS,” The Register reports.
November 14, 2025 09:25 PM
Cl0p claims ransomware hit on NHS
Ransomware gangsters claim to have attacked the NHS but clarity on the nature of the incident is yet to emerge.
November 14, 2025 09:30 AM
NHS confirms investigation into Clop cyberattack claim
The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop. The cybercriminal gang, which in...
November 13, 2025 09:04 PM
UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days
Ransomware gang Clop has claimed the United Kingdom's National Health Service among its latest victims. The NHS confirmed that it is listed...
November 13, 2025 01:49 PM
NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim
The notorious Cl0p ransomware group has claimed responsibility for breaching the UK's National Health Service (NHS),...
November 13, 2025 12:54 PM
NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims
The UK's national healthcare system is working with the country's National Cyber Security Centre to investigate the incident.
November 13, 2025 12:27 PM
UK Cyber Defense Laws Aim to Bolster NHS and Energy Infrastructure
It needs to defend its digital backbone against attacks now costing the nation nearly £15 billion annually.
November 13, 2025 11:13 AM
NHS supplier ends probe into ransomware attack that contributed to patient death
Synnovis has finally wrapped up its investigation into the 2024 ransomware attack that crippled pathology services across London,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NHS CyberSecurity History Information
Official Website of NHS
The official website of NHS is http://www.nhs.uk/.
NHS’s AI-Generated Cybersecurity Score
According to Rankiteo, NHS’s AI-generated cybersecurity score is 771, reflecting their Fair security posture.
How many security badges does NHS’ have ?
According to Rankiteo, NHS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NHS have SOC 2 Type 1 certification ?
According to Rankiteo, NHS is not certified under SOC 2 Type 1.
Does NHS have SOC 2 Type 2 certification ?
According to Rankiteo, NHS does not hold a SOC 2 Type 2 certification.
Does NHS comply with GDPR ?
According to Rankiteo, NHS is not listed as GDPR compliant.
Does NHS have PCI DSS certification ?
According to Rankiteo, NHS does not currently maintain PCI DSS compliance.
Does NHS comply with HIPAA ?
According to Rankiteo, NHS is not compliant with HIPAA regulations.
Does NHS have ISO 27001 certification ?
According to Rankiteo,NHS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NHS
NHS operates primarily in the Hospitals and Health Care industry.
Number of Employees at NHS
NHS employs approximately 238,427 people worldwide.
Subsidiaries Owned by NHS
NHS presently has no subsidiaries across any sectors.
NHS’s LinkedIn Followers
NHS’s official LinkedIn profile has approximately 669,093 followers.
NAICS Classification of NHS
NHS is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
NHS’s Presence on Crunchbase
No, NHS does not have a profile on Crunchbase.
NHS’s Presence on LinkedIn
Yes, NHS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nhs.
Cybersecurity Incidents Involving NHS
As of November 27, 2025, Rankiteo reports that NHS has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
NHS has an estimated 29,991 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NHS ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Isis-Linked Cyberattack on NHS Websites
Description: Islamist hackers associated with Isis launched a cyberattack on a number of NHS websites, revealing major security weaknesses. Patient data was allegedly vulnerable to the attacks.
Type: Cyberattack
Vulnerability Exploited: Security weaknesses in NHS websites
Threat Actor: Islamist hackers associated with Isis
Title: NHS Trusts Data Loss Incident
Description: NHS trusts lost almost 10,000 patient records last year. The massive number of unavailable or lost documents also includes “many incidents” where the files were eventually located. Rather than ensconce patient data on encrypted platforms, the NHS often opts to use cheaper and more vulnerable means of recording, 94% of NHS Trusts still use handwritten notes for patient record keeping.
Type: Data Loss
Title: NHS Appointment Booking System Data Breach
Description: Patient information was taken from an NHS appointment booking system by a computer whiz with connections to the international hacking group Anonymous. The criminal exploited a private contractor's security to gain access to a database that contained private information on up to 1.2 million people.
Type: Data Breach
Attack Vector: Exploiting private contractor's security
Threat Actor: Individual with connections to Anonymous
Title: NHS Data Breach Due to Coding Error
Description: A coding error in the software used by GPs to record objections to data being used for research and auditing purposes resulted in a data breach affecting 150,000 patients in England.
Type: Data Breach
Attack Vector: Software Coding Error
Vulnerability Exploited: Coding Error
Title: NHS Trusts Data Sharing with Facebook
Description: NHS trusts are violating their promises to never share private information with Facebook on patients' medical conditions, appointments, and treatments. Investigations have found a hidden monitoring feature in 20 NHS trusts' websites that has been sharing users' browsing data with the internet giant for years in a serious privacy violation. Pages viewed, buttons clicked, and keyword searches are all described in depth in the data. It is compared to the user's IP address, which is an identifier associated with an individual or household, and in many cases, Facebook account information. NHS websites have transferred records of information to the company that include information that, when linked to an individual, could reveal personal medical information.
Type: Data Breach
Attack Vector: Hidden Monitoring Feature
Vulnerability Exploited: Data Sharing with Third-Party
Threat Actor: Facebook
Motivation: Data Collection
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Loss NHS05671122
Data Compromised: Patient records
Incident : Data Breach NHS173971122
Data Compromised: Names, Dates of birth, Phone numbers, Email addresses
Systems Affected: Appointment booking system
Incident : Data Breach NHS2119101122
Data Compromised: Patient Data
Incident : Data Breach NHS153625623
Data Compromised: Pages viewed, Buttons clicked, Keyword searches, Ip addresses, Facebook account information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Data, , Patient records, Names, Dates Of Birth, Phone Numbers, Email Addresses, , Patient Data, Pages Viewed, Buttons Clicked, Keyword Searches, Ip Addresses, Facebook Account Information and .
Which entities were affected by each incident ?
Incident : Data Loss NHS05671122
Entity Name: NHS Trusts
Entity Type: Healthcare
Industry: Healthcare
Location: United Kingdom
Incident : Data Breach NHS173971122
Entity Name: SwiftQueue
Entity Type: Private Contractor
Industry: Healthcare
Customers Affected: 1.2 million
Incident : Data Breach NHS2119101122
Entity Name: NHS
Entity Type: Healthcare Provider
Industry: Healthcare
Location: England
Customers Affected: 150,000 patients
Incident : Data Breach NHS153625623
Entity Name: NHS Trusts
Entity Type: Healthcare
Industry: Healthcare
Location: United Kingdom
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyberattack NHS0268722
Type of Data Compromised: Patient data
Incident : Data Loss NHS05671122
Type of Data Compromised: Patient records
Number of Records Exposed: 10,000
Incident : Data Breach NHS173971122
Type of Data Compromised: Names, Dates of birth, Phone numbers, Email addresses
Number of Records Exposed: 1.2 million
Sensitivity of Data: Personal Information
Incident : Data Breach NHS2119101122
Type of Data Compromised: Patient Data
Number of Records Exposed: 150,000
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach NHS153625623
Type of Data Compromised: Pages viewed, Buttons clicked, Keyword searches, Ip addresses, Facebook account information
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Loss NHS05671122
Lessons Learned: The NHS should consider using more secure and encrypted platforms for patient record keeping rather than handwritten notes.
What recommendations were made to prevent future incidents ?
Incident : Data Loss NHS05671122
Recommendations: Implement encrypted platforms for patient record keeping to prevent data loss.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The NHS should consider using more secure and encrypted platforms for patient record keeping rather than handwritten notes.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement encrypted platforms for patient record keeping to prevent data loss..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Loss NHS05671122
Root Causes: Use of handwritten notes for patient record keeping
Corrective Actions: Transition to encrypted digital platforms for record keeping
Incident : Data Breach NHS2119101122
Root Causes: Coding Error
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Transition to encrypted digital platforms for record keeping.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Islamist hackers associated with Isis, Individual with connections to Anonymous and Facebook.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Patient data, , Patient records, names, dates of birth, phone numbers, email addresses, , Patient Data, Pages viewed, Buttons clicked, Keyword searches, IP addresses, Facebook account information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was NHS websites and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Patient records, dates of birth, Patient Data, IP addresses, email addresses, names, phone numbers, Facebook account information, Patient data, Buttons clicked, Pages viewed and Keyword searches.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The NHS should consider using more secure and encrypted platforms for patient record keeping rather than handwritten notes.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement encrypted platforms for patient record keeping to prevent data loss..
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Use of handwritten notes for patient record keeping, Coding Error.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Transition to encrypted digital platforms for record keeping.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nhs' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
