Comparison Overview

Thomas and Brown, LLC

VS

Oktay Feridun & Associates

Thomas and Brown, LLC

None
Last Update: 2025-11-28
View Profile
Between 750 and 799
http://www.thomasandbrownlaw.com

Thomas & Brown, LLC is one of the most respected real estate closing law firms in the north Atlanta area. The firm specializes in all aspects of residential and commercial closings and boasts a client list diversified with some of the most respected real estate agents, lenders, and builders in the area. Lon Thomas and Mark Brown have been in business together for over 25 years. However, they have been friends and teammates for much longer. Although they both hail from the North Atlanta area, the two did not meet until electing to play college football at Furman University in 1984. Subsequent to graduating from Furman, Mark chose to pursue his law degree at the University of Georgia while Lon chose to attend the University of Mississippi. After a brief stint in private practice, each in different law firms, they decided to form the current firm in 1993 and have never looked back. Thomas & Brown, LLC has represented commercial banks and lending institutions on a national, state and local level. We are proud affiliates of the Atlanta, Cobb, 400 North and Cherokee Boards of Realtors, Georgia Real Estate Closing Attorney’s Association and are involved in various community sponsorships and activities. Our firm looks forward to continuing all of the professional relationships we have made over the last 25 years and to developing many new ones in future years.

NAICS: 5411
NAICS Definition: Legal Services
Employees: 27
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Oktay Feridun & Associates

Müftü Raci Efendi Street, Nicosia, 99010, CY
Last Update: 2025-11-24
Between 750 and 799
http://www.oktayferidun.com

Oktay Feridun & Associates is a law firm providing full range of legal services to its clients in North Cyprus and overseas. The firm has developed particular strengths and expertise in advising, setting up and growing businesses, movable and immovable property investors and developers, in areas of corporate commerce, banking, property, civil and criminal litigation of all kind. Our firm operates from our main office in Nicosia (North Cyprus), Turkey, Europe and other countries through a network of associates worldwide.

NAICS: 5411
NAICS Definition: Legal Services
Employees: 10
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/thomas-and-brown-llc.jpeg
Thomas and Brown, LLC
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/oktayferidun.jpeg
Oktay Feridun & Associates
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Thomas and Brown, LLC
100%
Compliance Rate
0/4 Standards Verified
Oktay Feridun & Associates
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Legal Services Industry Average (This Year)

No incidents recorded for Thomas and Brown, LLC in 2025.

Incidents vs Legal Services Industry Average (This Year)

No incidents recorded for Oktay Feridun & Associates in 2025.

Incident History — Thomas and Brown, LLC (X = Date, Y = Severity)

Thomas and Brown, LLC cyber incidents detection timeline including parent company and subsidiaries

Incident History — Oktay Feridun & Associates (X = Date, Y = Severity)

Oktay Feridun & Associates cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/thomas-and-brown-llc.jpeg
Thomas and Brown, LLC
Incidents

No Incident

https://images.rankiteo.com/companyimages/oktayferidun.jpeg
Oktay Feridun & Associates
Incidents

No Incident

FAQ

Oktay Feridun & Associates company demonstrates a stronger AI Cybersecurity Score compared to Thomas and Brown, LLC company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Oktay Feridun & Associates company has disclosed a higher number of cyber incidents compared to Thomas and Brown, LLC company.

In the current year, Oktay Feridun & Associates company and Thomas and Brown, LLC company have not reported any cyber incidents.

Neither Oktay Feridun & Associates company nor Thomas and Brown, LLC company has reported experiencing a ransomware attack publicly.

Neither Oktay Feridun & Associates company nor Thomas and Brown, LLC company has reported experiencing a data breach publicly.

Neither Oktay Feridun & Associates company nor Thomas and Brown, LLC company has reported experiencing targeted cyberattacks publicly.

Neither Thomas and Brown, LLC company nor Oktay Feridun & Associates company has reported experiencing or disclosing vulnerabilities publicly.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Thomas and Brown, LLC company nor Oktay Feridun & Associates company has publicly disclosed detailed information about the number of their subsidiaries.

Thomas and Brown, LLC company employs more people globally than Oktay Feridun & Associates company, reflecting its scale as a Legal Services.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds SOC 2 Type 1 certification.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds SOC 2 Type 2 certification.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds ISO 27001 certification.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds PCI DSS certification.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds HIPAA certification.

Neither Thomas and Brown, LLC nor Oktay Feridun & Associates holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References