Hackers accelerate their efforts to take advantage of a trio of Servicenow vulnerable points to enter non -contracting corporate cases, security investigators warned this week.
Starting the threat of Greynoise information said to a blog On Tuesday that he had noticed a “remarkable resuscitation of the activity in-Wild” targeting the three Servicenow vulnerabilities, monitored as CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217.
Vulnerable spots were first disclosed by Researchers at Assetnote In May 2024 and was repaired by Servicenow months later in July 2024.
Greynoise said that all three defects have seen a resurgence in targeted exploitation efforts last week. It is not known exactly who is behind this last targeting wave, but Greynoise said that 70% of the malicious activity observed last week targeted Israel -based systems, with an activity observed in Germany, Japan and Lithuania.
As mentioned first by Assetnote last year, Greynoise also confirms that vulnerabilities can be chained together for “full database access” of the affected Servicenow cases. Organizations often use the Servicenow platform to accommodate sensitive data on their employees, including their personal information and human resources -related information.
Servicenow spokesman Erica Faltous told TechCrunch that the company first learned the vulnerabilities “about a year ago” and “to date, we have not noticed any impact on the customer from an attack campaign”.
After AssetNote’s reveal for defects last year, Warned US security company That external actors have tried to take advantage of the three vulnerabilities of Servicenow to target both private sector companies and government services around the world.
Resecurity said it saw targeted efforts in an energy company, a data centers organization, a Middle East government and a software developer.
Cybersecurity Imperva released another report In July 2024 warning that he had also observed exploitation efforts in 6,000 locations in various industries, with a focus on financial services.
