Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week. Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of in-the-wild activity” targeting the three ServiceNow vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. The vulnerabilities were first disclosed by researchers at Assetnote in May 2024 and patched by ServiceNow months later in July 2024. GreyNoise said that all three flaws have seen a resurgence in targeted exploitation attempts in the past week. It’s not known exactly who is behind this latest wave of targeting, but GreyNoise said that 70% of the malicious activity it observed in the past week targeted systems based in Israel, with activity also seen in Germany, Japan, and Lithuania. As first noted by Assetnote last year, GreyNoise also confirms that the vulnerabilitie ... Read full article.