Hackers target ServiceNow vulnerabilities, especially in Israel

Hackers are increasing their attacks by using security weaknesses in ServiceNow software. These vulnerabilities are about a year old. Researchers at GreyNoise reported this uptick in attack activity recently. They identified three specific vulnerabilities, known as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. These were first made public by Assetnote in May 2024 and were fixed by ServiceNow in July 2024. Despite the patches, GreyNoise noticed a significant rise in attacks targeting these flaws just this past week. Much of the recent activity has been directed at organizations in Israel. However, there have also been attacks reported in Germany, Japan, and Lithuania. GreyNoise confirmed that the vulnerabilities could be combined to gain full access to databases associated with affected ServiceNow instances. ServiceNow uses its platform to manage sensitive employee data, making it a prime target for cyber attackers. A spokesperson for the company stated they have not seen any negative impact on customers from these attacks yet. Previous warnings from U.S. security firm Resecurity noted attempts to exploit these vulnerabilities against both private companies and government agencies worldwide. Imperva, another cybersecurity firm, pointed out that there were exploitation attempts across 6,000 different sites in various sectors, particularly in financial services.