TechCrunch reports that vulnerable ServiceNow IT service-ticket platform instances still impacted by a trio of critical flaws patched in July, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, have been subjected to resurgent intrusions that could facilitate total database compromise.
A ServiceNow spokesperson said that ServiceNow learned of a vulnerability on the Now Platform impacting instances running on the Vancouver and Washington, D.C. family releases on May 14, 2024 and immediately deployed a series of updates to fully address the issue. ServiceNow publicly disclosed via CVEs in July as part of a coordinated effort with AssetNote, the spokesperson said.
The company said that, to date, investigations have not observed any customer impact from any attacks and ServiceNow will continue to monitor the situation to best support customers.
Israel-based systems were most targeted by the attempted exploitation of ServiceNow bugs, but threat actors also sought to compromise instances in Germany, Japan, and Lithuania, according to an analysis from GreyNoise.
Additional details regarding the perpetrator of the latest attack wave remain uncertain. This latest attempt comes months after intrusions leveraging the security issues were launched against numerous organizations worldwide, including an energy entity, a software development firm, a data center organization, and a Middle Eastern government agency, according to Resecurity.
