July 26, 2024 at 08:27AM
Threat actors exploiting critical vulnerabilities in ServiceNow, including input validation flaws and a file read security defect, targeting vulnerable instances for reconnaissance. Approximately 300,000 instances susceptible to probing, with threat actors attempting to extract data from private sector and government agencies worldwide. ServiceNow urged customers to apply patches and hotfixes to avoid unauthorized access and remote code execution.
Key takeaways from the meeting notes:
– Threat actors have been observed exploiting critical vulnerabilities in the ServiceNow platform shortly after they were publicly disclosed.
– ServiceNow announced patches for the security defects and urged customers to apply them as soon as possible.
– The vulnerabilities could be exploited for remote code execution and unauthorized access to sensitive files.
– Approximately 300,000 internet-accessible ServiceNow instances are susceptible to probing by threat actors.
– Multiple threat actors have been observed scanning for vulnerable instances and targeting organizations in various industries.
– Some organizations targeted were not aware of the released patch or used outdated instances.
– ServiceNow instances are expected to be increasingly targeted in attacks, with threat actors seeking to monetize access to compromised enterprise portals and applications.