July 25, 2024 at 05:01PM
Threat actors are exploiting ServiceNow flaws to breach government agencies, data centers, energy providers, and software firms in data theft attacks. Over 300,000 internet-exposed instances make it a popular target. Resecurity reports tens of thousands of systems remain vulnerable despite security updates released on July 10, 2024, urging users to apply the patches immediately.
Key takeaways from the meeting notes regarding the ServiceNow security vulnerabilities are as follows:
1. Threat actors have been exploiting ServiceNow flaws using publicly available exploits to breach government agencies and private firms for data theft attacks, with multiple victims identified, including government agencies, data centers, energy providers, and software development firms.
2. Despite security updates for the flaws being released on July 10, 2024, tens of thousands of systems may still be vulnerable to attacks.
3. The specific exploitation details include the identification of multiple vulnerabilities, such as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, which can be chained to achieve full database access. GitHub has been flooded with working exploits based on these vulnerabilities, leading to ongoing exploitation by threat actors.
4. The exploitation observed involves payload injection and database content checks, resulting in the dumping of user lists and account credentials. Some breached instances have exposed plaintext credentials.
5. Resecurity has noted increased interest in the ServiceNow flaws in underground forums, especially from users seeking access to IT service desks and corporate portals, indicating a high interest from the cybercrime community.
6. ServiceNow has released fixes for all three vulnerabilities, and users are recommended to ensure that they have applied the patches on all instances or do so as soon as possible if they haven’t.
These takeaways highlight the severity of the situation and the urgent need for organizations to address these vulnerabilities to prevent potential data breaches.