SUBSCRIBE
Edit Content
Image

Hackers are ramping up assaults utilizing year-old ServiceNow safety bugs to focus on unpatched techniques

TechMar 20, 2025
2
Minute Read
Pinterest
Linkedin
Mail

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week.

Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of in-the-wild activity” targeting the three ServiceNow vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217.

The vulnerabilities were first disclosed by researchers at Assetnote in May 2024 and patched by ServiceNow months later in July 2024. 

GreyNoise said that all three flaws have seen a resurgence in targeted exploitation attempts in the past week. It’s not known exactly who is behind this latest wave of targeting, but GreyNoise said that 70% of the malicious activity it observed in the past week targeted systems based in Israel, with activity also seen in Germany, Japan, and Lithuania. 

As first noted by Assetnote last year, GreyNoise also confirms that the vulnerabilities can be chained together for “full database access” of affected ServiceNow instances. Organizations often use the ServiceNow platform to host sensitive data about their employees, including their personally identifiable information and HR records related to their employment. 

ServiceNow spokesperson Erica Faltous told TechCrunch that the company first learned of the vulnerabilities “nearly a year ago”, and, “to date, we have not observed any customer impact from an attack campaign.”

Following Assetnote’s disclosure of the flaws last year, U.S. security firm Resecurity warned that foreign threat actors had attempted to exploit the three ServiceNow vulnerabilities to target both private sector companies and government agencies around the world. 

Resecurity said it saw targeted attempts at an energy company, a data center organization, a Middle Eastern government agency, and a software developer.

Cybersecurity company Imperva released another report in July 2024 warning that it had also observed exploitation attempts across 6,000 sites across various industries, with a focus on the financial services sector.

SHARE THIS POST

Previous Post
March 20, 2025
What Crypto To Buy as BlackRock Predicts Bitcoin Rally During US Recession
Next Post
March 20, 2025
U.S. existing-home gross sales high estimates, rebound from unhealthy climate

YOU MIGHT ALSO LIKE

One-click checkout firm Bolt confirms one other…
Tech

One-click checkout firm Bolt confirms one other…

Dec 15, 2023
IT budgets ought to enhance in 2024,…
Tech

IT budgets ought to enhance in 2024,…

Dec 17, 2023
Coinbase argues for movement to dismiss SEC’s…
Tech

Coinbase argues for movement to dismiss SEC’s…

Jan 18, 2024

STAY CONNECTED

Categories

READ MORE

dummy-img

Bitcoin Freedom Act Introduced by Oklahoma Senator

Jan 10, 2025
Bitcoin Retail Investors Hold Back As Whales Drive The Market – Insights

Bitcoin Retail Investors Hold Back As Whales Drive The Market – Insights

Feb 21, 2025
Bitcoin 9-Month Cycle Says It’s Not Over, Analyst Shows Where We Are…

Bitcoin 9-Month Cycle Says It’s Not Over, Analyst Shows Where We Are…

Feb 19, 2025
California wildfires dying toll climbs to not less than 16, over 37K…

California wildfires dying toll climbs to not less than 16, over 37K…

Jan 12, 2025
Bumble’s new CEO is already leaving the corporate as shares fell 54%…

Bumble’s new CEO is already leaving the corporate as shares fell 54%…

Jan 17, 2025

Hot Topics

News

Contact Us

Twitter Instagram

Subscribe to Updates

Get the latest tech, social media, politics, business, sports and many more news directly to your inbox.

Subscription Form
Copyright 2025 © WhizBuddy