TechCrunch reports that vulnerable ServiceNow IT service-ticket platform instances still impacted by a trio of critical flaws already patched in July, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, have been subjected to resurgent intrusions that could facilitate total database compromise during the past week.
Israel-based systems were most targeted by the attempted exploitation of ServiceNow bugs but threat actors also sought to compromise instances in Germany, Japan, and Lithuania, according to an analysis from GreyNoise. Additional details regarding the perpetrator of the latest attack wave remain uncertain. Such a development comes months after intrusions leveraging the security issues were reported by Resecurity to have been launched against numerous organizations worldwide, including an energy entity, a software developer firm, a data center organization, and a Middle Eastern government agency. Meanwhile, more than 6,000 sites, particularly those in the financial services industries, were previously disclosed by Imperva to have been targeted with ServiceNow attacks.
