Tech

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Oliver James
2 Min Read
Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week.

Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of in-the-wild activity” targeting the three ServiceNow vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217.

The vulnerabilities were first disclosed by researchers at Assetnote in May 2024 and patched by ServiceNow months later in July 2024. 

GreyNoise said that all three flaws have seen a resurgence in targeted exploitation attempts in the past week. It’s not known exactly who is behind this latest wave of targeting, but GreyNoise said that 70% of the malicious activity it observed in the past week targeted systems based in Israel, with activity also seen in Germany, Japan, and Lithuania. 

As first noted by Assetnote last year, GreyNoise also confirms that the vulnerabilities can be chained together for “full database access” of affected ServiceNow instances. Organizations often use the ServiceNow platform to host sensitive data about their employees, including their personally identifiable information and HR records related to their employment. 

ServiceNow spokesperson Erica Faltous told TechCrunch that the company first learned of the vulnerabilities “nearly a year ago”, and, “to date, we have not observed any customer impact from an attack campaign.”

Following Assetnote’s disclosure of the flaws last year, U.S. security firm Resecurity warned that foreign threat actors had attempted to exploit the three ServiceNow vulnerabilities to target both private sector companies and government agencies around the world. 

Resecurity said it saw targeted attempts at an energy company, a data center organization, a Middle Eastern government agency, and a software developer.

Cybersecurity company Imperva released another report in July 2024 warning that it had also observed exploitation attempts across 6,000 sites across various industries, with a focus on the financial services sector.

You Might Also Like

Andes wildlife is replanting the Earth – one dung pile at a time

What It’s Really Like to Milk Snakes for Venom

This Rare See-Through Squid Is Blinking for a Reason

OpenAI Unveils New Image Generator for ChatGPT

Proposed rule change on endangered species triggers alarm for environmentalists

Share This Article
Previous Article Nike (NKE) Q3 2025 earnings Nike (NKE) Q3 2025 earnings
Next Article Onions! Bill Raftery’s guide to March Madness lingo Onions! Bill Raftery’s guide to March Madness lingo

Latest News

Russia advances to east-central Ukrainian region amid row over dead soldiers
Russia advances to east-central Ukrainian region amid row over dead soldiers
News
Trump rips ‘incompetent’ Newsom, LA Mayor Bass amid riots over immigration raids, bans protesters from wearing masks
Trump rips ‘incompetent’ Newsom, LA Mayor Bass amid riots over immigration raids, bans protesters from wearing masks
News
Desperate to get its illegally detained civilians out of Russia, Kyiv offers Ukrainian collaborators in exchange
Desperate to get its illegally detained civilians out of Russia, Kyiv offers Ukrainian collaborators in exchange
News
GOP looks to win over Collins, Murkowski on Trump bill
GOP looks to win over Collins, Murkowski on Trump bill
News