TechCrunch News 03月21日
Hackers are ramping up attacks using year-old ServiceNow security bugs to break into unpatched systems
index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html

 

安全研究人员警告称,黑客正在加紧利用一年前ServiceNow的三处漏洞,试图入侵未修补的公司实例。GreyNoise报告称,观察到针对CVE-2024-4879、CVE-2024-5178和CVE-2024-5217这三个漏洞的“野外活动显著复苏”。这些漏洞最早由Assetnote的研究人员于2024年5月披露,ServiceNow于2024年7月进行了修复。GreyNoise表示,过去一周,针对这三个漏洞的利用尝试均有所增加。虽然幕后黑手尚不明确,但GreyNoise指出,过去一周观察到的恶意活动中,70%的目标是位于以色列的系统,同时德国、日本和立陶宛也有相关活动。这些漏洞可被链式利用,从而实现对受影响ServiceNow实例的“完全数据库访问”。

🚨 **漏洞信息**: CVE-2024-4879、CVE-2024-5178和CVE-2024-5217是ServiceNow的三处漏洞,最早于2024年5月由Assetnote披露,ServiceNow于2024年7月进行了修复。

🌍 **攻击目标**: 过去一周,70%的恶意活动针对位于以色列的系统,同时德国、日本和立陶宛也有相关活动。此前,Resecurity观察到针对能源公司、数据中心、中东政府机构和软件开发商的攻击尝试。

🔗 **攻击方式**: 这些漏洞可以被链式利用,从而实现对受影响ServiceNow实例的“完全数据库访问”,而ServiceNow平台通常存储了员工的敏感数据,包括个人身份信息和人力资源记录。

🛡️ **厂商回应**: ServiceNow表示,早在近一年前就已知晓这些漏洞,但“迄今为止,我们没有观察到任何客户受到攻击活动的影响”。

⚠️ **行业影响**: Imperva报告称,观察到针对6,000个站点的攻击尝试,主要集中在金融服务领域。

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week.

Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of in-the-wild activity” targeting the three ServiceNow vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217.

The vulnerabilities were first disclosed by researchers at Assetnote in May 2024 and patched by ServiceNow months later in July 2024. 

GreyNoise said that all three flaws have seen a resurgence in targeted exploitation attempts in the past week. It’s not known exactly who is behind this latest wave of targeting, but GreyNoise said that 70% of the malicious activity it observed in the past week targeted systems based in Israel, with activity also seen in Germany, Japan, and Lithuania. 

As first noted by Assetnote last year, GreyNoise also confirms that the vulnerabilities can be chained together for “full database access” of affected ServiceNow instances. Organizations often use the ServiceNow platform to host sensitive data about their employees, including their personally identifiable information and HR records related to their employment. 

ServiceNow spokesperson Erica Faltous told TechCrunch that the company first learned of the vulnerabilities “nearly a year ago”, and, “to date, we have not observed any customer impact from an attack campaign.”

Following Assetnote’s disclosure of the flaws last year, U.S. security firm Resecurity warned that foreign threat actors had attempted to exploit the three ServiceNow vulnerabilities to target both private sector companies and government agencies around the world. 

Resecurity said it saw targeted attempts at an energy company, a data center organization, a Middle Eastern government agency, and a software developer.

Cybersecurity company Imperva released another report in July 2024 warning that it had also observed exploitation attempts across 6,000 sites across various industries, with a focus on the financial services sector.

Fish AI Reader

Fish AI Reader

AI辅助创作,多种专业模板,深度分析,高质量内容生成。从观点提取到深度思考,FishAI为您提供全方位的创作支持。新版本引入自定义参数,让您的创作更加个性化和精准。

FishAI

FishAI

鱼阅,AI 时代的下一个智能信息助手,助你摆脱信息焦虑

联系邮箱 441953276@qq.com

相关标签

ServiceNow 漏洞 黑客攻击 安全威胁 CVE
相关文章
A poll + 3 news stories
漏洞管理变革:CISA 启动 CVE 信息富化项目
特斯拉、百度自动驾驶技术被黑客攻破,可造成致命车祸
数据安全成为医卫数字化首要挑战,奇安信发布百家医院免费体检计划
Study: Smart devices’ ambient light sensors pose imaging privacy risk
警惕,Foxit PDF 阅读器存在设计”缺陷“