Numerous organizations around the world, including government agencies, energy providers, software development companies, and data centers, have been compromised in ongoing attacks chaining a trio of now-addressed ServiceNow Now Platform vulnerabilities, two of which are critical in severity, reports BleepingComputer.
Identification of the critical arbitrary code execution bugs, tracked as CVE-2024-4879 and CVE-2024-5217, as well as the medium severity flaw, tracked as CVE-2024-5178, has been followed by widespread network scanning for vulnerable instances, which have been targeted with a payload injection for server response result checking prior to second-stage payload deployment, a Resecurity analysis showed. Successful compromise has mostly resulted in the exposure of hashed user lists and account credentials although some instances leaked plaintext credentials, according to Resecurity researchers, who also observed elevated interest in the flaws from cybercriminals who have been looking to secure IT service desk and corporate portal access.
