Hackers are increasingly attempting to exploit three year-old vulnerabilities in ServiceNow, a popular platform used by companies to manage sensitive employee data, according to security researchers. The vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, were first disclosed in May 2024 and patched by ServiceNow in July 2024. However, it appears that many organizations have failed to apply the patches, leaving their instances vulnerable to attack.

Threat intelligence startup GreyNoise reported a "notable resurgence of in-the-wild activity" targeting the three vulnerabilities, with 70% of the malicious activity observed in the past week targeting systems based in Israel. Additional activity was seen in Germany, Japan, and Lithuania. The identity of the attackers behind this latest wave of targeting is currently unknown.

The vulnerabilities can be chained together to gain "full database access" of affected ServiceNow instances, which often host sensitive data about employees, including personally identifiable information and HR records related to their employment. This raises significant concerns about the potential for data breaches and cyber attacks.

ServiceNow spokesperson Erica Faltous stated that the company first learned of the vulnerabilities nearly a year ago and, to date, has not observed any customer impact from an attack campaign. However, this assertion is contradicted by previous reports from security firms Resecurity and Imperva, which warned of targeted exploitation attempts against private sector companies and government agencies worldwide.

Resecurity reported seeing targeted attempts at an energy company, a data center organization, a Middle Eastern government agency, and a software developer. Meanwhile, Imperva released a report in July 2024 warning that it had observed exploitation attempts across 6,000 sites across various industries, with a focus on the financial services sector.

The increased exploitation attempts highlight the importance of timely patching and vulnerability management. Organizations that have not yet applied the patches to these vulnerabilities are urged to do so immediately to prevent potential data breaches and cyber attacks. The incident also underscores the need for continued vigilance and monitoring of systems to detect and respond to emerging threats.

The resurgence of exploitation attempts targeting these ServiceNow vulnerabilities serves as a reminder of the ongoing cat-and-mouse game between hackers and security professionals. As hackers continually evolve their tactics and exploit new vulnerabilities, it is essential for organizations to stay proactive in their security efforts and prioritize the protection of sensitive data.