Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,198
- Points
- 113
Uncorrected errors have become a tool in the pursuit of valuable data.
In recent weeks, hackers have exploited 2 vulnerabilities in popular ServiceNow tools to steal confidential data.
In May, AssetNote specialists notified ServiceNow about three serious vulnerabilities that together open access to important data of organizations. In May and June, ServiceNow fixed vulnerabilities CVE-2024-4879 (CVSS score: 9.3), CVE-2024-5178 (CVSS score: 6.9) and CVE-2024-5217 (CVSS score: 9.2).
However, almost immediately after AssetNote's public report, a PoC exploit was published, which attracted the attention of hackers, and active attempts to exploit the bugs began. CISA said hackers are particularly targeting CVE-2024-4879 and CVE-2024-5217. CISA has added vulnerabilities to its KEV catalog and set an August 19 deadline for federal agencies to fix the flaws.
In the past 2 weeks, cybersecurity researchers have reported attempts by hackers to exploit these vulnerabilities. According to some reports, between 13,000 and 42,000 ServiceNow systems may be compromised. Most of the affected systems were identified in the United States, Great Britain, India and the European Union.
Vulnerabilities allow attackers to gain full access to the database, the ability to navigate through the system and extract data. Resecurity said it is closely monitoring the actions of foreign cybercriminals trying to extract data from private companies and government agencies around the world. Despite the fact that activity was restricted in a timely manner, several episodes of malicious activity were recorded during the existence of vulnerabilities.
The attacks affected numerous organizations around the world, including an energy company, a government agency in a Middle Eastern country, and a software development firm. Some of the companies did not know about the released patches and used outdated or unsupported systems.
In addition, there were attempts to exploit vulnerabilities on more than 6,000 sites in various industries, especially in the financial sector, where hackers mainly use automated tools to compromise the login page.
On the darknet, attackers are also looking for compromised access to IT services, corporate portals, and other systems that provide remote access to employees and contractors. Resecurity also warns about the activity of Initial Access Brokers (IAB), which hack systems and then sell access to other cybercriminals.
Source
In recent weeks, hackers have exploited 2 vulnerabilities in popular ServiceNow tools to steal confidential data.
In May, AssetNote specialists notified ServiceNow about three serious vulnerabilities that together open access to important data of organizations. In May and June, ServiceNow fixed vulnerabilities CVE-2024-4879 (CVSS score: 9.3), CVE-2024-5178 (CVSS score: 6.9) and CVE-2024-5217 (CVSS score: 9.2).
However, almost immediately after AssetNote's public report, a PoC exploit was published, which attracted the attention of hackers, and active attempts to exploit the bugs began. CISA said hackers are particularly targeting CVE-2024-4879 and CVE-2024-5217. CISA has added vulnerabilities to its KEV catalog and set an August 19 deadline for federal agencies to fix the flaws.
In the past 2 weeks, cybersecurity researchers have reported attempts by hackers to exploit these vulnerabilities. According to some reports, between 13,000 and 42,000 ServiceNow systems may be compromised. Most of the affected systems were identified in the United States, Great Britain, India and the European Union.
Vulnerabilities allow attackers to gain full access to the database, the ability to navigate through the system and extract data. Resecurity said it is closely monitoring the actions of foreign cybercriminals trying to extract data from private companies and government agencies around the world. Despite the fact that activity was restricted in a timely manner, several episodes of malicious activity were recorded during the existence of vulnerabilities.
The attacks affected numerous organizations around the world, including an energy company, a government agency in a Middle Eastern country, and a software development firm. Some of the companies did not know about the released patches and used outdated or unsupported systems.
In addition, there were attempts to exploit vulnerabilities on more than 6,000 sites in various industries, especially in the financial sector, where hackers mainly use automated tools to compromise the login page.
On the darknet, attackers are also looking for compromised access to IT services, corporate portals, and other systems that provide remote access to employees and contractors. Resecurity also warns about the activity of Initial Access Brokers (IAB), which hack systems and then sell access to other cybercriminals.
Source
