This critical vulnerability allowed attackers to bypass authentication implemented in the middleware layer. With the popularity of this framework on the internet and within our customers' attack surfaces, our Security Research team took a deeper look at the issue.
GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities CVE-2024-4879 (Critical), CVE-2024-5217 (Critical), and CVE-2024-5178 (Medium). These vulnerabilities reportedly may be chained together for full database access.
Over 100 auto dealerships were being abused compliments of a supply chain attack of a shared video service unique to dealerships. When active, the attack presented dealership visitors with a ClickFix webpage which led to a SectopRAT malware.
