Threat Post

Most ServiceNow Instances Misconfigured, Exposed

Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction. Nearly 70 percent of instances of ...
Bleeping Computer

Over 1,000 ServiceNow instances found leaking corporate KB data

Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors.
ZDNet

ServiceNow releases guidance on Access Control List misconfigurations after report highlights prevalence

ServiceNow has published guidance for its customers related to Access Control List (ACL) misconfigurations after an AppOmni security report found that 70% of the instances they tested had the issue.
Dark Reading

Patch Now: ServiceNow Critical RCE Bugs Under Active Exploit

A threat actor on BreachForums is claiming to have harvested email addresses and associated hashes from more than 105 ServiceNow databases after exploiting two recently disclosed critical ...
TechCrunch

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week. Threat intelligence ...