CyberSecurity news

FlagThis - #servicenow

Nathaniel Morales@feeds.trendmicro.com //
The Albabat ransomware has evolved, now targeting Windows, Linux, and macOS systems, according to recent research. This marks a significant expansion in the group's capabilities, showcasing increased sophistication in exploiting multiple operating systems. Trend Micro researchers uncovered this evolution, noting the ransomware group leverages GitHub to streamline their operations, enhancing the efficiency and reach of their attacks.

Albabat ransomware version 2.0 gathers system and hardware information on Linux and macOS systems and uses a GitHub account to store and deliver configuration files. This allows attackers to manage operations centrally and update tools efficiently. The GitHub repository, though private, is accessible through an authentication token, demonstrating active development through its commit history.

Recent versions of Albabat ransomware retrieve configuration data through the GitHub REST API, utilizing a User-Agent string labeled "Awesome App." It encrypts file extensions, including .exe, .dll, .mp3, and .pdf, while ignoring folders like Searches and AppData. The ransomware also terminates processes like taskmgr.exe and regedit.exe to evade detection. It tracks infections and payments through a PostgreSQL database, potentially selling stolen data.

Recommended read:
References :
  • Cyber Security News: The Albabat ransomware has expanded its operation by utilizing GitHub to streamline its operation.
  • gbhackers.com: The Albabat ransomware group has been observed expanding its operations to target not only Windows but also Linux and macOS systems, marking a significant evolution in its capabilities. They are leveraging GitHub to streamline their ransomware operations.
  • : Trend Micro observed a continuous development of Albabat ransomware, designed to expand attacks and streamline operations. The authors seem to be targeting Linux and macOS systems now.
  • www.trendmicro.com: New versions of Albabat ransomware have been detected that target Windows, Linux, and macOS devices. The group is utilizing GitHub to streamline their operations.
  • hackread.com: New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
  • Carly Page: Mastodon: Hackers are ramping up attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances
  • techcrunch.com: TechCrunch: Hackers are ramping up attacks using year-old ServiceNow security bugs to break into unpatched systems
  • www.scworld.com: Attacks involving ServiceNow vulnerabilities escalate
  • bsky.app: Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations https://buff.ly/IWRowB3
  • Talkback Resources: New Attacks Exploit Year-Old ServiceNow Flaws - Israel Hit Hardest [app] [exp]
  • www.itpro.com: Old ServiceNow vulnerabilities could cause havoc for unpatched customers
  • Rescana: ServiceNow Vulnerabilities: Critical Exploits Impacting Israel and Global Systems
  • Cyber Security News: Albabat Ransomware Adds Linux and macOS to its Expanding List of Targets
  • gbhackers.com: Albabat Ransomware Expands Reach to Target Linux and macOS Platforms
  • www.cysecurity.news: Albabat Ransomware Evolves with Cross-Platform Capabilities and Enhanced Attack Efficiency
  • ciso2ciso.com: New versions of the Albabat ransomware target Windows, Linux, and macOS, and retrieve configuration files from GitHub. The post appeared first on SecurityWeek.

Rescana@Rescana //
References: www.itpro.com , Rescana , hackread.com ...
Critical vulnerabilities in ServiceNow, a widely used cloud-based platform, are being actively exploited by hackers, resulting in escalated attacks. Security researchers at GreyNoise have observed a resurgence of malicious activity targeting three year-old, but previously patched, flaws: CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178. These vulnerabilities can lead to unauthorized access and potentially full database compromise if left unpatched.

Organizations that failed to apply ServiceNow patches last year are now falling victim to these exploits. Israel has been significantly impacted, with over 70% of recent malicious activity directed at systems within the country. However, attacks have also been detected in Lithuania, Japan, and Germany. Security experts urge organizations to apply the necessary patches and monitor for unusual authentication attempts, unauthorized data access logs, and unexpected server behavior.

Recommended read:
References :
  • www.itpro.com: Old ServiceNow vulnerabilities could cause havoc for unpatched customers
  • Rescana: ServiceNow Vulnerabilities: Critical Exploits Impacting Israel and Global Systems
  • www.scworld.com: Attacks involving ServiceNow vulnerabilities escalate
  • hackread.com: New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest

Rescana@Rescana //
Critical vulnerabilities in ServiceNow are being actively exploited, posing a significant threat, especially to systems in Israel. Three key flaws, CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, have been identified and are under active attack. These vulnerabilities, some over a year old, were initially disclosed in early 2023 and patches were provided by ServiceNow. Despite the patches, exploitation activities have surged, particularly targeting Israeli systems.

These vulnerabilities allow threat actors to gain unauthorized access, potentially leading to data breaches and operational disruptions. CVE-2024-4879 is a template injection vulnerability allowing remote code execution. CVE-2024-5217 and CVE-2024-5178 involve input validation errors that can be exploited to manipulate data and bypass security controls, potentially granting full database access. Organizations that failed to apply ServiceNow patches last year are continuing to fall victim.

Recommended read:
References :
  • hackread.com: Report of attacks exploiting year-old ServiceNow flaws, with Israel being the hardest hit.
  • www.itpro.com: ServiceNow vulnerabilities and the impact on unpatched systems.
  • Rescana: Details on the critical vulnerabilities in ServiceNow being exploited, particularly in Israel.
  • www.scworld.com: The threat actors are exploiting three-year-old vulnerabilities in ServiceNow.

SC Staff@scmagazine.com //
Attackers are intensifying their efforts to exploit old ServiceNow vulnerabilities, specifically CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, which were patched last year. GreyNoise, a threat intelligence firm, has observed a resurgence of in-the-wild activity targeting these flaws, putting unpatched company instances at risk. These vulnerabilities can potentially lead to unauthorized access to sensitive data, remote code execution, and full database compromise, even by unauthenticated actors.

The attacks have predominantly targeted systems in Israel, accounting for over 70% of recent malicious activity. However, organizations in Lithuania, Japan, and Germany have also been affected. Security experts urge organizations to apply the necessary patches to protect their ServiceNow platforms and mitigate the risk of exploitation. These vulnerabilities were initially discovered by Assetnote in May 2024, and ServiceNow promptly released patches, but a failure to apply these updates has left some systems vulnerable.

Recommended read:
References :
  • hackread.com: New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
  • Carly Page: Hackers are ramping up attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances
  • www.itpro.com: Old ServiceNow vulnerabilities could cause havoc for unpatched customers
  • www.scworld.com: Attacks involving ServiceNow vulnerabilities escalate
  • Rescana: ServiceNow Vulnerabilities: Critical Exploits Impacting Israel and Global Systems