ServiceNow customers got unwelcome news this week: unknown threat actors actively exploited an unauthenticated flaw to gain deeper access to hosted instances, and the company quietly pushed a fix before going public with the advisory.
Here’s what we know. On June 5, ServiceNow applied a security update across its hosted infrastructure to address an issue that could let an unauthenticated user escalate access. The company disclosed the incident in a customer-access-only advisory, which has left the broader security community with questions about scope, attribution, and how long the vulnerability was known.
If you run ServiceNow, verify that your instance received the June 5 update. Pull your access logs and look for anything unusual—newly created sessions, unexpected API calls, configuration changes made by accounts that shouldn’t have that kind of reach. Assume compromise until you can rule it out.
Source: The Hacker News
