Security News

Better check your widgets, people Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.…

AppOmni researchers found over a thousand instances of misconfigured Knowledge Bases where articles could be compromised through Public Widgets.

Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. [...]

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. On July 10, 2024, ServiceNow made hotfixes available for CVE-2024-4879, a critical input validation flaw enabling unauthenticated users to perform remote code execution on multiple versions of the Now Platform.

Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow,...

Researcher who publicized issue brands company’s communication 'appalling' ServiceNow is issuing a fix for a flaw that exposes data after a researcher published a method for unauthenticated...

Nearly 70 percent of instances of the software-as-a-service platform ServiceNow are potentially exposed to the public. The cause of all the exposure, the report stated, is "a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users." ACLs - access control lists - track permissions in an IT environment.

ServiceNow announced that Jacqui Canney has been named as the company's new Chief People Officer, leading all aspects of talent strategy, including employee experience, rewards, attraction, retention, development and diversity, inclusion and belonging for ServiceNow's rapidly growing global workforce of more than 14,000 employees. "For three decades, Jacqui has been at the forefront of solving complex problems at scale across industries from retail to professional services, uniquely blending first-class business strategy with forward-thinking creativity," said ServiceNow CEO Bill McDermott.

Box announced the general availability of a new integration with ServiceNow's Legal Service Delivery application to modernize legal operations. Lawyers and legal staff can start and resolve legal issues faster with structured legal intake, cross departmental tasking and practice-specific workflows.

ServiceNow announced new strategic Security Operations-focused integrations with Microsoft, extending the two companies existing partnership. According to Gartner, "The threat and attack surface that Security Operations must address continues to grow as businesses expand their use of cloud services like SaaS and cloud infrastructure and platform services, as OT/industrial control system environments become more connected, and as workers are more distributed." With one platform, one data model, and one architecture, the Now Platform is breaking down silos created by solutions that weren't designed to work together, and the new Security Operations integrations with Microsoft take this a step further.