More than 9,000 VNC Endpoints Exposed Online Without a Password

Share post:

According to security weakness hunters at Cyble, over 9,000 exposed VNC (virtual network computing) endpoints are exposed on the internet without authentication.

VNC (virtual network computing) is a platform-independent system that can help users connect to systems that require monitoring and adjustments.

VNC grants users control over a remote computer via the RFB (remote frame buffer protocol) over a network connection.

According to the researchers, the most exposed endpoints are in China and Sweden. Other countries that made it to the top 5 list are the United States, Spain and Brazil. Most attempts to access VNC servers came from the Netherlands, Russia and the United States.

These vulnerable endpoints could serve as entry points for unauthorized users, including threat actors with malicious targets.

Exposed VNCs are widely targeted by attackers. Using its cyber intelligence tools on 5909, Cyble researchers discover that there were over six million requests within a month.

To protect VNC, administrators are advised never to expose servers directly to the internet. If they need to be remotely accessible, they must be placed behind a VPN.

Administrators should also provide instances with a password to restrict access to the VNC servers.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways