VulnHub

Real-time Cybersecurity News

Hundreds of Internet-Facing VNC Servers Expose ICS/OT

SecurityWeek
Critical

Overview

Forescout has discovered a significant number of exposed VNC and RDP servers that are accessible over the internet, particularly affecting industries that rely on Industrial Control Systems (ICS) and Operational Technology (OT). Researchers found that tens of thousands of these servers could be targeted, raising concerns about potential unauthorized access to critical infrastructure. The exposure of these systems could allow attackers to disrupt operations, steal sensitive data, or compromise safety systems. Companies in sectors such as manufacturing, energy, and transportation need to assess their network security and ensure that these remote access protocols are properly secured. Failure to address these vulnerabilities could lead to severe operational and financial consequences.

Key Takeaways

  • Affected Systems: VNC and RDP servers in ICS/OT environments
  • Action Required: Organizations should secure VNC and RDP servers by implementing strong authentication measures, using VPNs, and regularly updating their software to mitigate exposure risks.
  • Timeline: Newly disclosed

Original Article Summary

Forescout has identified tens of thousands of exposed RDP and VNC servers that can be mapped to specific industries. The post Hundreds of Internet-Facing VNC Servers Expose ICS/OT appeared first on SecurityWeek.

Impact

VNC and RDP servers in ICS/OT environments

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Organizations should secure VNC and RDP servers by implementing strong authentication measures, using VPNs, and regularly updating their software to mitigate exposure risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

A DOD contractor’s API flaw exposed military course data and service member records

CyberScoop

Researchers discovered a significant flaw in the API of Schemata, a contractor for the Department of Defense, which exposed sensitive information related to military courses and service members. This breach included personal details such as names, email addresses, base assignments, and course materials before Schemata implemented a fix and informed government officials. The exposure raises serious concerns about the security of military data and the potential risks to service members' privacy. Such incidents highlight the need for stringent security measures among contractors handling sensitive government information. The incident serves as a reminder of the vulnerabilities that can exist in systems that support military operations.

May 6, 2026

Roku sued for allegedly bricking TVs - see which models are affected, and your best alternatives

Latest news

Roku is facing a lawsuit after numerous users reported that their Roku TVs have become unusable, either getting stuck in boot loops or displaying black screens. This issue affects several models, leading to frustration among customers who rely on these devices for streaming. Users have taken to social media and forums to express their dissatisfaction, prompting legal action against the company. The situation raises concerns about the reliability of Roku devices and the potential need for better customer support and product durability. As these issues continue, affected users are encouraged to seek alternatives while the lawsuit unfolds.

May 6, 2026

FTC bans Kochava from selling location data without consent

SCM feed for Latest

The Federal Trade Commission (FTC) has banned Kochava, a data broker, from selling geolocation data without user consent. The FTC's complaint revealed that Kochava collected and sold location data from hundreds of millions of mobile devices, allowing clients to monitor users' movements to sensitive locations like health clinics and places of worship. This practice raised significant privacy concerns, as it involved tracking individuals without their knowledge or approval. The ruling emphasizes the need for stronger protections around personal data and could set a precedent for how data brokers handle user information in the future. Consumers are increasingly wary of how their data is used, and this decision reflects a growing push for accountability in the industry.

May 6, 2026

Why ransomware attacks succeed even when backups exist

BleepingComputer

Ransomware attacks are increasingly successful even when organizations have backups, primarily because attackers often target and destroy these backups before encrypting the main data. Acronis explains that this tactic leaves victims with little to no options for recovery, as the backups become unusable. This highlights a significant vulnerability in many organizations' cybersecurity strategies, as they may rely too heavily on backups without considering their protection. Companies need to bolster their defenses by securing backup systems and implementing strategies that can withstand ransomware attacks, ensuring they have a path to recovery even if their primary data is compromised.

May 6, 2026

CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack

Infosecurity Magazine

CISA has launched the CI Fortify initiative, urging critical infrastructure operators to develop plans to stay operational in the event of a cyber-attack. This initiative is designed to help these operators create systems for isolating affected areas and recovering from attacks quickly. The focus is on ensuring that essential services, such as power, water, and transportation, remain functional even when targeted by cyber threats. The call to action comes as cyber threats continue to evolve, making it crucial for these operators to have effective response strategies in place. CISA emphasizes that preparation can significantly mitigate the impact of potential attacks on public safety and national security.

May 6, 2026

After the identity fix: MCP's confused deputy problem

SCM feed for Latest

The article discusses a potential issue with AI agents acting as 'confused deputies,' which means they may perform unintended actions based on users' requests. This can lead to security vulnerabilities where the AI might execute commands that the user did not intend, potentially exposing sensitive data or causing other negative consequences. The implications of this problem are significant, as it raises concerns about the reliability and safety of AI systems in various applications. Users and developers need to be aware of these risks to ensure that AI implementations are secure and do not inadvertently compromise user intentions. As AI technology becomes more prevalent, addressing these issues will be crucial for maintaining trust and safety in digital environments.

May 6, 2026