The vulnerability comes into play when Instagram users search for Facebook friends to "follow."
HTTP Shaming was created by a security consultant to call out apps and web services that put user information at risk.
Despite a patch issued four years ago, a vulnerability in XP, Vista, WIndows 7 and Windows Server 2001/2008 is still a threat.
Apple has released version 6.1.6 and 7.0.6 of its Safari browser following patched vulnerabilities recently discovered by its researchers.
In a multi-challenge contest security researchers uncovered vulnerabilities and hacked into routers at the DefCon conference in Las Vegas.
On Tuesday, Adobe released fixes for seven critical bugs in its Flash Player plug-in.
The tech giant's monthly security update includes two critical patches for IE and Windows.
At DefCon 22 in Las Vegas, Nir Valtman discussed how far bug bounty programs have come in nearly 20 years.
In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.
Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.
A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.
Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.
At Black Hat 2014, Ertunga Arsal demonstrated how he can gain admin access to SAP systems, steal payment card data and reroute payments.
Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.
Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.
A researcher has discovered vulnerabilities in WordPress and Drupal that enable XML denial-of-service attacks.
In this video, F-Secure's Timo Hirvonen chats with Adam Greenberg, reporter at SC Magazine, about the project, as well as the threats aimed at Flash and Java vulnerabilities.
In this video shot at Black Hat 2014 in Las Vegas, Jeff Forristal of Bluebox Security sits with Danielle Walker, reporter at SC Magazine, to discuss the Fake ID Android vulnerability.
Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.
A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.
An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.
A threat group operating out of China continues its damage using older exploits, FireEye researchers said.
Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.
For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.
Vulnerabilities existing in Symantec Endpoint Protection can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.
Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.
In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.
Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.
Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.
Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.