How can we keep up to date with all the cyber security news?
How are we able to discern between the real threats and the ones exacerbated by the media?
Where do we find the best resources that help us fight the latest types of malware?
What experts should we follow to learn about the most recent trends in online attacks, so that we can protect ourselves?
If we want to keep our online goods safe, it’s essential that we understand how cyber security works. We need to know why and how malicious hackers attack.
But internet security is a complex field and we’re drowning in an ocean of information, there are just too many publications out there.
Which one should we follow?
How can we distinguish between the real experts and the frauds?
We get it. We’ve been in the exact same place of confusion. There’s no quick answer to these question. We just had to closely follow the industry for a very long time in order to figure it out. And the landscape is constantly changing, the conclusions we draw today might be radically different tomorrow.
But we hope that this list is a good place to start.
We put together all the internet security blogs and websites that are worth following. All the influencers in the cyber security information.
From small, independent researchers and experts, to the big names: security vendors, media giants. The main filter was how much can we benefit from their insights and knowledge.
Therefore, if you need best practices, how-to articles, online safety research or the latest security news, start here. Feel free to bookmark this article and access the following blogs whenever you feel necessary.
CYBER SECURITY BLOGS TO FOLLOW:
Brian Krebs is the man behind Krebs on Security. Being hacked himself in 2001, he takes a personal interest in online security. He’s one of the most-known names in today’s security landscape. Krebs covers topics from latest threats, privacy breaches and cyber-criminals, to major security news. He’s also a book author.
Bruce Schneier is also a well-known name in this field, and was even called a “security guru” by The Economist. He wrote books, hundreds of articles, essays and security papers on security matters. At the same time, he is a known figure in the media.
The press recognizes him as an important voice for online security, not only for his knowledge on the matter, but also because of how he expresses his opinions.
3. Tao Security
Tao Security is run by Richard Bejtlich, Chief Security Strategist at FireEye and former Chief Security Officer at Mandiant (company acquired by FireEye in 2013). He’s also an author of many books on security. Previously he was a Director of Incident Response for General Electric. He began his career as a military intelligence officer at the Air Force Computer Emergency Response Team, Air Force Information Warfare Center and Air Intelligence Agency.
With an extensive background in the cyber-criminal world and familiar with malicious attacks on enterprise networks, he shares his experience on digital defense and network monitoring. Since a great number of network attacks come from China, he is specialized on Chinese online criminals.
Graham Cluley is one of the most known independent computer security analyst and public speakers. He’s been working in the industry since early ‘90s. Started as a programmer, writing the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Afterwards he had senior roles in Sophos and McAfee.
On his website you’ll also find posts written by the security journalist David Bisson.
5. Troy Hunt
Troy Hunt is an Australian Microsoft Regional Director and MVP. He travels the world speaking at events and giving trainings to tech professionals. He’s also an author of many top-rating courses on web security.
You surely heard about his project “Have I Been Pwned?”, the free service that lets you know if you’ve been compromised in a data breach.
Security Affairs is a blog written by Pierluigi Paganini, an ethical hacker, researcher, security evangelist and analyst. On his blog, among the articles on security, you’ll also find regular interviews with hackers.
This is the official website of the Department of Homeland Security, from USA. Though it is not your classical security blog, its purpose is to improve internet security by providing specialized and well detailed information on cyber-criminal activities, malware, phishing attempts and online threats. To use their own words: “US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cyber-security information with trusted partners around the world.”
8. Dark Reading
Dark Reading is a widely-read cyber security site that addresses professionals from the IT environment, security researchers and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT security.
CIO is the place where you find news, information technology articles, insight and analysis on major data breaches and online threats. Covering multiple aspects of world wide web, it provides in-depth, content rich information for IT professionals and normal users.
10. CSO Online
CSO focuses on information technology, access management for enterprise servers, loss prevention, cybercriminal threats and software vulnerabilities.
Known for his direct and witty style, Neil Rubenking is PC Magazine’s Lead Analyst. He’s the man you have to listen if you search for technical advice on the main security solutions, from firewalls, antivirus and antispam products to full security suites. Detailed reports and sharp analysis of security programs place him on your follow list if you look for this type of information. He has also written several books.
Paul’s Security Weekly, founded by Paul Asadoorian, brings you security news, useful technical articles, research studies and valuable information on hacking and cybercrime through various channels, from blog posts, videos to podcasts.
Forbes is one of the leading media company in the online environment and provides strong analysis, reliable tools, real-time reports for cyber-security news and information on the latest online threats.
14. SC Magazine
SC Magazine comes in the IT environment with technical information and data analysis to fight the present online security threats. Their site provides testing results for email security, mobile devices, cloud and web security.
One of the most popular sites in the software industry, PC Mag comes with reviews and studies on the latest products for online security. For an objective analysis of a product you may be looking, don’t forget to look for the dedicated article on this website.
16. The Hacker News
With more than 5 million monthly readers, The Hacker News is one of the biggest channels for cyber security news. Follow it for the latest resources about hacking, technology and security.
17. Ars Technica
Ars Technica is one of the oldest and top publications on technology. Its editorial mission is to be “technically savvy, up-to-date and more fun” than what was popular at the moment when it was founded.
Softpedia is a popular destination for software downloads, but also covers tech topics and news. It was founded in 2001 by SoftNews NET SRL, a Romanian company.
One of the classical North American publications reporting on technology and its role in culture, economy and politics, Wired approaches topics on online privacy, cyber-criminal threats, systems security and the latest alerts.
20. Motherboard Vice
Vice’s Motherboard is an online magazine dedicated to technology, science and humans. Lots of the data breaches in the past years were first announced by Motherboard.
Mashable is a global media company, founded in 2005. They aim to be the leading media company for the Connected Generation and the voice of digital culture. Follow its cybersecurity category for all the latest news related to this field.
TechCrunch is another leading media company dedicated to technology and breaking tech news, founded in the same year as Mashable and owned by AOL.
23. IT Pro Portal
It Pro Portal was one of the first tech websites from UK, launched in 1999. It has grown to become one of UK’s leading resources on technology information.
When law meets privacy – this is how we’d sum up “Privacy Paradox”, the subsection of The Lawfare Blog. Its authors take an unorthodox look at the law and policy of contemporary privacy.
25. The Register
The Register is a top online tech publication, with more than 9 million monthly unique visitors. You’ll find here independent news, views and reviews on the latest in the IT industry.
TechRepublic provides large resources for the online industry, such as blog articles, forums, technical papers and security data. All the valuable information available helps IT professionals and technology leaders to come with the best decisions on their business processes.
27. Zero Day
The Zero Day security blog is important for all the people part of the IT industry. Follow it to stay on top of the latest security analysis, software vulnerabilities, malware attacks and network threats.
Known for its quality articles on world news, Guardian offers a section dedicated to information security for companies and individuals. To stay up-to-date with the latest articles and news on cyber security, make sure you follow this site.
Help Net Security is a popular independent site, focused on information security since 1998. You’ll find here the latest information and articles related to the IT industry.
Techworld is an industry leader in business technology publishing, published by IDG (International Data Group). The Security section is dedicated to analyzing the latest malware threats and zero-day exploits. You can find here other important topics and subjects, such as security articles, how-to documents and software reviews.
The content of the Network Computing security blog focuses on cloud technology and enterprise infrastructure systems. Its published articles cover security solutions on how to deliver applications and services for an increasingly large threat environment in the business world, news and expert advice.
With more than 10 years of experience, Infosecurity Magazine is an online magazine which covers not only security articles on popular topics, but is also dedicated to security strategy and valuable insights for the online industry. Their content is focused on an educational approach.
SANS Software Security provides training, certification, research and community initiatives that help IT specialists build secure applications.
BLOGS FROM SECURITY VENDORS TO FOLLOW
TripWire delivers advanced threat, security and compliance solutions to companies. State of Security is TripWire’s blog on cyber security. Multiple authors write on it about the constantly changing landscape of cyber security.
35. Naked Security
Naked Security is an award-winning newsroom that gives us news, opinion, advice and research on computer security issues and the latest cyber threats. Naked Security is the blog of security company SOPHOS. Categories range from mobile security threats to operating systems and malware articles. Naked Security won numerous awards and it is considered one of the best security blogs.
Safe & Savvy is a security blog from F-Secure, a company dedicated to online content and privacy protection. On this security blog you will find helpful tips and advises on security issues, from protecting your personal identity to keeping your system safe.
37. Hot For Security
Hot For Security is Bitdefender’s security blog. Bitdefender is one of the leading companies on online security solutions. On their blog, they cover various subjects related to cyber security and privacy, from internet scams, online spam and phishing detection, to malware and data stealing software.
The Malwarebytes security blog articles cover the latest malware threats and cyber criminal attempts from the online world. You can find their articles on categories, from cybercrime, exploits, hacking and malware analysis.
39. We Live Security
We Live Security, the Eset blog, is an online resource for cyber security articles and this blog covers a large network of security topics from emerging online threats to zero-day exploits.
Threatpost is the leading security news website that is part of The Kaspersky Lab. Their articles cover important stories and relevant security news for the online world. They are recognized as an important source of news for online security in important newspapers and publications, such as New York Times, USA Today or The Wall Street Journal.
Securelist is a security blog run by Kaspersky Lab and it addresses a large audience, providing some of the best security subjects on cybercriminal activities and data stealing malware. You can find here security information that focuses on malware, phishing and other threats from the cyber security world.
42. Symantec Weblog
Symantec Weblog is a security blog from one of the biggest providers of security solutions world wide, Symantec. Using their technical knowledge and data collected along the years, they come with strong analysis reports and articles on security threats, online criminals, data stealing malware, system vulnerabilities and many others.
Fox-IT’s security blog is a very good source of information on online security, technology news and cyber crime defense.
Securosis is a security research and advisory company that offers security services for companies and organizations. At the same time, you can find on their security blog some useful articles and insight on managing and protecting online data.
We are surrounded by Google products and services, from their search engine to their web browser, so it is normal to include their security blog on our list. It is a reliable security blog and even more, a reference point on online security and privacy we need to acknowledge. Here’s also the place where they announce what measures they take to keep users safe.
The security blog from ZoneAlarm, one of the well-known vendors of security products, provides valuable information on malware defense and online security. Using their experience on malware, this security blog publishes malware alerts, practical security tips and the latest news in the IT industry.
McAfee security blog provides the latest tips and techniques from security experts to keep you up-to-date with the latest malware trends in the online environment.
The Microsoft Malware Protection Center analyzes data from all over the world to provide insight and valuable information on fighting online threats in order to protect users from malware attacks and online crime.
Investigators and researchers at Trustwave cover the latest technology news on this security blog. Gathering information from research and testing, they publish articles and security studies to fight online hackers and cyber-criminal threats.
50. Dell SecureWorks
SecureWorks is a company that provides information security services. It became part of Dell in 2011 and branched off as a public organization in April 2016.
Their security blog provides the latest news and information for IT professionals and users that need to stay up-to-date with online threats and malware attacks.
Trend Micro Simply Security site offers expert insights on cloud security, data safety, privacy protection and threat intelligence.
ThreatTrack security blog keeps you up-to-date with the latest innovations and developments in the IT industry, from security exploits to software vulnerabilities and cyber-criminal attempts.
We’re aware that our list isn’t perfect and never will be. There are so many other security blogs and experts that we have not included. Many more are launching every day. We’ll try to keep the list updated as much as we can.
Since the security and privacy landscape is changing constantly, so must we. That’s why we’re asking you to help us improve this article. Tell us what other blogs we should include in this list and what you think about the current ones.
What are your favorite security blogs?
Why do you follow them?
What gaps are there? What area do you expect them to improve in the future?
If you liked this post, you might enjoy our newsletter. Receive new articles directly in your inbox:
* This article was initially published by Aurelian Neagu in October 2014 and brought up to date by Cristina Chipurici in July 2016