Our collection of the most insightful and informative InfoSec blogs from the industry's foremost thought leaders.
There are hundreds of InfoSec blogs in the webosphere. Some are clear leaders in the industry, widely regarded as thought leaders and earning recognition from just about everyone in the security field as being among the best of the best. Some started out strong but fizzled out after a few short months, while others have compiled hundreds – thousands, even – of in-depth perspectives on a variety of security topics (from general cyber security to specific topics like data loss prevention (DLP)) over the course of nearly a decade.
We scoured the far corners of the web to dig up some of the best, most insightful and informative InfoSec blogs in existence for our newly-updated list for 2018. Not only the blogs you've seen named time and time again in best-InfoSec-blogger lists, but also some hidden gems you may not have known existed but will be glad you've finally discovered. These blogs provide deep insights from some of the leading information security professionals; in-the-trenches viewpoints from security experts who have spent decades working in the field and consulting with the world's largest enterprises, universities, the U.S. Government, startups, and other entities.
These bloggers tackle major security news, InfoSec hacks, tricks, and discoveries, offer tutorials and solutions for problems they've encountered in their day-to-day work, and sometimes bring a little humor to the fascinatingly complex world of information security. Note: These blogs are categorized, and listed alphabetically within each category - they aren't ranked or rated in any other way.
Security Researcher Blogs
Formerly Emergent Chaos, Adam Shostack and Friends is a blog that's been covering security, privacy, and economics (among other unrelated topics) since 2005. Shostack is also the author of author of Threat Modeling: Designing for Security and co-author of The New School of Information Security.
Three posts we like from Adam Shostack and Friends:
- Jonathan Marcil’s Threat Modeling Toolkit talk
- Doing Science With Near Misses
- The Security Principles of Saltzer and Schroeder
Andrew Hay is the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, where he's responsible for driving of the strategic vision for the company, as well as the development and delivery of the company's cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence. Hay has held roles for companies such as 451 Research, DataGravity, and Open DNS, where he served as Senior Security Research Lead & Evangelist. He’s often approached to provide expert commentary on security-industry events in the media, including both mainstream publications such as USA Today and niche publications such as TechTarget and Network World. We also have a podcast episode with Hay discussing the rise of the virtual CISO. You can access Hay’s insights directly at his personal blog, where he covers topics he hand-picks based on personal interest and importance to the field.
Three posts we like from Andrew Hay:
- Security Beyond The Perimeter
- Petya Ransomware: What You Need to Know and Do
- Diving into the Issues: Observations from SOURCE and AtlSecCon
A Pulitzer prize-winning journalist, Byron Acohido is the founder and executive editor of The Last Watchdog on Privacy & Security. Cybersecurity first gained Acohido's attention in 2000 when he joined the Money section of USA TODAY to cover Microsoft. Since that time, Acohido has authored several books and covered the cybersecurity space through articles, podcasts, and videos, all of which you can access at The Last Watchdog.
Three posts we like from The Last Watchdog:
- MY TAKE: Turning a blind eye: 73% of companies are ill-prepared to defend cyber attacks
- MY TAKE: Here’s how the U.S. economy would lose $15 billion from a 3-day cloud outage
- NEWS WRAP-UP: Meltdown, Spectre discovered in the wild – live hardware attacks one step closer
Dan Kaminsky has advised Fortune 500 companies like Cisco, Avaya, and Microsoft, and he’s been a well-known security researcher for more than a decade. His blog, formerly known as DoxPara Research, features in-depth posts with insights on the most pressing security issues facing the industry, such as Heartbleed. It’s kind of like picking Kaminsky’s brain from the comfort of your desk.
Three posts we like from Dan Kaminsky’s Blog:
- Hacking the Universe with Quantum Encraption
- The Cryptographically Provable Con Man
- Read My Lips: Let’s Kill 0Day
Elie Bursztein leads Google’s anti-abuse research efforts, sharing his insights on topics relevant to the world of InfoSec on his personal blog. Bursztein has some impressive achievements under his belt, such as the re-design of Google’s CAPTCHA to make it easier (an effort much-appreciated by Internet users everywhere), implementing faster cryptography to make Chrome safer, and identifying and reporting more than 100 security vulnerabilities to companies like Apple, Microsoft, Twitter, and Facebook.
Three posts we like from Elie Bursztein:
- Inside Mirai the infamous IoT Botnet: A Retrospective Analysis
- Unmasking the ransomware kingpins
- Exposing the inner-workings of the ransomware economy
Graham Cluley has more than 70,000 followers on Twitter alone, and it’s no surprise given his impressive coverage of InfoSec news and developments. He’s an independent computer security analyst who’s been working in the field since the 1990's, giving him plenty of background and expertise to offer expert commentary on the latest happenings in information security and related topics. In addition to Cluley’s expertise, you can gain insights from a panel of regular contributors featuring several highly-regarded experts in the field. You’ll find plenty of tips for everyday users, along with deep insights into critical security developments.
Three posts we like from Graham Cluley:
- “Killer text bomb” crashed iPhones, iPads, Macs, and Apple Watches
- 12 Common Threat Intelligence Use Cases
- Government websites hijacked by cryptomining plugin
Founded and authored by Raj Chandel, Hacking Articles is a comprehensive source of information on cyber security, ethical hacking, penetration testing, and other topics of interest to information security professionals. Chandel’s primary interests lie in system exploitation and vulnerability research, but you’ll find tools, resources, and tutorials on everything from social engineering to footprinting, Google hacking, and more.
Three posts we like from Hacking Articles:
- Hack the Game of Thrones VM (CTF Challenge)
- Bind Payload using SFX archive with Trojanizer
- Hack the Bsides London VM 2017(Boot2Root)
Russ McRee has spoken at leading security conferences, such as Defcon, BlackHat, RSA, and others, and he leads the Blue Team for Microsoft's Windows and Devices Group (WDG). He also writes toolsmith, a monthly column in ISSA Journal, but shares many of his views and perspectives on his belief in a holistic approach to information security at Holistic InfoSec.
Three posts from Holistic InfoSec:
- toolsmith #131 - The HELK vs APTSimulator - Part 1
- toolsmith #128 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 1
- Toolsmith Tidbit: Windows Auditing with WINspect
Jeff Soh began blogging in 2007, and continues to share suggestions for intrusion analysts and other miscellaneous news on information security. Soh also offers book recommendations, product recommendations, and useful tips for information security professionals and everyday users.
Three posts we like from JeffSoh on NetSec:
Brian Krebs is a household name in information security, and his blog is among the most well known and respected in the space. An investigative reporter at heart, Krebs comes from a journalist background and has honed his self-taught expertise through over a decade of dedicated interest in security. He is credited with discovering the Target data breach a few years ago and being the first to report on the Stuxnet worm in 2010.
Three posts we like from Krebs on Security:
- IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts
- New EU Privacy Law May Weaken Security
- Domain Theft Strands Thousands of Web Sites
Liquidmatrix is committed to providing long-form articles and in-depth coverage of information security news and information, rebelling against the trend towards superficial coverage without added value. The brainchild of Dave Lewis, a self-professed “jack of all trades and master of none” who holds a day job at Akamai and has been working in the InfoSec field for two decades, Liquidmatrix has been up and running since 1998, making it one of the oldest, established InfoSec blogs remaining current.
Three posts we like from Liquidmatrix Security Digest:
- A WTF Moment For Vulnerability Disclosure
- Deep Web, Dark Web, Darknet, Deepdeep, Darkdark…
- Vulnerability Researcher to Software Developer: The Dark Side of the Coin
A computer scientist researcher with an intensive hacking background, Marco Ramilli has been working with the U.S. Government and several leading universities on new security paradigms, penetration testing methodologies and electronic voting systems' security, and malware. His blog, which he started back in 2007, is a reflection of his many experiences in the security field. Ramilli, a TEDx speaker, CTO at Yoroi, and an expert in ethical hacking, advanced targeted attacks, and malware evasion, has earned multiple honors and awards for his work.
Three posts we like from Marco Ramilli’s Blog:
- Huge Botnet Attacking Italian Companies
- Info Stealing: a new operation in the wild
- Advanced 'all in memory' CryptoWorm
Matt Flynn is an information security specialist and industry analyst. His personal blog, which reflects his own opinions, covers identity management and security, software, services, processes, and analyses. He’s been blogging since 2006 and has built an impressive collection of posts and perspectives over the years on topics impacting information security professionals.
Three posts we like from Matt Flynn’s Information Security, Identity & Access Management Blog:
- New World, New Rules: Securing the Future State
- Hyperbole in Breach Reporting
- Encryption would NOT have saved Equifax
Gary Hinson is the blogger behind NoticeBored, where he covers information security topics that catch his eye. Hinson was born and studied in the U.K., and worked in London, Swindon, Bristol, and Brussels before moving to New Zealand in 2005. Hinson covers topics of interest to both consumers and security professionals, with a casual style that allows him to talk about complex security happenings in a language everyone can understand.
Three posts we like from NoticeBored:
- NBlog February 17 - The I part of CIA
- NBlog February 16 - innovative malawareness
- NBlog February 14 - IoT security & privacy standard
Daniel Miessler is an information security professional, who uses his blog as a platform for collecting and organizing technical knowledge. With information and posts beginning as early as 1999, Daniel provides a robust site and blog for anyone interested in technology and information security.
Three posts we like from Observations on InfoSec:
- Information Security Professionals Cannot Be Luddites
- I Grow Tired of Technologists Who Don’t Understand the Internet of Things
- The Future of Attack and Defense is AI
The Robert Penz Blog covers information about Linux, open source, and IT security, including tips, tricks, and small scripts. Robert became interested in infosec as a student and wrote his masters' thesis on "Analysis and design of a SIM based authentication solution for WLAN”.
Three posts we like from Robert Penz Blog:
- A security minded guy forced to buy a Wifi enabled cleaning robot
- WannaCry happened and nobody called me during my vacation – I tell you why
- Mitigating application layer (HTTP(S)) DDOS attacks
Roger McClinton started his blog back in 2004, primarily as a means to collect the links and research he wanted to easily refer to later. But as time went on, he started adding commentary and to his surprise, his blog developed a substantial readership. After a brief hiatus in the second half of 2013, Roger is again offering news and commentary on all things InfoSec, musings about his current employment situation, and the occasional personal anecdote.
Three posts we like from Roger's Information Security Blog:
- Deploying a new security product
- SMBv1 isn’t safe
- Siri Lock Screen Bypass in news your non security friends read
Bruce Schneier's blog is another one of those must-haves for a list like this. Schneier has been writing about security issues here since 2004, and in his popular monthly newsletter since 1998, focusing on topics like cryptography, privacy, and government. A renowned cryptography expert, Bruce is also a leading author and speaker in the space.
Three posts we like from Schneier on Security:
A free learning resource from Social-Engineer, Inc., Security Through Education focuses on the blend of science, psychology and art that is social engineering – and how it’s used by penetration testers and security enthusiasts. It’s all brought to you by a team of leading professional social engineers, psychologists, researchers, scientists and security enthusiasts. In addition to the blog, you’ll find a newsletter, podcast, and much more to ensure that you’re always in the know, entertained, and never out of consumable security media.
Three posts we like from Security Through Education:
- Insider Threats – Recognize and Respond to the Risk Within
- Advances in Machine Learning
- Social Media – Don’t Get Burned By Overexposure
TaoSecurity is FireEye Chief Security Strategist Richard Bejtlich's blog. For over a decade, TaoSecurity has been a source of expertise on cybersecurity, hacking, security strategy, threats, and more. Richard is a recognized security author and his blog contains a great amount of educational security resources.
Three posts we like from TaoSecurity:
- The Origin of Threat Hunting
- Spectre and Meltdown from a CNO Perspective
- On "Advanced" Network Security Monitoring
The Tech Wreck InfoSec Blog is run by an Information Assurance Engineer, covering a variety of topics pertaining to information security and related news. The blog provides articles of use to both consumers and security professionals.
Three posts we like from Tech Wreck InfoSec Blog:
- The complete list of Infosec related cheat sheets
- How To Build And Run A SOC for Incident Response - A Collection Of Resources
- Network security & sysadmin wiki - how to get the daily tasks done right
Tony Perez has spent the better part of the past 15 years working in a variety of tech industries, but today he focuses primarily on website security and business. He's the co-founder of Sucuri Security and also leads the GoDaddy SBU. Tony is' a prolific speaker on security-related topics. His blog is a chronicle of his thoughts and experiences as he strives to create "a new security standard for your online presence."
Three posts we like from Tony on Security:
- Google Begins Campaign Warning Forms Not Using HTTPS Protocol
- Phishing and Ransomware Leads to Security Concerns for Organizations
- Password Management
Troy Hunt is a Microsoft Regional Director and MVP who creates Pluralsight courses and travels the world to train technology professionals and speak at technology and security events. He's a sought-after speaker and thought leader, making Hunt's blog a particularly worthy read for any infosec pro. Troy is also the creator of Have I Been Pwned, a free online resource to check if you've been compromised in a breach. Troy was also featured in one of our podcasts, Episode 15: Talking Data Breaches and Getting Pwned.
Three posts we like from Troy Hunt:
- Making Light of the "Dark Web" (and Debunking the FUD)
- Data breach disclosure 101: How to succeed after you've failed
- How Long is Long Enough? Minimum Password Lengths by the World's Top Sites
Uncommon Sense Security is the blog of Tenable Network Security Strategist and Security BSides co-founder Jack Daniel. While Jack's updates are not as frequent as they once were, his blog still serves as a trove of infosec knowledge on topics such as vulnerabilities, small business infosec, data breaches, the infosec community, and more. A self-described "infosec curmudgeon," Jack's insights, opinions, and humorous writing style are always worth a read.
Three posts we like from Uncommon Sense Security:
A leading provider of unified security management and community-powered threat intelligence solutions, AlienVault maintains an informative blog covering topics of interest to the infosec community, including news, emerging threats, tips and tricks, and more.
Three posts we like from AlienVault Blog:
- Mitigating Blockchain Analysis: Mixing Cryptocurrency
- How Dangerous are Impersonation Attacks?
- How to Handle Meltdown and Spectre: Patch, But Don’t Rush It
...And You Will Know Us by the Trail of Bits is the official blog of Trail of Bits, an enterprise infosec consulting firm founded by Dan Guido and Alexander Sotirov. The blog offers expert infosec advice based on consulting experience at some of the world's most advanced security programs. The blog provides excellent educational content focused on vulnerabilities, exploits, malware, and more.
Three posts we like from ...And You Will Know us by the Trail of Bits:
- An accessible overview of Meltdown and Spectre, Part 1
- Videos from Ethereum-focused Empire Hacking
- How are teams currently using osquery?
BH Consulting IT Security Watch covers security news and major data breach news that impacts both consumers and enterprises, featuring insights from Brian Honan, Lee Munson, Gordon Smith, and other thought leaders and contributors. The blog is a monthly digital publication highlighting the most interesting news and articles related to the security field. Much of the coverage is relevant worldwide, though some are specific to BH Consulting news and Ireland.
Three posts we like from BH Consulting IT Security Watch:
- Prepare for breach: 10 steps to better incident response planning
- ISP’s Wi-Fi weakness highlights privacy and security shortfalls as GDPR approaches
- Reporting for duty: how sharing information helps to tackle cybercrime
Cisco's industry-leading threat intelligence team aims to protect organizations' people, data, and infrastructure from active adversaries. The Talos blog was launched in 2008 and has become a comprehensive resource on the latest security approaches, emerging threats, and sound advice for protecting your organization from the evolving threat landscape.
Three posts we like from Cisco Talos:
- COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
- Olympic Destroyer Takes Aim At Winter Olympics
- Targeted Attacks In The Middle East
Duo provides tools, including two-factor authentication, endpoint security, and single sign-on, to enable your users to securely and reliably access your applications. The Duo Blog is regularly updated with insights on the latest threats, security tips, tricks, and techniques, and other news of interest in the modern information security space.
Three posts we like from Duo Blog:
- Ensuring Data Confidentiality, Integrity & Availability for GDPR
- Cloud and Aerospace Defense Contractors Targeted by Phishing Emails
- Everything is Changing: A Modern Security Model for the Public Sector
The F-Secure Weblog by F-Secure's Security Research and Technology fellows. The blog is research-heavy, with lots of educational content covering the latest findings from F-Secure Labs. Focal points include vulnerability discoveries, software patches, mobile security, and more.
Three posts we like from the F-Secure Weblog:
- Some Notes on Meltdown and Spectre
- Someone is Building a Finnish-Themed Twitter Botnet
- Working Around Twitter API Restrictions to Identify Bots
FireEye takes a three-pronged approach to security, encompassing innovative technologies, expertise, and threat intelligence capabilities, addressing the complete security operations lifecycle from end to end. Likewise, the FireEye blog encompasses three key focal areas: threat research, products and services, and perspectives from executives, covering the latest advanced threats, cyber attacks, threat research, and threat intelligence, as well as news and trends in cyber security with a focus on how those threats impact business.
Three posts we like from FireEye Blog:
- No Signs of ‘Over-Phishing’ Yet: Tracking One of the Most Prevalent Initial Attack Vectors
- The Changing Stakes of Cyber Security for the C-Suite
- Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations
Flashpoint's experts share their unique discoveries, observations, and opinions on trending topics in business risk intelligence, the deep web, and the dark web. The blog dives into specific industries and even publishes podcast episodes.
Three posts we like from Flashpoint:
- Bots Used to Amplify Influence Across Twitter
- Tax Season is Prime Time for Business Email Compromise
- Criminals Finding FinTech to Their Liking
Davi Ottenheimer, David Willson, Matthew Wallace, and Bryan Zimmer comprise the team behind security consultancy flyingpenguin. Ottenheimer has more than two decades of experience managing global security operations and assessments, including 10 years of experience leading incident response and digital forensics, and he is the chief blogger behind the flyingpenguin blog, offering in-depth analysis of information security news, events, and developments. Davi was in Episode 11 of the Digital Guardian podcast, during which he discussed the role of artificial intelligence and machine learning in the security space.
Three posts we like from flyingpenguin:
- 2018 AppSec California: “Unpoisoned Fruit: Seeding Trust into a Growing World of Algorithmic Warfare”
- 2017 BSidesLV: Hidden Hot Battle Lessons of Cold War
- Where does the expression 101 come from?
Google Project Zero is a team of security analysts tasked with sniffing out zero day vulnerabilities. Project Zero was first announced on July 15, 2014, and the blog has been operating since late 2014. It's a treasure trove of in-depth research and analysis from the Project Zero team, which consists of some of the most forward-thinking minds in the information security space.
Three posts we like from Google Project Zero:
- Reading privileged memory with a side-channel
- aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
- Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs
Sophos' Naked Security blog is great for security news. The blog features content from a wide range of security experts with a focus on malware, consumer privacy, social media security, and more.
Three posts we like from Naked Security:
- Google drops new Edge zero-day as Microsoft misses 90-day deadline
- Broadband network plagued by wheezy old cryptomining gadget
- Hackers sentenced for SQL injections that cost $300 million
Objective-See was created to provide simple, effective OS X security tools to address the growing need for security solutions as Macs became more prevalent. This blog is managed by Patrick Wardle, Founder and Chief Research Officer at Digita Security. Wardle has presented at more than 25 security conferences including Black Hat, DefCon, RSA, and other leading security events.
Three posts we like from Patrick Wardle's Objective-See blog:
Recorded Future aims to organize and analyze threat data in a new, innovative way to support better, faster, and more comprehensive security. The company's goal is to provide organizations with real-time, contextualized threat intelligence, enabling them to address threats proactively at the speed and scale demanded in modern times. The Recorded Future blog focuses on news and analysis of the latest concerns in the infosec landscape.
Three posts we like from Recorded Future:
- Making Threat Intelligence Less Like Manual Labor
- Using the Right Threat Intelligence Tools for the Job
- What Lies Beneath: Protecting Your Data From Dark Web Denizens
Tripwire provides compliance and IT operations solutions for enterprises, industrial organizations, service providers, and government agencies. Tripwire's The State of Security blog offers news, trends, and insights on the latest happenings in the evolving cybersecurity space.
Three posts we like from Tripwire - The State of Security:
- Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings
- Cyber Breaches: The Game of Shifting Liabilities
- The Financial Fallout of a Cyber Attack on a Business
Application security firm Veracode's blog has grown into one of the leading sources for appsec news and insights. With regular contributions from security experts such as Laura Paine, Suzanne Ciccone, John Zorabedian, and others, the blog offers informed commentary on the latest security issues. Favorite topics include application security testing, software vulnerabilities, hacking, mobile security, and more.
Three posts we like from the Veracode Blog:
- How Static Analysis Has Changed in a DevOps World
- Hardcoded Credentials: Why So Hard to Prevent?
- What Developers Need to Know About the State of Software Security Today
Security News Blogs
Cyber Sins is the blog of Rishi Narang, a consultant, writer, and researcher who focuses on cyber security and threat intelligence. The blog offers information about cyber attacks, web security, and more subjects in information security.
Three posts we like from Cyber Sins:
- DevSecOps is coming! Don't be afraid of change.
- I know I haven't patched yet, and there's a zero-day knocking at my door
- Are you using SIEM as a service?
InfoSec Island aims to provide a place for IT and network professionals to go to find help and information quickly and easily, by combining an online community, infosec portal, and a social network. Infosec Island’s blog features several contributors and includes information about the Cloud, malware, cyberattacks, and more topics related to information security.
Three posts we like from Infosec Island:
- Three Ways to Take Home the Gold When It Comes to Cybersecurity at the Olympics
- Advancing the Usability of PKIs
- The Five Secrets to Making Security Awareness Work in 2018
Kevin Townsend’s IT Security blog aims to present and discuss information security in a “new and challenging manner.” A panel of leading information security experts contribute regularly, offering an expert perspective on many of the pressing news stories and incidents impacting the field of information security today. Contributors include Dr. Brian Bandey, David Harley, Bev Robb, and other thought leaders, as well as, of course, Townsend himself.
Three posts we like from IT Security:
- GDPR Material and Territorial Scopes
- Uh Oh 365
- The Equifax Breach – Another case for professionalizing Information Security
All the breaking IT security news you need to stay abreast of the latest happenings in the industry are found at IT Security Guru – first thing in the morning. With the goal of compiling all the most pressing industry news in one spot, IT Security Guru makes it easy for you to keep your finger on the pulse of the InfoSec world without spending hours searching the Internet or scrolling through dozens of blogs and news sites.
Three posts we like from IT Security Guru:
- Critical national infrastructure is only as vulnerable as the standard of technology protecting it
- Europe’s Hacktivists Set Sights on Political Entities
- How cryptojacking came to be, what to watch out for, and how Citrix can help you avoid it like the plague!
SANS Security Awareness provides training classes, training materials, and other resources necessary for educating not only Security Awareness specialists, but also the end users within organizations. The SANS Security Awareness Training Blog touches on current news, events, and insights and opinions on effective security awareness planning and training.
Three posts we like from SANS Security Awareness Training Blog:
- Applying Security Awareness to the Cyber Kill Chain
- Public Wi-Fi Attacks - Starbucks
- How Can I Tell This is an Attack? - Amazon Support Phish
Security Affairs is the blog of Pierluigi Paganini, a member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and a member of the Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation. He's also the Director of the Master in Cyber Security at Link Campus University, a Security Evangelist, Security Analyst, and Freelance Writer. Also serving as Editor-in-Chief of Cyber Defense Magazine, Paganini brings a wealth of expertise to this regularly updated blog that covers everything from cyber warfare to deep web, IoT, laws and regulations, malware, security, and more.
Three posts we like from Security Affairs:
- City Union Bank is the last victim of a cyber attack that used SWIFT to transfer funds
- 90 days have passed, Google discloses unpatched flaw in the Microsoft Edge browser
- COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign
The Security Ledger is run by Paul Roberts, former ThreatPost editor and analyst at 451 Research and Kaspersky Lab. The independent blog focuses on cybersecurity, bringing insight to subjects such as the internet of things, malware, government policy, and consumer security.
Three posts we like from The Security Ledger:
- NIST Floats Internet of Things Cybersecurity Standards
- Researchers Warn of Physics-Based Attacks on Sensors
- Update: Two Years After Discovery Dangerous Security Hole Lingers in GPS Services
Paul Asadoorian’s Security Weekly features a weekly live video broadcast, along with written posts, covering the latest InfoSec news, hacker techniques, tutorials, InfoSec research, and more. With a mix of technical content and entertainment, Security Weekly’s objective is to “use new technologies to reach a wider audience across the globe to teach people how to grow, learn, and be security ninjas.”
Three episodes we like from Security Weekly:
- Domain Persistence, Javelin Networks – Enterprise Security Weekly #80
- NopSec, Palo Alto, & Microsoft – Enterprise Security Weekly #80
- Microsoft, Lenovo, Romance Scans, and Crypto Mining – Hack Naked News #161
You'd be hard pressed to find a "Best of InfoSec" blog list that doesn't include ThreatPost. Billed as "an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide ," ThreatPost is run by a team of recognized infosec experts with a focus on topics such as privacy, web security, vulnerabilities, and more.
Three posts we like from ThreatPost:
- Intel Expands Bug Bounty Program Post-Spectre and Meltdown
- Reported Critical Vulnerabilities In Microsoft Software On the Rise
- Researchers Find New Twists In ‘Olympic Destroyer’ Malware
Wired is an established digital publication focused on technology and gear, but it's not as widely recognized for its impressive coverage of the InfoSec realm, though it should be. Wired talks privacy, crime, and security online, delving into clever hacks and workarounds and reporting on the latest security news impacting consumers and professionals in the field.
Three posts we like from Wired's Threat Level:
- Hack Brief: Dangerous 'Fireball' Adware Infects a Quarter Billion PCs
- Feds Charge NSA Contractor Accused of Exposing Russian Hacking
- Hackers Are Trying to Reignite WannaCry With Nonstop Botnet Attacks
ZDNet's Zero Day is your source for the latest news and insights in software and hardware security research, threats, vulnerabilities, cyberattacks, and other happenings of interest to the modern information security professional.
Three posts we like from Zero Day: