Resources related to information security, including news and
opinion and more on software and application flaws and fixes, data breaches,
the inside threat the latest hacker attacks.
TechRepublic helps IT decision-makers identify technologies and
strategies to empower workers and streamline business processes. Their
security section dives into the latest threats surrounding cyber security.
US-CERT’s mission is to improve the nation’s cybersecurity
posture, coordinate cyber information sharing, and proactively manage cyber
Privacy, crime, and online security are the topics that carry
the headlines here. You’ll find everything from opinionated pieces, to the
latest threat alerts.
Staying on top of the latest in software/hardware security
research, vulnerabilities, threats and computer attacks. The Zero Day blog on
ZDNet is a must for anyone keeping track of the industry.
The Center for Education and Research in Information Assurance
and Security blog is where Gene Spafford shares his expertise. It’s called the
center for multidisciplinary research for a reason.
Areas of focus include information security, physical security,
business continuity, identity and access management, loss prevention and more.
Dark Reading is a comprehensive news and information portal
that focuses on IT security, helping information security professionals manage
the balance between data protection and user access.
This is Google’s own security blog, which focuses on all of the
latest developments in the security world. Get the latest news and insights
from Google on security and safety on the Internet.
NBC News Red Tape Chronicles brings you news stories and
information on the latest developments in the cyber security space. Find
topics that range from privacy to security.
You can expect all of the latest news and zero day alerts from
this IT security news site. The content is updated daily and is a major news
source for everything to do with cyber security.
The Internet Storm Center gathers millions of intrusion
detection log entries every day, from sensors covering over 500,000 IP
addresses in over 50 countries.
Bruce Schneier is an internationally renowned security
technologist, and called a “security guru” by The Economist. He knows his
stuff and is a voice in the cyber security industry.
This is another Kaspersky Lab web property that focuses on
malware, phishing, and the cyber security industry. There is no shortage of
information and news on what’s happening in the cyber world.
The Symantec Weblog uses global research to provide
unparalleled analysis of and protection from malware, security risks,
vulnerabilities, and spam.
The Guardian is a respectful, global media company that
highlights issues across many areas. Their Information Security Hub lives up
to the coverage they offer in other areas and focuses on security.
Information on malware and protecting yourself online. From
malware alerts to practical online security tips, the Zone Alarm blog will
keep you briefed on the latest industry news.
BH Consulting’s Security Watch Blog was formed to regular,
informed with content detailing everything you would want to know about
information security and web threats.
Contagio is a collection of the latest malware samples,
threats, observations, and analyses. Get informed, technical education on the
newest forms of malware.
CyberCrime & Doing Time ia a blog about cyber crime and justice
related issues. Gary Warner from Malcovery owns this blog and offers up
educational and engaging posts on the latest threats.
David Lacey’s IT Security Blog offers the latest ideas, best
practices, and business issues associated with managing security. The blog is
hosted on ComputerWeekly.com.
Dell Securework’s Security & Compliance blog is dedicated to
providing up-to-date news and information to help IT professionals and others
keep their business secure online.
Safe and Savvy blogs about how to protect your online life and
the irreplaceable content on your computer. They write about real-life
experiences while providing helpful tips on security issues.
Information technology is the main topic on the Fox IT security
blog. From news to opinions, Fox IT provides excellent content for anyone
interested in technology and security.
The Fortinet cyber security blog has something for everyone.
There are articles on security research and industry trends, as well as, a
healthy section focusing entirely on Security 101.
Help Net Security has been a prime resource for information
security news since 1998. The site always hosts fresh content including
articles, new product releases, latest industry news, podcasts and more.
What more can you ask for? It’s an online magazine dedicated
entirely to the strategy, insight, and techniques that are a daily part of the
cyber security industry.
Brian Krebs is the face of cyber security journalism. As a
former writer for the Washington Post, Krebs is able to take is skills as an
investigative journalist to the task and provide the most in-depth coverage of
Malwarebytes is at the forefront of malware protection, which
makes this the perfect blog to stay up-to-date with the latest zero day
threats and cyber security news.
The McAfee security blog talks about research and threat
analysis, as well as, provides knowledgeable insight into malware and zero day
threats that plague businesses and consumers.
The Microsoft Malware Protection Center (MMPC) is committed to
helping Microsoft customers keep their computers secure. The MMPC stays agile
to combat evolving threats.
Naked Security is Sophos’s award-winning threat news room,
giving you news, opinion, advice and research on computer security issues and
the latest internet threats.
Network Computing’s content adheres to the valuable “For IT, By
IT” methodology, delivering timely strategy & tactics, news, in-depth
features, expert reviews, and opinionated blogs.
SANS Software Security focuses the deep resources of SANS on
the growing threats to the application layer by providing training,
certification, research, and community initiatives.
SC Magazine arms information security professionals with the
in-depth, unbiased business and technical information they need to tackle the
countless security challenges they face.
Search Security provides immediate access to breaking industry
news, virus alerts, new hacker threats and attacks, security and certification
SANS is the most trusted and by far the largest source for
information security training and security certification in the world, which
makes their blog a must read for security professionals.
Neil Rubenking heads the charge on PC Mag’s Security Watch. His
style is witty and he post frequently, so you’ll always find something
worthwhile to read.
StopBadware is a nonprofit anti-malware organization whose work
makes the Web safer through the prevention, mitigation, and remediation of
Sucuri knows all about malware and WordPress security. It’s
what they do. You’ll find no shortage of expert advise on how to secure your
WordPress site and keep it malware-free.
Richard Bejtlich’s blog on digital security, concentrating on
global challenges posed by China and other targeted adversaries. Definitely a
blog that has been a fixture in the security community.
The cyber security section on Techworld.com covers news on the
latest threats and zero-day exploits. They also offer an abundance of topics
ranging from security to how-tos, as well as, technology reviews.
The Honeynet Project members engage the broader security
community and educate the public about threats to systems and information.
Threatpost, The Kaspersky Lab security news service, is an
independent news site which is a leading source of information about IT and
business security for hundreds of thousands of professionals worldwide.
Threat Track Security’s IT blog has its thumb on the pulse of
the industry. Whether you are in the IT industry or not, if you are interested
in security, this blog is for you.
Trend Micro Simply Security offers independent news and views
as well as expert insight from Trend’s security experts. The site covers
topics ranging from cloud security, data protection, security and privacy.
Veracode Security Blog: Application security research, security
trends and opinions. Everything you want to know about if you work in infosec
Unmask Parasites focuses on reviewing the latest security
threats, zero days, and exploits. There is everything from security-related
news, to information on keeping your site secure and malware-free.
We Live Security is a site about research and information, not
products. We Live Security’s writers represent the cream of ESET’s researchers
and writers. They deliver in-depth research and analysis on security.
Tracking and demystifying cybercrime is what happens here. The
author never fails to produce consistent, detailed breakdowns of the latest
malware and security tools.
BankInfoSecurity is a multi-media website published by
Information Security Media Group, Corp. (ISMG), a company specializing in
coverage of information security, risk management, privacy and fraud.
From sophisticated DDoS botnet attacks to phishing, the
Cyveillance blog will keep you up-to-date with breaking cyber security news
and information on everything related to web threats, malware and security.
Forbe’s Firewall covers cyber security news and information on
the latest exploits and trends affecting the industry. The articles are on
point and informative, with the quality you can expect from Forbes.
GovInfoSecurity is a multi-media website published by
Information Security Media Group, Corp. (ISMG), a company specializing in
coverage of information security, risk management, privacy and fraud.
Graham Cluley is an award winning cyber security blogger and
independent computer security analyst. His blog reflects his knowledge and
experience in the industry.
Security Now is a weekly podcast hosted by Steve Gibson and Leo
Laporte. The show is sponsored by Gibson Research Corporation, a company
specializing in data recovery and security.
This blog covers the sizzling world of computer security.
You’ll find plenty of steamy stories from the dynamic world of internet fraud,
scams, and malware.
From analyst reports to case studies, to blog posts and white
papers, the Imperva blog keeps step with the latest malware and security
threats. You’ll find information on DDoS, malware, and zero day threats.
Written by the staff of SearchSecurity.com and Information
Security magazine, Security Bytes covers topics across the spectrum of
security, privacy and compliance.
ITProPortal.com was one of the very first technology websites
to launch in the UK back in 1999 and has grown to become one of the UK’s
leading and most respected technology information resources.
This blog by Lenny Zeltser focuses on information security.
Lenny is a business and tech leader with extensive hands-on experience in IT
and information security.
One man’s views on security, privacy – and anything else for
that matter. Trends, information, news: you’ll find it all on the Network
Security blog, and what’s more is it’s delivered with style.
This blog covers everything you need to know about internet
threats. The PandaLabs blog keeps you abreast of the latest developments in
PaulDotCom Security weekly’s mission is to provide free content
within the subject matter of IT security news, vulnerabilities, hacking, and
The views of one man on security, privacy and anything else
that catches his attention. Security expert Martin McKeay talks about malware,
privacy and security on this blog.
Hoff’s ramblings about information survivability, information
centricity, risk management and disruptive innovation. Hoff was a CISSP, CISA,
CISM and NSA IAM, he now spends the AMF money on coffee.
Risky.biz is another security podcast that focuses on covering
recent developments in cyber security and the threat landscape. The show has
been around since 2007, and takes a light approach to security
Their research provides cutting-edge insight into solving tough
security problems. There are countless articles on the latest cyber security
trends and threats.
The Seculert blog is a security blog with a focus on Advanced
Persistent Threats and malware. There is no shortage of network security tips
and insider information on the latest zero days.
Rapid7 provides vulnerability management, compliance and
penetration testing solutions for web applications, network and database
security. Their community, Security Street covers all of these issues.
Securosis is the world’s leading independent security research
and advisory firm, offering unparalleled insight and unique value to meet the
challenges of managing security and compliance in a Web 2.0 world.
SilverSky is a cloud security services provider with a lot of
knowledge in the industry. Their blog, the Altitude blog, is updated regularly
with news and information every security professional should be aware of.
SpiderLabs is an elite team of ethical hackers, investigators
and researchers at Trustwave advancing the security capabilities of leading
businesses and organizations throughout the world. The site covers the latest
Social-Engineering.org is a cyber security blog that covers a
wide range of security related topics. The site is also home to a podcast and
a team of security professionals who share their expertise on all things
The Security Skeptic blogs about all matters related to
Internet Security, from domain names (DNS), firewalls and network security to
phishing, malware and social engineering.
Moxie Marlinspike’s blog covers computer security and software
development, particularly in the areas of secure protocols, cryptography,
privacy, and anonymity.
Software architect and Microsoft MVP, you’ll find Troy Hunt
writing about security concepts and process improvement in software delivery.
The quality of content found here makes this blog worth visiting.
Gunnar Peterson weaves his thoughts on distributed systems,
security, and software together on his blog 1 Raindrop. The blog is both
informative and insightful, and the coverage is on point.
Andrew Hay is the Director of Applied Security Research and
Chief Evangelist at CloudPassage, Inc. This is his personal blog where he
talks about security and other news.
Carnal Ownage is a must stop for security researchers and
hackers alike. This cyber security blog goes into excruciating detail on
attack methodology and highlights the threats your organization should be
This blog covers fun, useful, interesting, security related
(and non-security related) tips and tricks associated with the command line.
Find tips on OS X, Linux and Windows.
This blog covers trends and fads, tactics and strategies,
intersecting with third-party research, speculations and real-time CYBERINT
assessments, all packed with sarcastic attitude.
Don’t Learn to HACK – Hack to LEARN. That`s the motto at
Darknet. The site covers ethical hacking, penetration testing, and computer
security. Learn about interesting infosec related news, tools and more.
Errata Security is a team of dedicated security researchers
that practice offensive security. The insight gained from research is
delivered on the blog, which covers a variety of topics and real world
Chris Nickerson and Ryan Jones take it up a notch in their
cyber security podcast. They routinely thumb their nose at the typical
industry rhetoric and offer insight and commentary you won’t hear anywhere
HackSurfer was formed by a group of businessmen and women,
engineers, mathematicians, linguists and information analysts with a passion
for making simple, powerful use of big data.
The InfoSec Institute resources section has a broad selection
of content and research on cyber security, threats, and of course, infosec.
You’ll also find tutorials, training videos and more.
Javvad Malik has worked in information security for his entire
career and covers different aspects of security on his blog, J4vv4D. He also
regularly offers his insight through entertaining and informative YouTube
In a world that seems to be losing the notion of journalism,
Liquidmatrix Security Digest remains committed to long form articles that dig
into the major issues affecting the industry with Feature articles.
This is Malcovery Security’s contribution to the knowledgebase
of information security issues. They provide relevant insight and opinions on
all of the newest threats faced by the industry.
Malware Don’t Need Coffee is a cyber security blog that focuses
on malware research and provides educated commentary on all the latest
exploits and security bugs. The site covers research in all areas of network
Wesley McGrew understands security and the nature of today’s
digital landscape, especially its impact on infrastructure and business
security. His blog covers all of the important cyber security stuff.
Since 2007, the Network Security Podcast has been dishing out
the dirt on cyber threats and security issues faced by the industry. It’s a
great resource if you want to hear a discussion on what’s happening in infosec.
This blog is inspired by the book and the movement towards a
New School. The New School of Information Security is a book by Adam Shostack
and Andrew Stewart, published in 2008.
Founded in January of 2008 on a Saturday evening,
NovaInfosec.com is dedicated to the community of Northern Virginia-,
Washington, DC-, and southern Maryland-based security professionals.
The Packet Pushers Podcast offers deeply technical, hardcore
discussions on the latest security trends. Co-hosts Greg Ferro and Ethan Banks
lead the show with their many years of network engineering.
Pierluigi Paganini is a company director, researcher, security
evangelist, security analyst and freelance writer. His blog Security Affairs
stays abreast of all the latest in cyber security.
Security Bistro is where security experts come together for
good talk, information on the latest ingenious threats and, one hopes, the
latest clever ways to counter them.
Find tips on computer security, choosing a password properly,
and other practical online security tips. No shortage of interesting content
circling the technology space here.
Gemini Security Solutions, Inc. is an information security
consulting firm that applies creativity, passion, and insight to defend
against today’s growing threats. Their blog, Security Musings, covers
Jennifer (Jabbusch) Minella aka JJ is a network security
engineer and consultant with 15 years of experience. She shares her knowledge
on infosec on her blog and offers plenty of information on the latest security
This blog has been on the cyber security scene since as far
back as 2006. The blog covers malware, rogues, ransomeware and everything else
related to cyber security.
StillSecureAfterAllTheseYears.com (yes, a really long domain!)
is the AShimmy Blog, Alan Shimel’s personal blogger blog on security, work,
and family life.
Ben Tomhave is a security professional that has served the
industry in a variety of roles and security positions. This is reflected in
his writing and the knowledge shared on his cyber security blog.
You’ll find links and commentary related mostly to online
privacy and security, particularly with social networking. The blog started
back in 2007 and has been going ever since.
The SFS Podcast is designed to be an information security
podcast that fills the gap between technical security podcasts and Security
Now. This podcast offers respectful insight on the state of security.
Small business information security has been an oxymoron for
too long. Uncommon Sense Security is attempting to change that. The blog is
entertaining, and informative at the same time.
Andy Ellis is the Chief Security Officer of Akamai
Technologies. Opinions here are mostly his own. His blog dives into the issues
centered around cyber security and technology.
A U.S. Army Retired Chief Warrant Officer with more than 40
years in information technology and 35 years in information security leads the
charge on this blog, offering daily news on the industry.
The UK based IT Security Expert blog by Dave Whitelegg CISSP
CCSP providing general Information Security advice & help in securing the home
PC & home computer user, as well as business IT systems.
A virtual community of social networks for IT professionals
located throughout the world. A great way to connect and collaborate with
others in the cyber security industry.
Michael D. Peters has been an independent information security
consultant, executive, researcher, author, and catalyst with many years of
information technology and shares that information on his site.
Rivalhost is a DDOS mitigation company and web host that takes
an active stance on updating their customers and community with a mix of
topics on technology, cyber security, and DDOS.
This is a place to catch some opines on a pretty weird
combination of topics. You’ll likely see topics ranging from IT/Information
Risk Management to iOS, Node.js, and everything in-between.
SecurityXploded – the community division of XenArmor – is a
popular Infosec Research & Development organization offering free security
software, latest research articles and free cyber security training.
An information security professional, award winning blogger,
and industry commentator. Thom Langford talks about topics relating to
information security, risk management and compliance.
On his cyber security blog Brooks talks about mitigating risks
and business strategies as they relate to IT. There is never a dull post and
the author finds plenty of interesting security topics to dissect.
Ehacking.net explores ethical hacking, penetration testing, and
hacking. You’ll also find a wealth of tutorials on BackTrack and other
penetration testing tips. An ideal site for information security researchers.
An IT security blog that features general knowledge of IT
security, online crime news, and tips on how to deal with online and computer
threats. Plus, listings of information security threats and defenses.
This site is about computer and information security. It is
maintained by Kevin Townsend, the original founder of ITsecurity.com and a
freelance journalist and writer with more than 10 years experience.
Peter Silva covers security for F5 Networks Technical Marketing
Team. With his theatre background and knowledge of security his blog makes for
an interesting pit stop for security news.
Websense Security Labs does a great job of sharing information
and insight on the latest cyber security news. Their blog has been around
since ’07. There is plenty of material to dig through for research.
A blog that centers around the threat posed by distributed
denial of service (DDoS) attacks. You’ll find a news
section that offers a snapshot of the latest security trends, as well as,
epic posts highlighting the industry.
Dave Waterson is an experienced IT security technologist,
inventor of patented and patent-pending security technology in the anti-key
logging and anti-phishing fields.
Rafal Los has been working in the defensive side of security
for over 10 years. His blog, Following The Wh1t3 Rabbit, focuses on clearing
the confusion around security and offering tools to improve security.
FireEye has invented a purpose-built, virtual machine-based
security platform that provides real-time threat protection. FireEye has been
called a “hot security firm” — their blog backs that up.
HowTheyHack is a general tech blog surrounding themes related
to hacking and network security. Most of the posts are centered around
tutorials, hacking news, security exploits and the author’s opinions.
Technology.info combines the best of ITProPortal.com and IP
EXPO, offering a resource for IT professionals and those interested in
security. The boasts a wide variety of information security research and