Security News Analyzed

Updated page 03/12/2021

Now that we are moving on to the 2nd year of pandemic – even though things are opening a little bit in a few states, I am going to keep most of the stats the same as the last time (in Nov/20).  I did decide to change things up a bit to add another category, a “high news value” and so a lot of the ratings changed Threatpost is still first, but Internet Storm center took 2.

 

  1. Cybersecurity value (subjective (my prerogative) (first value)
  2. Industrylinks (‘Cybersecurity’ keyword) ( second value)
  3. Attacker information (China, Russia, and others) (third value)
  4. Google importance information site discusses relevant Google news)  (fourth value)
  5. Recent updates frequency   (fifth value)
  6. video/audio(podcasts) relevance my subjective value – I am giving Irongeek.com a 10 and going down from there, but these are initial values, Changed these values in June 1, 2018
  7. High cybersecurity value

I keep the list and its numbers in a spreadsheet so I can make changes when necessary.

Top informational sites 1-10

1. Threatpost  has many good posts. 

2.   Internet Storm Center SANS: an Industry leader in Security certification and training – the place to go to work on technical skillsets within Cybersecurity and this is their daily log of current events.

3.  Dark readingis an InformationWeek Security blog with good Security topics

4. Fire Eye Blog  – A blog from the company that found the initial China  attack angle.

5. SCMagazine – Security magazine consistently has good Security articles and has been honored with national honors from ASBPE http://www.scmagazine.com/sc-wins-three-top-national-honors-from-asbpe/article/511656/

6.   Reddit section “netsec” https://www.reddit.com/r/netsec/  has very good posts frequently – Lots of new good posts. I switched the link to the “old” reddit look, as one can see all the posts easier in my opinion.  
7. With a special interest in KrebsonSecurity  David Krebs has authored “SpamNation” is looked at for computer breach news – He was a journalist, now Darknet reviewer and more.  
8.  TechNewsWorld has a decent number of good articles http://www.technewsworld.com/perl/section/cyber-security/  

9. CISA – Cyber infrastructure Security Agency – latest information of many vendors security updates

10.  Bruce Schneier, a security expert writing about cyber security since 1998 – excellent theorist and book writer.

11.  Stay safe online, A national Cybersecurity Alliance effort to help people improve Cyber Security

12.  NakedSecurity by Sophos (AV company)keeps up on malware news (antivirus etc)

13.  Homeland Security News Wire http://www.homelandsecuritynewswire.com/topics/cybersecurity  Has many relevant cybersecurity news stories.  %5-7-6-8-0=26%  Some value, but high Google ranking, high updates, no video

14. defenseone.com a news site of global security topics.

15.  The Register a classic IT news site   has some interesting angles. 

16. http://www.infosecurity-magazine.com/  Decent news topics general in nature.  And don’t forget Infosec magazine’s Blogs: http://www.infosecurity-magazine.com/blogs/  

17. ZDNet Zero Day blog by ZDNet – new info about hacker some value

18.  SucuriBlog   http://blog.sucuri.net/ WordPress developer Blog about security, Has other topics , we use this plugin has excellent WordPress insights

19. Cisco’s Talos Blog   Excellent threat research and more

20. Securelist Blog  (A Kaspersky Lab endeavor)  and their Twitter feed seems to be in Germany.

21. Realclearscience.com  A site that puts together relevant links from many media outlets. Good Overview of many sites.

22. SANS Digital Forensics Blog is a good forensics blog with some new posts

23. Rand Corp Blog is where the Cybersecurity researcher Martin Libicki writes – Rand Corp is a prestigious science research institution among other items.

24.  Malwarebytes Unpacked the https://blog.malwarebytes.org/ Blog of malwarebytes (excellent AV app).

25. Rapid7 has a Security Blog well researched posts: https://blog.rapid7.com/

26.   TrendMicro Security Intelligence Blog is kept up and has good topics

27. ISACA Now Blog http://www.isaca.org/Knowledge-Center/Blog/default.aspx  which is the Information Systems Auditing and Control Association Blog

28. White Hat Security Blog https://www.whitehatsec.com/blog/  White Hat security is a company that consults on application security – I have seen some of their researchers. 

29.  Securosis a blog with good content (sometimes does not post frequently)

30. Had to move since the pandemic hit – no conferences IronGeek.com  as it is the video repository for constant reviews of latest Security conferences. If you want to stay up to speed on detailed and up-to-date Cybersecurity information then you must check this out frequently.

Dropped out of top30 or adding new blogs to review periodically:

https://security.googleblog.com/ Blog about Google’s efforts in Security   has some good google stuff, but not much else.

http://www.freeforensics.org/ A blog started in March 2016 – about forensics and other topics (ransomware details)

moving IBM Security  out of top 30 X-Force website and the blog page X-Force bloggers  is good, but updated infrequently & pro IBM of course.

Also moved BugSEC as it is not updted often but is blog decent review of Cyber threats – from a security company in Israel

Could use this link in future…

https://bugs.chromium.org/p/project-zero/issues/list

  Bitdefender LABS has  some good posts (including new Ransomware tool https://labs.bitdefender.com/
MUST SEE LINKS:
US-CERT: United States Computer Emergency Response team  https://www.us-cert.gov

HIPAA: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html   PCI: https://www.pcisecuritystandards.org/

New addition(12/3/15): Amazon Web Services Bulletins(AWS) https://aws.amazon.com/security/security-bulletins/ 
removing Twitter and other stuff 01/19/16  keeping the repositories of interesting Cyber items.
NIST Publications  are important as they get referenced by a lot of compliance standards http://csrc.nist.gov/publications/PubsSPs.html 800-115 is the one for pentesting  :
Technical Guide to Information Security Testing and Assessment SP 800-115
Phrack.org   Papers on exploiting operating systems and other items like Stack-based buffer and memory overflow.  (does not get updated often)
 footnotes:
  1.  http://www.sorting-algorithms.com/

https://fixvirus.com/contact-us/ to test your cybersecurity