Top30 Security Links to Review

Updated page 11/8/2024

Added Linuxsecurity – as it is a great place to find vulnerabilities (and I am all about that) Obviously for Linux systems, but there are a lot Linux systems these days including in IoT systems. So any site that gives us a leg up on information into Linux that is a great thing.

Thus rejiggered many others into 6-15.

  1. Cybersecurity value (subjective (my prerogative) (first value)
  2. Industrylinks (‘Cybersecurity’ keyword) ( second value)
  3. AI relevance (includes AI discussion or news (third value)
  4. Attacker information (China, Russia, and others) (fourth value)
  5. Google importance information site discusses relevant Google news)  (fifth value)
  6. Recent updates frequency   (sixth value)
  7. video/audio(podcasts) relevance my subjective value – Irongeek is gone – did not return after the pandemic live show lull, so looking for a ’10’ site.
  8. High cybersecurity value

I keep the list and its numbers in a spreadsheet so I can make changes when necessary.

Top informational sites 1-30

1. This blog/podcast site https://danielmiessler.com/  has a comprehensive look at AI and how to use it – why etc. Since I think this is important from now on (as well as regular cybersecurity discussions) it is #1 for now.

2. Linuxsecurity is a great site for Linux vulnerability information

3. Arstechnica has many good cybersecurity posts, there is also an interesting tag area for china..

4. Security Week New site for this list, but it is a standard industry zine.

5. The Hacker News – this is a headline news magazine – updates frequently. some good stuff.  I have read this site for a long time – pushed into3rd spot. (this is a site that an AI said was a top5 cybersecurity blog)

6. Dark reading is an InformationWeek Security blog with good Security topics

7. Internet Storm Center SANS: an Industry leader in Security certification and training – the place to go to work on technical skillsets within Cybersecurity and this is their daily blog of current events.

8.  TechNewsWorld has a decent number of good articles http://www.technewsworld.com/perl/section/cyber-security/

9. SCMagazine – Security magazine consistently has good Security articles and has been honored with national honors from ASBPE http://www.scmagazine.com/sc-wins-three-top-national-honors-from-asbpe/article/511656/
10. Reddit section “netsec” https://www.reddit.com/r/netsec/  has very good posts frequently – Lots of new good posts. I switched the link to the “old” reddit look, as one can see all the posts easier in my opinion. 
11. Another new site: https://cybernews.com/ -moved it down a bit, ok but maybe not in top6.

12. TheCyberPost  The Cyber Post was created with the intention of giving the world the low down in the cyber-security world: “Says the site in the about page”.

13. With a special interest in KrebsonSecurity  David Krebs has authored “SpamNation” is looked at for computer breach news – He was a journalist, now Darknet reviewer and more.  
14. CISA – Cyber infrastructure Security Agency – Spotlight on at the CISA website – they have updated this to be more relevant with current attacks and more… (this is a site that an AI said was a top5 cybersecurity blog)

15. https://cybersecurity-magazine.com/  just added has some value

16. Cyware.com    A new link for some slightly different amalgamation of cybersecurity news. found this through a search on cyber security news.

17. https://cyberscoop.com/  added Cyberscoop as it has some value

18. Bruce Schneier, a security expert writing about cyber security since 1998 – excellent theorist and book writer.

19. Homeland Security News Wire http://www.homelandsecuritynewswire.com/topics/cybersecurity  Has many relevant cybersecurity news stories.  %5-7-6-8-0=26%  Some value, but high Google ranking, high updates, no video

20.Mandiant Blog Has now morphed into Google Cloud threat intelligence

21. The Register a classic IT news site   has some interesting angles. 

22. http://www.infosecurity-magazine.com/  Decent news topics general in nature.  And don’t forget Infosec magazine’s Blogs: http://www.infosecurity-magazine.com/blogs/  

23.  SucuriBlog   http://blog.sucuri.net/ WordPress developer Blog about security, Has other topics , we use this plugin has excellent WordPress insights

24. NakedSecurity by Sophos  has  changed to Sophos News X-ops where the articles have been divided into several sections: Security Operations, Threat Research and AI Research .

25. Malwarebytes Unpacked the https://www.malwarebytes.com/blog Blog of malwarebytes (excellent AV app).

26. Rapid7 has a Security Blog well researched posts: https://blog.rapid7.com/

27. Securelist Blog  (A Kaspersky Lab endeavor)  and their Twitter feed seems to be in Germany.

28. SANS Digital Forensics Blog is a good forensics blog with some new posts

29. Rand Corp Blog is where the Cybersecurity researcher Martin Libicki writes – Rand Corp is a prestigious science research institution among other items.

30. ISACA Now Blog http://www.isaca.org/Knowledge-Center/Blog/default.aspx  which is the Information Systems Auditing and Control Association Blog

Dropped out of top30 or adding new blogs to review periodically:

ZDNet Zero Day blog by ZDNet – new info about hacker some value(got bumped 11/8/24)

 Stay safe online, A national Cybersecurity Alliance effort to help people improve Cyber Security  (latest site to drop out of top30 – as of 4/17/24)  it is more of a site to help basic users with basic cyber hygiene, rather than news etc, vulnerabilities so will remove for now.

 https://security.googleblog.com/ Blog about Google’s efforts in Security   has some good google stuff, but not much else.   (took off top30 as it has less relevance for now. (2/22/24)

TrendMicro Security Intelligence Blog less updates. not so relevant any more (2/22/24)

White Hat Security Blog https://www.whitehatsec.com/blog/  White Hat security is a company that consults on application security – I have seen some of their researchers.   lost some value as they do not keep up (2/22/24)

Realclearscience.com  A site that puts together relevant links from many media outlets. (it lost some standing since it is not focused on cyber so much) (removed 2/22/24)

Moved since the pandemic hit -too few updates had to drop out of top30 IronGeek.com  as it was the video repository for constant reviews of latest Security conferences. (01/27/23)

Removed Cyber Security Magazine unfortunately this link /website is no longer  updating very much, so I will remove for a while (10/6/23)

Removed port swigger (04/14/23) as it went dark (decided to no longer update :

The Daily Swig Cybersecurity News and Views –  https://portswigger.net/daily-swig  This company put burpsuite on the market many years ago.

Securosis a blog with good content (sometimes does not post frequently) less frequency got to drop (01/27/23)

Removed Talos link due to lack of updates: Cisco’s Talos Blog   Excellent threat research and more  (1/29/22)

Removed Defenseone link no longer works (8/22/22)

https://security.googleblog.com/ Blog about Google’s efforts in Security   has some good google stuff, but not much else.

http://www.freeforensics.org/ A blog started in March 2016 – about forensics and other topics (ransomware details)

moving IBM Security  out of top 30 X-Force website and the blog page X-Force bloggers  is good, but updated infrequently & pro IBM of course.

Also moved BugSEC as it is not updted often but is blog decent review of Cyber threats – from a security company in Israel

Could use this link in future…

https://bugs.chromium.org/p/project-zero/issues/list

  Bitdefender LABS has  some good posts (including new Ransomware tool https://labs.bitdefender.com/
MUST SEE LINKS:
US-CERT: United States Computer Emergency Response team  https://www.us-cert.gov

HIPAA: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html   PCI: https://www.pcisecuritystandards.org/

New addition(12/3/15): Amazon Web Services Bulletins(AWS) https://aws.amazon.com/security/security-bulletins/ 
removed Threatpost  was good before August 2022 – no more updates so it is gone as of 01/27/23.
removing Twitter and other stuff 01/19/16  keeping the repositories of interesting Cyber items.
NIST Publications  are important as they get referenced by a lot of compliance standards http://csrc.nist.gov/publications/PubsSPs.html 800-115 is the one for pentesting  :
Technical Guide to Information Security Testing and Assessment SP 800-115
Phrack.org   Papers on exploiting operating systems and other items like Stack-based buffer and memory overflow.  (does not get updated often)
 footnotes:
  1.  http://www.sorting-algorithms.com/

https://fixvirus.com/contact-us/ to test your cybersecurity