If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful.
I listed here only the blogs written by independent authors (blogs that were not edited by an editorial team), and I listed them in alphabetical order. Enjoy the reading!
A Few Thoughts on Cryptographic Engineering by Matthew Green
This is a very narrowly focused blog on cryptography; however, Matthew has written a surprisingly large number of articles on this topic. Although very technical and very in-depth, he writes in such a way that someone with moderate knowledge of IT security can understand it.
One of his most popular posts in 2014 was What’s the matter with PGP? – more than 70 comments.
CyberCrime & Doing Time by Gary Warner
As the name suggests, Gary’s blog focuses on cybercrime and related legal issues – what’s good about his blog is that he takes examples of real attacks and analyzes how they have been performed and what to do about them.
One of his most popular posts in 2014 was on how GameOver Zeus uses encryption to bypass perimeter security.
Graham Cluley by Graham Cluley
Graham writes about various security issues, ranging from industry news, reviews, and alerts all the way to hacking, malware, spam, threats, etc. He is very prolific – at least one article per day, and targets currently hot security topics; this is very good blog for someone who wants to get an overall picture of what’s going on.
One of his most popular posts in 2014 was about a video scam that has spread on Facebook – more than 5,000 Facebook shares.
Krebs on Security by Brian Krebs
Definitely one of the most popular infosec blogs, it focuses on online crime investigations, latest threats, security updates, data breaches, and cyber justice. I like it because it is very well written – you can see that Brian is a professional journalist (he was working for The Washington Post) – all the topics are very well researched and explained.
One of his most popular blog posts in 2014 was about a credit card breach at Home Depot – more than 300 comments.
Lenny Zeltser on Information Security by Lenny Zeltser
This is a very interesting blog on incident response, malicious software, risk management, and security technology. What’s good about it is that Lenny provides deep explanation on various security subjects so that you can learn quite a lot when reading his articles.
One of his most popular posts was about the new release of REMnux Linux Distro for malware analysis – 150 Facebook likes.
Schneier on Security by Bruce Schneier
One of those security blogs you cannot afford to avoid, it focuses on wide range of subjects, and one of the most common topics in 2014 was the NSA and Edward Snowden affair. I like this blog because Bruce doesn’t publish only his articles: he also comments on various other security news and publications, so you can use it as a kind of a portal to a wider picture of the security world.
One of his most popular post was on the Heartbleed bug – almost 300 comments there.
Security Affairs by Pierluigi Paganini
Probably the most productive information security blogger, Pierluigi publishes at least one, and sometimes even two or three articles per day, and covers a wide range of security topics including cyber warfare, cybercrime, and hacking. If you want to get security news on a daily level, this blog is a very good choice.
One of his most popular posts in 2014 was on two 14-year-old students who hacked an ATM – almost 600 Facebook likes.
TaoSecurity by Richard Bejtlich
Unlike other security bloggers, Richard offers a more conversational style in his writing – he covers different security topics, with focus on incident detection, response for targeted threats, digital security, etc. You’ll notice that Richard always provides his personal view on the topic he covers, so his articles are really enjoyable to read.
One of his most popular posts in 2014 was about Russian information warfare.
Terry Zink: Security Talk by Terry Zink
Terry covers IT security topics like spam, hacking, malware, botnets, etc., but he also interviews prominent people from the security world so that readers can gain insight into other security expert opinions. Since he works at Microsoft on IT security issues, he provides detailed security guidelines that will surely appeal to readers interested in protection of IT systems.
One of his most popular posts in 2014 was about why spam and phishing get through Office 365.
troyhunt.com by Troy Hunt
Troy focuses on one segment of the security arena that is probably growing the most: web security and cloud security. What’s good about his blog is that he speaks about real-life security problems and very often provides very detailed explanation through videos and images on how to resolve them.
One of his most popular posts in 2014 was Everything you need to know about the Shellshock Bash bug – more than 9,000 Facebook likes and 200 comments.
– – –
And this is it – hope you’ll find this list useful. I know there are also some other good information security blogs on the Internet, but I tried to focus only on those that regularly post new articles.
Now you have something to read on your holidays 🙂