The 30 Best Cyber Security Blogs of 2017
For anyone interested in information assurance and security, amateurs and experts alike, the best way to stay up-to-date and ahead of the curve is daily reading; understand cyber threats and vulnerabilities from the get-go, and you’re more likely to avoid the worst of the cyber breaches and crimes to come. Apropos of that, we’ve compiled a little cyber security blog roll.
To be clear, there’s no shortage of cyber security blogs available online, and considering the growing public interest in personal, business, and government information security issues, increased media attention, and daily security news stories, we’re willing to bet more cyber security blogs will appear in the future. But not all blogs are created equal, and that’s certainly the case here.
So what would the ideal cyber security blog look like? A combination of actionable posts (how-to’s, technical guides, troubleshooting, general advice), in-depth security news analysis and reports (including white papers, conference materials, and original/aggregated research), and finally insightful opinions from information security professionals, thought leaders, and influencers. Not all of the security blogs below match each of these criteria, but they all stand out for at least one. And we know that some of the blogs below are apples in oranges. So we passed them through a number of page rank tools to find out what the internet at large thinks of them.
So let’s go! Here are our picks for the 30 best cyber security blogs currently online!
One of the worldwide leaders in cyber security and information management, Symantec also maintains a very engaging blog network that covers a range of issues, from security response and corporate responsibility to thought leadership and IT. While a lot of this may read like product promotion — and of course, to a certain degree, it is — Symantec’s industry cachet allows them to feature guest posts and interviews from major influencers in online security, including within their own company. You’ll also find well-researched security news, in-depth how-to guides, videos, infographics, data visualizations, and generally excellent blog posts on all things cyber security. Some recent highlights: “Don’t WannaCry? Then Start to Prepare Now,” “How Hackers Are Going Old School,” and “Data Protection, the Ten Commandments.”
“Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.” So reads the tag line of the influential Zero Day blog, itself part of ZD Net, a popular tech site with 36 million monthly users. Despite its round-the-clock blanket coverage, Zero Day is primarily the work of just three people: Zack Whittaker, the site’s security editor; Charlie Osborne, a cybersecurity journalist and photographer based in London; and Jennifer Leggio, a 17-year security veteran, covering security culture, disclosure, community issues, equality in security, and disruptive trends. While most posts are news-related – with an emphasis on national cyber defense, personal and corporate security vulnerabilities, and advances in cyber security – readers will also find helpful guides, hacks, and general tips like improving iPhone battery life. Content flow is typically three to four pieces per day.
PC Mag’s Security Watch blog launched in 2007 and has since established itself as a leading cyber security news source, with feature pieces and in-depth, expert reviews on the newest cyber security products, i.e., “The Best VPN Services of 2017” and “The Best Spyware Protection Security Software of 2017.” Malware, hacking news, mobile, and apps get attention, too; and given PC Mag’s reputation, Security Watch is also able to pull a variety of big-name industry insiders and cyber security influencers for guest posts. Of course, the layout is easy to navigate and good-looking, with sleek videos, data visualizations, and comprehensive pro/con graphs for reviews. Following the parent site’s focus, Security Watch tends to have a commercial feel, but it’s nonetheless useful for anyone interested in cyber security trends.
Trend Micro’s Simply Security blog offers independent news, opinions, and expert insights from a global leader in security software. Its authors come from across the cyber security spectrum – from zero-day initiative communications, to cloud research, to infrastructure strategies – and provide the blog with a wide-reaching but granular approach. In addition to weekly news updates, Simply Security’s op-ed features tackle the most talked-about (or overlooked) aspects of security in business and policy, be it cyber defense, online security, emerging technologies, cybercrime, encryption, etc. The blog also offer downloadable research papers and prediction reports from major thought leaders. Recent popular examples include “The Middle Eastern and North African Underground: Where Culture and Cybercrime Meet,” “Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks,” and “2017 Trend Micro Security Predictions.”
Naked Security, Sophos’s award-winning computer security blog, offers a range of great features: news, opinion, advice, and research on all the latest in cyber security and internet threats. The nice thing about Naked Security is its emphasis on overlooked scoops and stories. Contrary to some security blogs, there’s very little recycled content, so you’re typically not seeing the same stuff that’s running everywhere else. Instead you’ll find helpful tips like “The Google tracking feature you didn’t know you’d switched on” or tongue-in-cheeky bits like “How forgetting to renew a domain name cost $3m.” There’s also a convenient news aggregator to keep you updated on relevant material. If you prefer inbox updates, don’t forget to subscribe for the newsletter.
Safe & Savvy is the security blog of F-Secure, one of the world’s premiere cyber security firms, based in Finland and founded in 1998. With a focus on tips and tricks, security and privacy, and the “connected life,” Safe & Savvy mostly steers clear of security news (you get enough of that, anyway) in favor of actionable content like “Why You Should Talk To Your Teen About The Web,” “How to Take Total Control of Your Data,” and “Keeping Hackers Out of Your Social Media Accounts.” As the titles suggest, Safe & Savvy’s content is more B2C than B2B, but the blog posts plenty of how-to’s for working and aspiring cyber security professionals, as well. Videos, infographics, and in-depth reports on topics and trends in cyber security are available on the blog’s resources page.
Malwarebytes has spent the last decade establishing itself as one of the best online security companies in the world, with award-winning malware software for Microsoft Windows, macOS, and Android. Unsurprisingly, the Malwarebytes blog is a treasure trove of online security content: research reports, threats analysis, cyber crime updates, and everything else to keep you informed about goings on in the cyber security community. While much of the blog covers in-depth material, Malwarebytes’s best work comes from their “101” series, featuring how-to’s, infographics, FYI’s, Mac tips, and top-notch security advice for personal and business use. The “PUP” series — or, potentially unwanted program – is another great feature; take, for instance, a months-long (to date) 6-part Adware series that serves as both a primer for amateurs and an essential toolkit for professionals.
A Washington Post reporter from 1995 to 2009, Brian Krebs has authored well over a thousand blog posts on cyber security and is the New York Times bestselling author of Spam Nation: The Inside Story of Organized Cybercrime―from Global Epidemic to Your Front Door. He’s also been profiled by the New York Times, Businessweek, and the Poynter Institute, and originally got interested in cyber security after a Chinese hacking group locked him out of his home network twice. In other words, he has some experience. Krebs on Security focuses primarily on cyber security news, but its unique draw — and what keeps readers returning — is Krebs’s easy-to-understand analysis: this is a blog for laymen by an ex-layman (who still wouldn’t call himself a cyber professional). This is the blog to read when you want to know what to do when something goes wrong. Plenty of blogs can curate and recycle the news, but Krebs on Security is a major influencer for actionable cyber defense.
Founded in 2004, Bleeping Computer is a technical support site and self-education tool for everyday users, with tips and advice columns on everything from hardware and OS problems to application and internet troubleshooting. Of course, with the growing threat of cyber security vulnerabilities, Bleeping Computer has begun to pivot toward online security and offers an extensive library of virus removal guides and 101 tutorials. The blog’s news page is full of up-to-date, original reporting and opinion pieces from experienced IT and cyber security writers, covering a range of topics: malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and more. If you have a specific question, Bleeping Computer also has a live chat room, group discussion forum, and large database of how-to fixes. In sum: whether for business or personal use, a great blog for news and general tech support.
Labeled a “security guru” by The Economist, Bruce Schneier is the author 13 books, including the New York Times bestseller, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. As a major influencer and thought leader in the cyber security community, Schneier has also written hundreds of articles, essays, and academic papers; is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School, and board member and advisor at some of the world’s largest technology companies. His Schneier on Security blog and “Crypto-Gram” newsletter reach an audience of 250,000 and include breaking news analysis, security research papers, and Schneier’s essays at places like The Atlantic, Foreign Affairs, The Washington Post, and The New York Times, among others. Especially relevant for security professionals, Schneier on Security doubles as a kind of news aggregator, as well, with excellent links and short editorial missives.
Operated by International Data Group, one of the largest tech media companies in the world, CSO is designed to help IT security professionals, decision-makers, and users stay ahead of evolving security threats and defend against cyber crime attacks, featuring a range of cutting-edge, actionable content that covers risk management, network and cyber defense, fraud, and data loss prevention, among other topics. While CSO’s coverage includes relevant news, the blog tends to emphasize original advice pieces, op-eds, and general interest articles: “Policing in the future involves citizen detectives and a Pokémon Go-like app,” “The rise of the cheap information security officer,” and “The 16 biggest data breaches of the 21st century” are representative of the blog’s range. For security professionals in need of in-depth case studies, research, white papers, podcasts, etc., check out CSO’s resources page; and for those who prefer e-mail updates, subscribe to the blog’s “Security Smart” newsletter.
Securelist is the blog of the world-renowned Kaspersky Lab, a Russian multinational cyber security and anti-virus provider. For security and IT professionals interested in research, academic papers, and incisive opinions from international thought leaders, you’ve come to the right place. Securelist offers a comprehensive encyclopedia of cyber security issues that rivals any similar database on the web (and which amateurs will find helpful, too). You’ll also have access to virus watch updates, webcasts, a security bulletin, and articles covering cyber espionage, targeted attacks, social engineering, internet banking, mobile malware, social media, and everything in between. Interactive graphs, data visualizations, and other multimedia give the blog a polished perspective, and a live heat map shows the percentages of Kaspersky users’ products that have intercepted local infections in the past 24 hours. (Fun to poke around even if you’re not a user.)
Dark Reading is one of the internet’s most popular destinations for cyber security and information security professionals, covering ten key security communities: Attacks & Breaches, Application Security, Cloud Security, Data Leaks & Insider Threats, Endpoint Security & Privacy, Mobile Security, Network & Perimeter Security, Risk Management & Compliance, Security Management & Analytics, and Vulnerabilities and Threats. In addition to original new stories in these areas, Dark Reading provides opinion commentary, white papers, how-to’s, a PR newswire, bug reports, and much more from thought leaders and influencers from every corner of the online security world. Dark Reading editing team includes Marilyn Cohodas, with 20 years of experience reporting technology for business, government, and consumers; Kelly Jackson Higgins, an award-winning technology and business journalist; Sara Peters, previously senior editor at the Computer Security Institute; and Tim Wilson, Editor-in-chief and co-founder of Dark Reading, named one of the 50 Most Powerful Voices in Security by SYS-CON Media.
Threat Post is another blog affiliate of The Kaspersky Lab (not sponsored content — promise!), this one devoted to serving as a leading independent news source for hundreds of thousands of IT and business security professionals across the world. The New York Times, Wall Street Journal, USA Today, NPR, and MSNBC have all used Threat Post as an authoritative source on information security, and the blog’s award-winning editorial team puts together a wide-ranging compilation of actionable content every day: original and aggregated news and analysis, feature reports, videos, and additional media on cryptography, SAS, vulnerabilities, malware, black hat, online security, critical infrastructure, policy, and other topics. Editor-in-chief Michael Mimoso has been writing for B2B information technology and security publications for 11 years, and previously served as the Editor of Information Security. Deputy Editor-in-chief Tom Springhas been recognized by the Society of Professional Journalists, American Business Media, American Society of Business Publication Editors, and the Western Publishing Association.
The Hacker News, not to be confused with Y Combinator’s Hacker News, is one of the global leading sources for hacking, cyber security, and technology news for professionals and enthusiasts alike, with over 9 million monthly users. Among its many awards include: Best Information Security Blog 2013; Most Educational Cyber Security Blog 2013; Biggest Information Security Blog 2014; and Most Popular IT Security Platform 2015. Featuring original reporting and insider tips, popular posts run the gambit, from imminent security threats, to useful how-to guides, to humorous curios: “How To Weaponize Your Cat to Hack Neighbors’ Wi-Fi Passwords,” “OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable It,” and “Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack” being representative of the blog’s range. Editors also post a number of online DIY courses, certifications, and training bootcamps if you’re interested, and the “Deals” page is a great catalogue of cheap software and hardware products, with freebies and giveaways available.
With over a decade of experience in the UK, InfoSecurity Magazine offers award-winning print and online content, including insider news reports and analysis, in-depth investigative features, white papers, hot topics and trends, webinars, virtual conferences, and opinion pieces from some of cyber security’s major influencers and thought leaders. (The blog also includes archived print issues.) To give an idea of the site’s range, some recent popular articles include “In-House or Cloud? Where is More Secure?,” “The Battle for Cybersecurity Talent in America: East Coast vs. West Coast,” and “Why The Equifax Hack Doesn’t Matter!.” Surely the latter is worth checking out….
No stranger to the scene, SC has been covering the cyber security business for 25 years and garnered 40 awards in the last decade, including Magazine of the Year by the American Society of Business Publication Editors and awards for its online content. In addition to sections devoted to cyber crime and network security, SC offers first look product reviews of emerging tech for cyber professionals. Original news reports and analysis are coupled with op-ed insights from thought leaders and executives around the industry, and white papers, video features, and a large library of infographics are available, as well. Recent “executive insight” posts include “10 Cyber Attacks Machine Learning Can Help Prevent” by Joe Zadeh, Director of Data Science at JASK; and “Exploring the Air Gap Myth” by Robert Huber, Chief Security and Strategy Officer at Eastwind Networks. Other running series focus on potential threats and data breach news.
WeLiveSecurity is the official blog of ESET, one of the world’s best IT companies and experts in anti-virus and firewall products. With outposts across the world – Slovakia, the United States, Canada, Germany, and Argentina – WeLiveSecurity offers an international scope of cyber security news, trends, and research, all available on a round-the-clock basis thanks to an editorial staff of over 30 online security professionals. News and analysis is always original and useful, and the blog hosts a massive catalogue of in-depth white papers, conference materials (slideshows, reports, etc.), and videos and podcasts. Like the majority of the blog, the how-to page is primarily aimed at tech-savvy industry insiders, but there are plenty of 101 tutorials and introductory topics that the intermediate user can take advantage of. As a general idea of subject matter, among the blog’s most popular category tags are cyber crime, malware, privacy, hacking, social engineering, mobile security, and small business.
Founded in 1998, Help Net Security is a leader in cyber security news, analysis, and expert product reviews. Still, while the blog features articles on all the latest trends and hot topics, Help Net excels and distinguishes itself with opinions and commentary from some of the industry’s most admired thought leaders and influencers, offering insights on privacy, strategy, cyber defense, vulnerability, the Internet of Things, artificial intelligence, and much more; contributors include executives from McAfee, Blue Cedar, SentinelOne, ShiftLeft, Proficio, and WatchGuard Technologies. Among some of the more representative posts might be technical how-to’s like “Protecting networks from DNS exfiltration,” or a guest commentary piece, a la “The real cost of alarm fatigue.” Malware and black hat updates get special treatment, and HNS send out a newsletter on subscription, as well.
A former application architecture head at Pfizer, Troy Hunt is an Microsoft Regional Director, Microsoft Most Valuable Professional for Developer Security, independent keynote and conference speaker, online security course instructor at Pluralsight, and runs a series of cyber security workshops. He also runs the uniquely titled Have I been pwned? project, a free service that aggregates data breaches and helps people determine if they’ve suffered malicious online activity. As you might expect, his blog is a cumulation of all his expertise, written by a seasoned professional but clear, comprehensive, and free of arcane jargon and hyper-technical talk. Instead, you’ll find weekly professional updates (just what they sound like), workshop lectures, videos, well-considered opinion pieces, news analysis, and must reads like “Here’s how I verify data breaches” and “How I optimised my life to make my job redundant.” If you’re interested in a blog with a personal as well as professional touch, be sure to check this one out.
Tripwire’s State of Security blog has received numerous awards for its coverage of news, trends, and expert insights on current information security issues, including “Best Corporate Blog” and “Most Entertaining Security Blog.” In particular, State of Security tends to emphasize risk, compliance, incident detection, and vulnerability research, and offers original reporting, in-depth feature articles, opinion pieces, and videos and podcasts. In addition to a large in-house team of contributors from across the online security spectrum, the blog routinely runs guest articles by other thought leaders and industry influencers with years of experience. Recent pieces have covered digital forensics, ICS/SCADA devices, best Azure practices, and women in information security, to give you an idea of the blog’s wide lens. Sign up for the newsletter, as well.
Voted 2016 Best European Personal Security Blog by InfoSecurity, Security Affairs is run by Pierluigi Paganini, whose resume is extensive: member in both the European Union Agency for Network and Information Security, and in the Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation; Director of the master’s program in Cyber Security at the Link Campus University; and Editor-in-Chief of Cyber Defense Magazine, one of the newest and most-trusted journals for cyber professionals. Paganini is also a certified ethical hacker at the EC Council in London, and has authored The Deep Dark Web and Digital Virtual Currency and Bitcoins: The Dark Web Financial Markets – Exchanges & Secrets. On his Security Affairs blog you’ll find coverage of hacktivism, the Internet of Things, malware, data breaches, social networks, cyber crime, and more.
Founded in 2006, Veracode is an automated cloud-based service for securing web, mobile, and third-party applications that made the 2013 Forbes “Top 100 Most Promising Companies in America.” (It was acquired by CA Technologies in March 2017.) Security news analysis, AppSec info and toolkits, research, and fun commentary pieces make up the blog: “What the Apache Struts 2 Vulnerability and the Irish Potato Famine Have in Common,” “Top 3 Ways Veracode’s Integrations Make Developers’ Jobs Easier,” and “Confessions of an Insecure Coder” are typical posts. You’ll also find podcasts, videos, webinars, case studies, and white papers. While much of the content is product-oriented, security professionals and everyday users can make great use of the Veracode blog.
Graham Cluley’s twenty-plus years in computer security has resulted in a prosperous, well-received career, including stints at Sophos (where he founded the Naked Security blog), McAfee, Windows, and now as an independent security blogger, podcaster, and speaker, with talks and keynote speeches at events like Microsoft Future Decoded, RSA, Infosec, Web Summit, EICAR, AVAR, ICSA, ISSA, Ja.net, and the European Internet Security Forum. He’s also made numerous media appearances — NPR, BBC, Sky, Fox, CNN, etc. — and has written for The Telegraph, Computer Weekly, and IT Week, among others. His security blog has garnered at least two dozen awards over the last eight years, including the 2017 RSA “Most Entertaining Security Blog” and SysAdmin “Best IT Security Blog.” The majority of Cluley’s blog consists of international news analysis and updates, but expert commentary and advice pieces are regular features, as well. As one of the industry’s premier influencers and thought leaders, any cyber security professional or amateur enthusiast would do well to pay attention to Cluley has to say.
Based in Clearwater, FL, ThreatTrack Security develops security solutions for government agencies and private businesses, specializing in advanced persistent threats, targeted attacks, and other malware. ThreatTrack’s blog combines news and analysis with in-depth features and opinion pieces on a range of cyber security topics: data breaches, cyber threats and extortion, CISOs, ransomeware, phishing scams, vulnerabilities, and more. For security professionals, ThreatTrack has a number of insider-y how-to guides like “Zepto Evasion Techniques” and “The Day the Earth Stood Still for CryptoWall.” “Breaking Down the Malware Behind the Ukraine Power Outage” is an especially good example of the blog’s talent for news analysis. For those interested, a newsletter is available, as well.
Founded in 1999, Fox-IT was one of the first cyber security firms in Europe, specializing in cyber threat management, information assurance, web and mobile analytics, and online security education and training. Fox’s blog is primarily aimed at security professionals, with incidents news, original research, solutions, in-depth trend reports, feature articles, and company updates like “Fox-IT debunks report on ByLock app that landed 75,000 people in jail in Turkey.” All posts and papers are authored by seasoned experts and thought leaders in the field and, accordingly, are packed with actionable tips and how-to’s for B2B or in-house solutions. To stay up to date with all of Fox’s content, subscribe to the newsletter, covering information on services and technology, developments, events, and FoxAcademy.
The Security Ledger, founded in 2012, is an independent security news blog that emphasizes the intersection of cyber security with business, commerce, and the Internet of Things, including special reports and original opinion commentary from major security thought leaders and influencers. Recent popular op-eds include “Heartbleed’s Heartburn: Why a 5 Year Old Vulnerability Continues to Bite,” “Our Analog Future: Experts Call for Preserving Copper, Pneumatic Systems as Hedge for Cyber Risk,” and “Estonia 10 Years Later: Lessons learned from the World’s First Internet War.” The Security Ledger also has a podcast series that features interviews and discussions with industry leaders, and a selection of white papers. Editor in chief Paul Roberts has appeared on NPR’€™s Marketplace Tech Report, KPCC’s AirTalk, Al Jazeera, and The Oprah Show; he has written for The Christian Science Monitor, MIT Technology Review, ZDNet, and Fortune Small Business.
The official blog of Security Week, a leader in cyber news, insights, and analysis, Infosec Island is designed for IT and network professionals, with blog posts, opinion commentary, and a dedicated online community that identifies all your security, risk, and compliance issues in a timely and personable manner. To give an idea of the blog’s focus, the most popular category tags include cloud computing, database security, social engineering, web app security, and wireless security. Recent posts include “Surviving Fileless Malware: What You Need to Know about Understanding Threat Diversification,” “Cyber Security in the Workplace Is Everyone’s Obligation,” and “No Such Thing as Too Small to Hack.” The blog also features several videos and in-depth white papers.
Hot For Security, official blog of the award-winning cyber security software Bitdefender, rounds out our list – last but not least. Here you’ll find up-to-the-minute industry news updates, awesome tips and tricks, blog posts devoted to smart home security, security threat alerts, and a series that features stories about successful “digital nomads,” entrepreneurs that have traded in their traditional 9-5 office jobs for the freedom and flexibility of self-employment. Equally apt for cyber professionals and amateurs that want to learn more about online security, Hot For Security combines technical expertise with a straightforward journalistic approach that avoids intimidating jargon. In addition to blog posts, short primer videos cover a range of topics, from how to stop advanced persistent threats, to protecting yourself and your home from cyber threats.