The field of Information Technology is in always in flux. New software and hardware are released regularly - the only constant is change. As an IT Consultant it's important to stay up to date on what's out there and what's happening in the world of IT. It's even more important to stay up to date on IT Security news in order to stay on top of vulnerabilities, patches, breaches, and other major goings-on in the world of security. I've put together links to some of my favorite resources for IT Security news, with a bit on why each link is worth your time.
Cybersecurity Industry News
News stories about attacks and breaches often lack details that the discerning reader would like to know. It's understandable why stories about hacks do not contain a complete breakdown of how an attacker gained access and what security failures took place, but when I read a story about a breach or an attack I want as much technical information as I can get. That's why I like Threatpost, which is a news site focused on IT and business security. Articles on Threatpost often include more technical detail on how hacks work compared to stories you find on more generally focused news sites (that is, if technical details on a hack are available). Those additional details can help you avoid attacks by knowing what to look out for, the more you know the better.
Schneier on Security
Security expert Bruce Schneier has a great blog called Schneier on Security. In his own words, Schneier is a "public-interest technologist, working at the intersection of security, technology, and people." He has written thirteen books on various topics related to security, and any time there is a major security story in the news it's useful to get his take on it. His site has a lot of content and links to content, such as his page of essays which includes his recent NYT article on the SolarWinds hack.
Krebs on Security
I regularly visit Krebs on Security for in-depth security news articles. Brian Krebs has years of experience reporting on security and regularly publishes stories on various topics. You can learn about everything from ATM skimmers to SIM swapping to arrests and raids tied to cybercrime by reading his website. Krebs himself has been targeted by criminals trying to cause problems for him because of the work he has done reporting on them and has had to take steps to keep himself and his family safe.
Hacker News is a heavily moderated social news website that collects computer science and entrepreneurial related stories. It is named more for the general sense of hacking than the security hacking sense. However, there are plenty of security stories posted. The site is similar to Reddit but I find the general quality is much higher, and I'm a fan of the minimalist site design. Hacker News isn't geared towards breaking news coverage, but major tech stories often show up there, and the comments can be intelligent and illuminating. As with any online comments take them with a grain of salt, but I've found I get more out of reading comments on Hacker News than on other sites.
For more general IT news with some security content, I read Arstechnica. It's similar to Threatpost in that articles are high-quality and contain details that a technical reader would want to know. There are also occasional in-depth reviews of things like major OS and hardware releases, which are very helpful to read before upgrading or buying something.
The sites I've linked above all generally have high quality comments that have been moderated - YouTube comments they ain't! As someone who actually reads comments online, including the occasional YouTube comment, I appreciate that. Often when I open an interesting Hacker News story, I open the comments first and look at a few of the top comments before reading the linked story.
I'll leave you with a fun one; my favorite podcast: Darknet Diaries. It's billed as "true stories from the dark side of the internet" and episodes cover security-related topics like penetration testing, online crime, and social engineering. You can click on pretty much any episode and listen to an interesting story narrated by host Jack Rhysider. You can hear the passion in Rhysider’s voice as he covers the ins and outs of each episode. He defines and explains security terms, so you don't need to be a security expert to follow a podcast. Rhysider takes you through the twists and turns as he interviews people and explains dramatic security stories. Check it out!
Are you interested in improving your company's security, or chatting about cybersecurity in general? Contact iuvo Technologies today!