There is a lot of news out there, making it hard for people to keep up. There is also a lot of bad news out there, making it hard to know what is important or even real. I write a news summary, but my interests (and hopefully expertise) are focused on topics relevant to defending tech companies, since my day job is to keep one secure. I try to remain unbiased, but I have a macOS fleet and use AWS heavily, so I tend to focus more on news there. There are a number of topics I don’t discuss much, such as mobile or crypto (because I have no expertise there), general reverse engineering or memory corruption related exploitation techniques (because it’s only the results of this work that impacts me), or anything Powershell related (because it tends to be just rewritten code from other languages).
I want to point out here some curated news summaries written by folks with expertise and interests in areas other than my own that you might find interesting. The links are to their latest posts.
- Downclimb: My own weekly summary of infosec news.
- Bulletproof TLS Newsletter: Monthly newsletter from Hanno Böck that discusses news related to TLS and Certificate Authorities, along with other advances in crypto and crypto attacks.
- Mobile Security News: One of the authors of the Android Hacker’s Handbook, Collin Mulliner, posts a monthly link round-up focused on mobile security.
- This week in 4n6: Weekly DFIR news, organized into sections and summarizes the links.
- Risky Business: A podcast, currently on vacation, from Australian Patrick Gray and Kiwi Adam Boileau, tends to folks more on the drama and eye-catching news of infosec. It is a well-done podcast that brings in a lot of top talent as guests.
Some news that isn’t infosec specific that I like:
- Stuff The Internet Says On Scalability: Weekly summary of links and quote collection related to running high volume websites.
- Benedict’s Newsletter: Benedict Evan’s of the VC firm A16Z writes a weekly newsletter summarizing news from major tech companies.
- Imperfect Devops: Brief weekly link round-up of articles advocating devops best-practices or advances.
Some that I don’t read, but many of my readers do:
- AppSec eZine: Link round-up focused on exploitation.
- Threat Intel Weekend Reads: Lind round-up focused on Threat Intel.