IT-Security newsletter recommendations

 There are many newsletters, a few of them I can recommend:

SANS NewsBites

I'd compare it to reading international newspapers, narrowed down to IT-Security news only and to a very short summary of each topic. Keeps you informed about things that happen outside your tiny view of the world and about topics which are not covered by your daily website like

"SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible."

=> Registration for newsletter
=> Archive Available

SANS @RISK: The Consensus Security Alert

A brief summary about the most critical or exploited vulnerabilities. Obviously your vulnerability scanning and management like Qualys, Tenable, Rapid7 or whatever you are using is the first source about your environment, but sometimes it is good to have a feeling about a vendor or product or you see products affected which are not in your environment, but in a connected one like one of your suppliers or service providers.
"@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data"

=> Registration for newsletter
=> Archive Available Exmples


No typical newsletter, instead if informs you about vulnerabilities. If you feel like there are too many mails comming from FullDisclosure, a trick could be to use a mail rule to put the mails in to a dedicated folder, with the expection of the vendors and products your are using. So for example if you are using VMware, Splunk, F5 networks, Fortinet, Paessler, Extreme Networks, Ubuntu or *any*-vendor products, then type in their names as exception-words to the mail rule. Then these mails will stay in your inbox.
"A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue."

=> Registration for newsletter

Almost perfect protection for websites and other services - Mutual TLS

Its hard to secure your IT services and applications. The list of possible attacks is long, as shown in the Mitre Att&ck framework , the...