You can always see the weekly listing of vendor publications here.

The battle is on for SERPs placement for “log4j” terms. This is probably worth doing (lots of distinctly named security issues probably aren’t worth the effort because they fade from view too quickly) insofar as there are lots of situations in which this vulnerability might be (will be) exploited. You’ll see several Log4j entries below—over the next few weeks we’ll monitor who lands where with what.

Probably the most concise “Log4j attacks in the wild” guidance I’ve seen comes from @cequenceai.

Handling podcast pages is presented in the SEO-optimal format: with a full transcript on the page that embeds the playback and links to other sources for the podcast. This podcast, though, is targeted at building an audience (at least I think it is) rather than SEO, and it’s almost a case study in writing something that has almost no relevant keywords. There’s nothing wrong with prioritizing the building of an audience over SEO, but on the other hand, the two aren’t mutually exclusive. It would have been, I believe, fairly simple to add some glossing notes to the transcript that contained more targeted keyword phrases relevant to cryptography. Another reasonable approach for SEO is taken for the Malwarebytes podcast: a 300-ish word summary outlines what’s in the episode. Furthermore, there’s clearly a target keyword here, “cybersecurity in 2021”, used in the title and then repeated twice in the body copy. It’s not a very good one in terms of search traffic (which only barely registers) and also in terms of shelf life, given that it’s 2022 (and yes, I get that it’s a retrospective, but “2021” is dead on arrival for new content).

Quit while ahead, or use a longer tail is an example of risking undercutting your own SEO efforts. In this case, a relatively casual blog post targets “zero trust” or perhaps “zero trust issues”. There’s no search traffic for the latter, so we assume the former, which has very good search volume (23.4k searches globally per month), but which is a fairly competitive term to rank for. Who’s got the top spot in the current search results? Um, Palo Alto. This is a case where you want to be chasing related long-tail expression, which will bolter your authority on the subject, as opposed for creating numerous pages targeting the same keyword. Generally, Google will pick the page it sees as the most relevant on your site for that search and anything else that targets it won’t rank near page one, no matter what’s on it.

Additional notes on effective technique… 
Malwarebytes Labs
Careful! Uber flaw allows anyone to send an email from
[Uber flaw — 0/0] The better choice would have been “uber vulnerability” which gets at least a few searches and will probably trend upward for a short while. 

How to develop a cyber-competent boardroom | Accenture
[cyber-competent (?)] What’s interesting here is that “cyber-competent”, while absolutely not a keyword at present, could perhaps be developed into one over time. 

Qualys Security Blog
Mitigation of Supply Chain Risks in Microsoft 365
[Supply chain risks — 2.7k / 52%] It’s an excellent keyword target, with surprisingly manageable competition for a term with decent search volume. 


Of general interest:

Flashpoint Acquires Risk Based Security (RBS)
Attivo Networks
How to Generate CISO Buy-In For Active Directory ProtectionBy Carolyn Crandall, Chief Security Advocate, Attivo Networks . Generating CISO buy-in for Active Directory Protection ranks high in a company’s success against ransomware attacks. Active Directory (AD) sits at the heart of almost every enterprise network, with more than 90% of businesses using it as their identity management system. It serves as the central repository for identity information, i

Krebs on Security
Happy 12th Birthday,! celebrates its 12th anniversary today! Maybe “celebrate” is too indelicate a word for a year wracked by the global pandemics of COVID-19 and ransomware. Especially since stories about both have helped to grow the audience here tremendously in 2021. But this site’s birthday also is a welcome opportunity to thank you all for your continued readership and support, which helps kee

It’s 2022. Do you know where your technical debt is?
It’s not uncommon for organizations to become burdened with mountains of aging hardware and software due to past mergers or acquisitions, or technology that has just become older or defunct as the business innovates and upgrades. But losing sight of these assets can have grave consequences, even if those assets are no longer in use

Technical – of interest:

Trail of Bits Blog
Toward a Best-of-Both-Worlds Binary DisassemblerBy Stefan Nagy This past winter, I was fortunate to have the opportunity to work for Trail of Bits as a graduate student intern under the supervision of Peter Goodman and Artem Dinaburg. During my internship, I developed Dr. Disassembler, a Datalog-driven framework for transparent and mutable binary disassembly. Though this project is ongoing, this blog post introduces the high-level vision behin…

Malware Reverse Engineering for Beginners – Part 1: From 0x0Malware researchers require a diverse skill set usually gained over time through experience and self-training. Reverse engineering (RE) is an integral part of malware analysis and research but it is also one of the most advanced skills a researcher can have. This is one of the reasons why organizations lack reverse engineering manpower. Many researchers with a lack of experience struggle to get s

Heimdal Security Blog
Aged Domains: the Silent Danger to CybersecurityA new report shows that the number of malicious aged domains is growing and represents a risk to cybersecurity. Out of them, almost 22.3% of strategically aged domains are to some extent dangerous. Researchers discovered this based on the SolarWinds case, as the threat actors behind this famous attack used domains created years before starting […] The post appeared first on Heimdal Security Blog