Taiwan’s national CERT (TWCERT/CC) warns that attackers are increasingly using public blockchains as command-and-control (C2) infrastructure. The advisory highlights “EtherHide,” a technique first described by security researchers in October 2023, where adversaries store malicious commands or payload locations inside smart contracts. Malware (or malicious web scripts) can then query the chain for updated instructions, reducing the effectiveness of traditional controls like domain/IP blocking and traffic monitoring. TWCERT/CC also notes EtherHide is frequently chained with the “ClearFake” social-engineering pattern—fake system notifications or software update prompts—often delivered via compromised WordPress sites embedding malicious JavaScript. The combined flow uses Binance Smart Chain (BSC) smart contracts and read-only calls (e.g., eth_call) to retrieve attacker instructions without on-chain transaction fees, improving stealth and persistence.

Read more

Okta’s root-cause report says a threat actor accessed files in its customer support case management system from Sept. 28 to Oct. 17, 2023, affecting 134 customers (under 1%). Some accessed files were HAR files containing session tokens, enabling session hijacking; Okta says tokens were used to hijack sessions for 5 customers. The incident stemmed from a support-system service account credential that was likely exposed after being saved to an employee’s personal Google account via Chrome sign-in on an Okta-managed laptop. Okta also disclosed a logging visibility gap that delayed identifying file downloads until an IP indicator was shared by BeyondTrust.

Read more

Microsoft’s Secure Future Initiative (SFI), launched in November 2023, is a multi-year, cross-company program intended to “increasingly secure” how Microsoft designs, builds, tests, and operates its products and services. Microsoft says the first year prioritized security across the company through internal training and substantial engineering investment to reduce risk. SFI is structured around security principles (innovate, implement, guide) and six engineering pillars mapped to Zero Trust principles and the NIST Cybersecurity Framework, signaling a governance-and-engineering approach rather than a point-product response.

For global cloud, identity, and security teams, SFI matters because it describes Microsoft’s internal hardening focus areas—identity and secrets, tenant isolation, network segmentation, SDLC/build integrity, unified detection, and faster remediation—that can influence default configurations, platform controls, and operational expectations across Microsoft’s cloud and software ecosystem over time. Microsoft also publishes periodic SFI progress reports (including references to a November 2025 report and earlier updates), indicating the initiative is intended to be measured and iterated in “waves” as threats evolve.

Read more