Rethinking remote assistance security in a Zero Trust world 美国财政部近期遭受网络攻击揭示了网络安全威胁的新趋势：攻击者正利用组织日常运营依赖的工具（如远程协助技术）进行攻击。为应对这一挑战，需采用基于零信任原则的多层次安全方法。该方法包括身份验证、最小权限访问及假设已被入侵的原则，并通过微软Intune等工具强化端点安全与合规性。... 2025-2-26 17:0:0 | 阅读: 23 | 收藏 | Microsoft Security Blog - www.microsoft.com security remote assistance microsoft compliant

Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​ 生成式AI正在重塑法律行业，微软通过其解决方案如Microsoft Purview eDiscovery助力数据合规与效率提升。Legalweek 2025将展示最新进展与合作机会。... 2025-2-20 17:0:0 | 阅读: 16 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security ediscovery tuesday legalweek

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​ 微软致力于保护关键基础设施免受网络攻击，通过发现并修复第三方OT设备漏洞提升安全性。被Gartner评为2025年CPS保护平台领导者后，微软推出Microsoft Defender for IoT和统一安全运营平台等解决方案，帮助组织实现全面端点安全和高效威胁防御。... 2025-2-19 17:0:0 | 阅读: 21 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft unified cps defender

​​Join us for the end-to-end Microsoft RSAC 2025 Conference experience 微软邀请参加RSAC 2025大会，在会上展示其AI安全解决方案和工具。活动包括Pre-Day由高管主持的安全趋势和技术创新讨论、CISO专属晚餐与午餐会、展位展示最新产品与技术等。... 2025-2-18 17:0:0 | 阅读: 18 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security rsac misa ciso

Storm-2372 conducts device code phishing campaign 微软发现网络攻击组织Storm-2372利用"设备代码钓鱼"技术针对政府、NGO及多行业机构发起攻击，自2024年8月起活跃。该组织伪装成Teams会议邀请诱骗用户输入设备代码获取访问令牌，可能与俄罗斯利益相关。... 2025-2-14 01:0:0 | 阅读: 38 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft phishing 2372 accountupn

Securing DeepSeek and other AI systems with Microsoft Security 微软提供一系列安全解决方案，帮助组织保护和治理AI应用程序的安全性与合规性。通过Azure AI Foundry和GitHub平台，微软确保DeepSeek R1模型的安全性，并提供威胁防护、数据安全、合规管理和治理功能。同时，微软还支持监控和控制第三方AI应用的使用，防止潜在风险。... 2025-2-13 17:0:0 | 阅读: 18 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft deepseek defender cloud

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation 微软报告了一个俄罗斯网络攻击组织Seashell Blizzard的子集团（BadPilot活动），该子集团利用公开漏洞和机会主义技术对全球关键基础设施进行攻击，包括能源、通信、航运和政府等领域，并在乌克兰和其他地区展开活动。... 2025-2-12 17:0:0 | 阅读: 8 | 收藏 | Microsoft Security Blog - www.microsoft.com blizzard microsoft seashell subgroup defender

Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series 文章指出网络犯罪造成的经济损失巨大，并强调了准备应对潜在网络攻击的重要性。微软事件响应团队通过主动威胁狩猎和妥协评估帮助组织提升安全态势，并在实际案例中展示了其快速应对和遏制威胁的能力。... 2025-2-10 17:0:0 | 阅读: 12 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft proactive reactive security cyberattack

Code injection attacks using publicly disclosed ASP.NET machine keys 这篇文章讨论了ViewState代码注入攻击，利用公开的ASP.NET机器密钥进行恶意代码注入。微软发现超过3000个公开密钥可能被用于此类攻击，并建议定期轮换密钥以减少风险。... 2025-2-6 18:0:0 | 阅读: 20 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft machine security viewstate defender

Hear from Microsoft Security experts at these top cybersecurity events in 2025 Inspiration can spark in an instant when you’re at a conference. Perhaps you discover a new tool du... 2025-2-3 17:0:0 | 阅读: 10 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft dates

3 priorities for adopting proactive identity and access security in 2025 If 2024 taught us anything, it’s that a proactive, no-compromises approach to security is essential... 2025-1-28 17:0:0 | 阅读: 12 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft entra identities

Fast-track generative AI security with Microsoft Purview As a data security global black belt, I help organizations secure AI solutions. They are concerned... 2025-1-27 17:0:0 | 阅读: 6 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft purview security generative

New Star Blizzard spear-phishing campaign targets WhatsApp accounts In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we... 2025-1-16 17:0:0 | 阅读: 5 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft blizzard phishing defender domainlist

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attac... 2025-1-13 17:0:0 | 阅读: 13 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft processes bypass

3 takeaways from red teaming 100 generative AI products Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generativ... 2025-1-13 16:0:0 | 阅读: 4 | 收藏 | Microsoft Security Blog - www.microsoft.com teaming security generative whitepaper microsoft

Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response The expanding attack surface is creating more opportunities for exploitation and adding to the pres... 2025-1-6 17:0:0 | 阅读: 4 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security defender phishing

New Microsoft guidance for the CISA Zero Trust Maturity Model The Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM) assists ag... 2024-12-19 17:0:0 | 阅读: 5 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security maturity cloud pillar

Foundry study highlights the benefits of a unified security platform in new e-book Microsoft observes more than 600 million ransomware, phishing, and identity attacks each day.¹ One... 2024-12-18 17:0:0 | 阅读: 5 | 收藏 | Microsoft Security Blog - www.microsoft.com security unified microsoft exposure

Agile Business, agile security: How AI and Zero Trust work together Traditional security approaches don’t work for AI. Generative AI technology is already transforming... 2024-12-16 17:0:0 | 阅读: 7 | 收藏 | Microsoft Security Blog - www.microsoft.com security generative processes whitepaper

Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security There’s no doubt about it: The password era is ending. Bad actors know it, which is why they’re des... 2024-12-12 17:0:0 | 阅读: 4 | 收藏 | Microsoft Security Blog - www.microsoft.com passkey passkeys enroll security passwords