Women’s History Month: Why different perspectives in cybersecurity and AI matter more than ever before 这篇文章强调了妇女历史月的重要性，并呼吁推动性别平等以促进经济和创新。作者分享了在东京参与的活动，讨论了女性在网络安全中的关键作用，并指出多样性有助于应对网络威胁和提升AI安全性。文章还提到全球网络安全人才短缺问题，并呼吁通过多样化视角和包容性措施来解决这一挑战。... 2025-3-6 21:0:0 | 阅读: 16 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft workforce

Malvertising campaign leads to info stealers hosted on GitHub 微软威胁情报部门于2024年12月初发现一起大规模恶意广告活动，影响近百万设备。攻击通过非法流媒体网站嵌入恶意广告重定向器，最终引导用户至GitHub等平台下载恶意软件。该活动采用多阶段攻击链，利用多种恶意软件窃取信息，并针对企业及消费者设备展开广泛攻击。微软提供了检测和缓解建议，并与GitHub等平台合作清理恶意资源。... 2025-3-6 17:0:0 | 阅读: 28 | 收藏 | Microsoft Security Blog - www.microsoft.com stage microsoft github urlhxxps

Silk Typhoon targeting IT supply chain Executive summary:Microsoft Threat Intelligence identified a shift in tactics by Silk Ty... 2025-3-5 11:0:0 | 阅读: 17 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft silk typhoon exchange defender

Securing generative AI models on Azure AI Foundry 微软致力于通过零信任架构和隔离措施保护AI模型及数据安全，确保客户数据不用于训练共享模型，并通过扫描和测试检测潜在威胁。... 2025-3-4 18:0:0 | 阅读: 16 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security software foundry openai

Rethinking remote assistance security in a Zero Trust world 美国财政部近期遭受网络攻击揭示了网络安全威胁的新趋势：攻击者正利用组织日常运营依赖的工具（如远程协助技术）进行攻击。为应对这一挑战，需采用基于零信任原则的多层次安全方法。该方法包括身份验证、最小权限访问及假设已被入侵的原则，并通过微软Intune等工具强化端点安全与合规性。... 2025-2-26 17:0:0 | 阅读: 31 | 收藏 | Microsoft Security Blog - www.microsoft.com security remote assistance microsoft compliant

Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​ 生成式AI正在重塑法律行业，微软通过其解决方案如Microsoft Purview eDiscovery助力数据合规与效率提升。Legalweek 2025将展示最新进展与合作机会。... 2025-2-20 17:0:0 | 阅读: 27 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security ediscovery tuesday legalweek

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​ 微软致力于保护关键基础设施免受网络攻击，通过发现并修复第三方OT设备漏洞提升安全性。被Gartner评为2025年CPS保护平台领导者后，微软推出Microsoft Defender for IoT和统一安全运营平台等解决方案，帮助组织实现全面端点安全和高效威胁防御。... 2025-2-19 17:0:0 | 阅读: 34 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft unified cps defender

​​Join us for the end-to-end Microsoft RSAC 2025 Conference experience 微软邀请参加RSAC 2025大会，在会上展示其AI安全解决方案和工具。活动包括Pre-Day由高管主持的安全趋势和技术创新讨论、CISO专属晚餐与午餐会、展位展示最新产品与技术等。... 2025-2-18 17:0:0 | 阅读: 27 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security rsac misa ciso

Storm-2372 conducts device code phishing campaign 微软发现网络攻击组织Storm-2372利用"设备代码钓鱼"技术针对政府、NGO及多行业机构发起攻击，自2024年8月起活跃。该组织伪装成Teams会议邀请诱骗用户输入设备代码获取访问令牌，可能与俄罗斯利益相关。... 2025-2-14 01:0:0 | 阅读: 50 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft phishing 2372 accountupn

Securing DeepSeek and other AI systems with Microsoft Security 微软提供一系列安全解决方案，帮助组织保护和治理AI应用程序的安全性与合规性。通过Azure AI Foundry和GitHub平台，微软确保DeepSeek R1模型的安全性，并提供威胁防护、数据安全、合规管理和治理功能。同时，微软还支持监控和控制第三方AI应用的使用，防止潜在风险。... 2025-2-13 17:0:0 | 阅读: 31 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft deepseek defender cloud

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation 微软报告了一个俄罗斯网络攻击组织Seashell Blizzard的子集团（BadPilot活动），该子集团利用公开漏洞和机会主义技术对全球关键基础设施进行攻击，包括能源、通信、航运和政府等领域，并在乌克兰和其他地区展开活动。... 2025-2-12 17:0:0 | 阅读: 15 | 收藏 | Microsoft Security Blog - www.microsoft.com blizzard microsoft seashell subgroup defender

Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series 文章指出网络犯罪造成的经济损失巨大，并强调了准备应对潜在网络攻击的重要性。微软事件响应团队通过主动威胁狩猎和妥协评估帮助组织提升安全态势，并在实际案例中展示了其快速应对和遏制威胁的能力。... 2025-2-10 17:0:0 | 阅读: 18 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft proactive reactive security cyberattack

Code injection attacks using publicly disclosed ASP.NET machine keys 这篇文章讨论了ViewState代码注入攻击，利用公开的ASP.NET机器密钥进行恶意代码注入。微软发现超过3000个公开密钥可能被用于此类攻击，并建议定期轮换密钥以减少风险。... 2025-2-6 18:0:0 | 阅读: 29 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft machine security viewstate defender

Hear from Microsoft Security experts at these top cybersecurity events in 2025 Inspiration can spark in an instant when you’re at a conference. Perhaps you discover a new tool du... 2025-2-3 17:0:0 | 阅读: 18 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft dates

3 priorities for adopting proactive identity and access security in 2025 If 2024 taught us anything, it’s that a proactive, no-compromises approach to security is essential... 2025-1-28 17:0:0 | 阅读: 19 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft entra identities

Fast-track generative AI security with Microsoft Purview As a data security global black belt, I help organizations secure AI solutions. They are concerned... 2025-1-27 17:0:0 | 阅读: 14 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft purview security generative

New Star Blizzard spear-phishing campaign targets WhatsApp accounts In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we... 2025-1-16 17:0:0 | 阅读: 18 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft blizzard phishing defender domainlist

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attac... 2025-1-13 17:0:0 | 阅读: 26 | 收藏 | Microsoft Security Blog - www.microsoft.com security microsoft processes bypass

3 takeaways from red teaming 100 generative AI products Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generativ... 2025-1-13 16:0:0 | 阅读: 15 | 收藏 | Microsoft Security Blog - www.microsoft.com teaming security generative whitepaper microsoft

Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response The expanding attack surface is creating more opportunities for exploitation and adding to the pres... 2025-1-6 17:0:0 | 阅读: 14 | 收藏 | Microsoft Security Blog - www.microsoft.com microsoft security defender phishing