Aggregator

2025 年上半年，超70家国内企业栽在针对 M365的钓鱼攻击上：黑客滥用 “Direct Send”功能，伪装内部人员发送含伪造二维码的 PDF 邮件，轻松绕过防护。数据显示，Exchange 原生防护仅能拦截约 12% 的已知威胁，M365 面对中文钓鱼、BEC 诈骗等本地化攻击时，更是误判频发、响应滞后。

显然，Exchange 与 M365 的原生防护，并不适配国内企业的 “安全体质”，很容易在本地化防御、新型攻击拦截上 “水土不服”。那问题究竟出在哪？为何这些邮件系统的自带防护，总达不到企业的安全预期？

为何Exchange与M365“原生防护”总是不够用？

要弄清这一点，得先看两者原生防护的核心逻辑 —— 它们主打 “通用化基础防护”，具体短板集中在三点：

1. 防护能力有限，靠“老规则”挡不住新威胁

Exchange主要依赖病毒签名和基础规则，研究显示，其整体威胁拦截率仅为12%左右，剩下88%的风险全靠企业自己承担。

2. 标准化服务，难以适配中国企业需求

M365 的威胁库基于全球数据，对中文钓鱼、区域性 BEC 攻击识别能力弱。面对研发部代码检测、财务部转账核验等差异化需求，完全无法灵活调整。

3. 缺乏实时监测，出事之后才后知后觉

Exchange和M36都没有异常发信行为的实时监控，也没有 “漏网威胁邮件” 的事后处置能力，等发现数据泄露早已无法挽回。

Exchange/M365邮箱安全最新防范指南

CACTER助力三步筑牢国内企业邮件防线

对国内企业来说，Exchange 与 M365原生防护有短板是共识，但一想到重建系统费钱又耽误业务就犯愁。其实不用走“重建”这条路，更简单高效的办法就在眼前：给现有系统配个专业第三方安全网关。CACTER 邮件安全网关通过 “补短板、强管控、快响应” 三步，就能轻松筑牢企业邮件安全墙：

1. 补短板：给原生防护加道 "CACTER专业滤网"

针对原生防护 “检测弱 + 本地化缺” 的问题，CACTER 搭建 “双引擎 + 本地化情报库” 防护网：自研反垃圾引擎联动奇安信、卡巴斯基反病毒引擎，将新病毒、高级钓鱼的拦截率提至 99.8%，直接补上 Exchange对国内恶意邮件仅 12% 拦截率的缺口。

2. 强管控：自定义规则适配企业个性化需求

标准化防护永远跟不上企业差异，CACTER 支持按部门灵活配策略，还自带独家 “高级威胁事后召回” 功能 —— 哪怕新型威胁绕过多引擎检查投到邮箱，也能一键召回接收、域内方向的已投递邮件；同时联动 Coremail 大数据中心情报自动处置恶意邮件，搭配全量日志审计与实时告警，彻底解决原生防护 “出事难补救、人工盯守低效” 的问题。

3. 快响应：依托动态情报应对新型威胁

漏洞与攻击手段更新极快，CACTER 靠实时情报采集与极速迭代抢占防护先机：在全球部署百万个探针邮箱，实时搜集全球最新威胁数据，尤其国内刚出现的钓鱼变种、新病毒；检测引擎规则秒级更新，新威胁一出现就能同步防护策略，让 Exchange/M365 不用等微软全球推送，避免原生防护 “反应慢半拍” 的漏洞。

当Exchange 与 M365 原生防护不够用，正需要像CACTER邮件网关的第三方来补位！现在 CACTER邮件安全网关推出30天免费试用，零成本体验 99.8% 的拦截率。与其等攻击找上门，不如扫码申领试用，让邮件系统真正 “零威胁”，给邮箱安全多份保障！

Volumetric DDoS attacks typically follow a clear pattern: a brief buildup followed by a sudden peak, often within seconds. The target is flooded with traffic until the attackers exhaust their resources, or a mitigation system takes over. However, in the incident described below, a different scenario unfolded. Over the course of several hours, one actor […]

The post An attack in waves: An unusual DDoS incident under the microscope appeared first on Link11.

Olymp Loader, a newly emerged Malware-as-a-Service (MaaS) offering, has rapidly gained traction across underground forums and Telegram since its debut on June 5, 2025. Developed by a trio of seasoned Assembly coders under the alias “OLYMPO,” the loader boasts fully Assembly-based modules, advanced evasion techniques, and built-in stealer functionality—features that appeal to low- and mid-tier […]

The post New Olymp Loader Malware-as-a-Service Promises Defender Bypass with Auto Certificate Signing appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alan warns that cybersecurity is stuck in a “Maginot Line” mindset — clinging to outdated tools while attackers weaponize AI, supply chain compromises, and polymorphic malware. He argues for AI-native defenses, real agentic automation, and stronger supply chain vetting to keep pace with modern threats.

The post The Security Maginot Line: Fighting Tomorrow’s Cyber Attacks With Yesterday’s Tech appeared first on Security Boulevard.