Quadra

Before you can collaborate in real-time with other people you need to save and share your document using OneDrive and Office 2016 makes it easy -- just follow the steps below:

1- Open to edit or create a document in Word, Excel, or using any of the other apps.

2- On the top-right corner of the app, click the new Share button. (Assuming, you're sign-in with your Microsoft account you'll see the following pane.)

3- Click Save to cloud, you'll then be redirected to the "Save As" section, pick you OneDrive account and the location to store the file.

Once you have shared the document through OneDrive, people with the editing permission can simply open the file with the desktop version of Office 2016 or Office Online and start collaborating automatically -- just like that.

If you're the person who has created and shared the document, you'll also get a notification alerting you that other people are editing the document. You'll be prompted whether you would like to share automatically changes as they happen. If this is something you like, simply click Yes on the alert.

Yes, it's amazing that you can collaborate in real-time with other people from the desktop and web version of the apps. However, this doesn't mean you can just jump to any line and edit whatever you want.

When you're collaborating in real-time, you can only work and edit your content or any other content the other person isn't already editing. For example, if you're working on a paragraph, you can keep editing that content. But you can't edit another paragraph that is being edited by someone else until that person jumps to another new paragraph.

If there is something you need to communicate with the other person, go to the Share tab. This action will list all the people that are currently editing the file. Then hover over the person you want to contact and you'll see the choice to IM, voice, video chat, or send an email.

Note: Keep in mind that you'll need to have Skype installed and setup before you can start a conversation.

It is easy to collaborate better using the new version of Office – Office 2016. Microsoft is focusing on collaboration, which means that more than ever, the desktop version of Office depends on the cloud.

Before you can collaborate in real-time with other people you need to save and share your document using OneDrive and Office 2016 makes it easy -- just follow the steps below:

1- Open to edit or create a document in Word, Excel, or using any of the other apps.

2- On the top-right corner of the app, click the new Share button. (Assuming, you're sign-in with your Microsoft account you'll see the following pane.)

3- Click Save to cloud, you'll then be redirected to the "Save As" section, pick you OneDrive account and the location to store the file.

4- In the Share pane, you can invite people by simply typing their email address or accessing your contact list. You can also change the share permissions to edit or view only.

5- Then add a message describing the document or any note you want to communicate to those who can access the file, and click Share.

If you don't want to use this sharing mechanism, you can click the Get a sharing link at the bottom of the Share pane to get the edit or a view link of the file. With this link, you can copy and send it via email, IM, or by other means.

Ransomware is a growing problem that is now affecting many computer users around the world.

What is ransomware?

• Ransomware stops a user from using his/her PC. It holds the user’s PC or files for ransom – a certain amount of money.

• Some versions of ransomware are called "FBI Moneypak" or the "FBI virus" because they use the FBI's logos.

What does it look like and how does it work?

There are different types of ransomware. However, all of them will prevent the user from using your PC normally, and they will all ask the user to do something before the user can use his/her PC.

Ransomware can:

• Prevent the user from accessing Windows.
• Encrypt files so the user can't use them.
• Stop certain apps from running (like your web browser).

Ransomware will demand that user does something to get access to the PC or files. The pop-up that appear

• Demand the user pay money.
• Make the user to complete surveys.

• Often the ransomware will claim the users have done something illegal with the PC, and that they are being fined by a police force or government agency.

• These claims are false. It is a scare tactic designed to make the user pay the money without telling anyone who might be able to restore your PC.

• There is no guarantee that paying the fine or doing what the ransomware tells the user will give access to the respective PC or files again.

https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

Here is a sample:

Locky is the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.

You can buy the decryption key from the crooks via the so-called dark web.

The prices we’ve seen vary from BTC 0.5 to BTC 1.00 (BTC is short for “bitcoin,” where one bitcoin is currently worth about $400/£280).

The most common way that Locky arrives is as follows:

• You receive an email containing an attached document (Troj/DocDl-BCF).
• The document looks like gobbledegook.
• The document advises you to enable macros “if the data encoding is incorrect.”

• If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
• The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks.
• The final payload could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW).

• Locky scrambles all files that match a long list of extensions, including videos, images, source code, and Office files.
• Locky even scrambles wallet.dat, your Bitcoin wallet file, if you have one.
• In other words, if you have more BTCs in your wallet than the cost of the ransom, and no backup, you are very likely to pay up. (And you’ll already know how to buy new bitcoins, and how to pay with them.)
• Locky also removes any Volume Snapshot Service (VSS) files, also known as shadow copies, that you may have made.

Shadow copies are the Windows way of making live backup snapshots without having to stop working – you don’t need to logout or even close your applications first – so they are a quick and popular alternative to a proper backup procedure.

Once Locky is ready to hit you up for the ransom, it makes sure you see the following message by changing your desktop wallpaper:

If you visit the dark web page given in the warning message, then you receive the instructions for payment that we showed above.

Unfortunately, so far as we can tell, there are no easy shortcuts to get your data back if you don’t have a recent backup.

Remember, also, that like most ransomware, Locky doesn’t just scramble your C: drive.

It scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people’s computers, whether they are running Windows, OS X or Linux.

If you are logged in as a domain administrator and you get hit by ransomware, you could do very widespread damage indeed.

Giving yourself up front all the login power you might ever need is very convenient, but please don’t do it.

Only login (or use Run As...) with admin powers when you really need them, and relinquish those powers as soon as you don’t.

Tips to Preventing ransomware

1. Back up your files regularly and keep a recent backup off-site.

The only backup you’ll ever regret is one you left for “another day.” Backups can protect your data against more than just ransomware: theft, fire, flood or accidental deletion all have the same effect. Make sure you encrypt the backed up data so only you can restore it.

2. Don’t enable macros.

A lot of ransomware is distributed in Office documents that trick users into enabling macros. Microsoft has just released a new tool in Office 2016 that can limit the functionality of macros by preventing you from enabling them on documents downloaded from the internet.

3. Consider installing Microsoft Office viewers.

They allow you to see what a Word or Excel document looks like without macros. The viewers don’t support macros so you can’t enable them by mistake, either.

4. Be very careful about opening unsolicited attachments.

Most Windows ransomware in recent months has been embedded in documents distributed as email attachments.

5. Don’t give yourself more login power than necessary.

Don’t stay logged in as an administrator any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator.

6. Patch, patch, patch.

Malware that doesn’t come in via document macros often relies on bugs in software and applications. When you apply security patches, you give the cybercriminals fewer options for infecting you with ransomware.

7. Train and retrain employees in your business.

Your users can be your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails.

8. Segment the company network.

Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.

You can watch a video about Ransomware here:

http://www.symantec.com/tv/products/details.jsp?vid=1954285164001

- naked security by Sophos (@duckblog), Forbes.com & Symantec.com

Macro-based malware is on the rise and Microsoft understand it is a frustrating experience for everyone. To help counter this threat, Microsoft is releasing a new feature in Office 2016 that blocks macros from loading in certain high-risk scenarios. 

Macro-based malware infection is still increasing

Macro-based malware continues its rise. Microsoft featured macro-based malware in their Threat Intelligence report in 2015, but infections are still increasing.

Despite periodic lulls, infections for the top 20 most detected macro-based malware were high over the past three months.

In the enterprise, recent data from their Office 365 Advanced Threat Protection service indicates 98% of Office-targeted threats use macros.

Note these are detections and not necessarily successful infections.

The enduring appeal for macro-based malware appears to rely on a victim’s likelihood to enable macros. Previous versions of Office include a warning when opening documents that contain macros, but malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected.

Block the macro, block the threat

In response to the growing trend of macro-based threats, Microsoft has introduced a new, tactical feature in Office 2016 that can help enterprise administrators prevent the risk from macros in certain high risk scenarios. This feature:

1. Allows an enterprise to selectively scope macro use to a set of trusted workflows.
2. Block easy access to enable macros in scenarios considered high risk.
3. Provide end users with a different and stricter notification so it is easier for them to distinguish a high-risk situation against a normal workflow.

This feature can be controlled via Group Policy and configured per application. It enables enterprise administrators to block macros from running in Word, Excel and PowerPoint documents that come from the Internet. This includes scenarios such as the following:

1. Documents downloaded from Internet websites or consumer storage providers (like OneDrive, Google Drive, and Dropbox).
2. Documents attached to emails that have been sent from outside the organization (where the organization uses the Outlook client and Exchange servers for email)
3. Documents opened from public shares hosted on the Internet (such as files downloaded from file-sharing sites).

Let’s walk through a common attack scenario and see this feature in action.

Claudia is an enterprise administrator at Contoso. After a rash of macro-based malware attacks targeting her organization, she learns of this new feature in Office 2016 and has rolled out a Group Policy update to all Office clients on the network.

Stewart is a cybercriminal looking to attack and penetrate the Contoso network. Stewart uses macro-based malware because he’s had recent successes using it. He launches his attack campaign against Contoso by targeting James, an employee there.

James receives an email from Stewart in his inbox that has an attached Word document. The email has content designed to pique James’s interest and influence him to open the attachment.

When James opens the Word document, it opens in Protected View. Protected View is a feature that has been available in Word, Excel, and PowerPoint since Office 2010. It is a sandboxed environment that lets a user read the contents of a document. Macros and all other active content are disabled within Protected View, and so James is protected from such attacks so long as he chooses to stay in Protected View.

However, Stewart anticipates this step and has a clear and obvious message right at the top of the document designed to lure James into making decisions detrimental to his organization’s security. James follows the instructions in the document, and exits Protected View as he believes that will provide him with access to contents of the document. James is then confronted with a strong notification from Word that macros have been blocked in this document by his enterprise administrator. There is no way for him to enable the macro from within the document.

James’s security awareness is heightened by the strong warning and he starts to suspect that there is something fishy about this document and the message. He quickly closes the document and notifies his IT team about his suspicions.

This feature relies on the security zone information that Windows uses to specify trust associated with a specific location. For example, if the location where the file originates from is considered the Internet zone by Windows, then macros are disabled in the document. Users with legitimate scenarios that are impacted by this policy should work with their enterprise administrator to identify alternative workflows that ensure the file’s original location is considered trusted within the organization.

Final tips

For end-users, Microsoft always recommend that you don’t enable macros on documents you receive from a source you do not trust or know, and be careful even with macros in attachments from people you do trust – in case they’ve been hacked.

For enterprise administrators, turn on mitigations in Office that can help shield you from macro based threats, including this new macro-blocking feature. If your enterprise does not have any workflows that involve the use of macros, disable them completely. This is the most comprehensive mitigation that you can implement today.

- Microsoft Malware Protection Center