Document outline now available in the Google Docs app on your iOS devices

In March, we introduced the document outline in Google Docs on the web and Android devices. This feature simplifies and speeds up the process of navigating long, complicated documents. Today, we’re excited to announce that you can also use the document outline in the Google Docs app on your iPhone or iPad.

Displayed in a pane at the bottom of the page, this outline features headings for each section of your document, making it simple to quickly jump from place to place. If you haven’t manually applied headings, the feature will intelligently detect the logical divisions within your work. You can then edit or remove those headings as necessary.

google-docs-Outline

This functionality, coupled with the fast scrolling feature launched for the Docs iOS app in April, will make it even easier for you to move through your work in Docs.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by Google.com

 

How to Outsmart Ransomeware

Support for Google Drive for Mac/PC versions 1.22 and older ending on July 1, 2016

Today, we’re announcing that as of July 1, 2016, we will discontinue support for  Google Drive for Mac/PC sync client versions 1.22 and lower and going forward, any Google Drive for Mac/PC versions which are older than 1 year old.

Newer versions of the sync client offer several performance and security updates. We recommend that you take the following actions as soon as possible:

OS X and Windows users may check what version of the sync client they are using by clicking on the Drive for Mac/PC menu (which appear as three dots) and then clicking About. The dialog that appears will include the version number on it. Users still on versions 1.22 and lower after July 1, 2016 will no longer be able to sync files between Google Drive and local storage using Google Drive for Mac/PC.

In the coming weeks, we’ll also be contacting domain administrators whose users currently use older versions of Google Drive for Mac/PC and provide guidance on the appropriate migration path.

Release track:
Rapid release and Scheduled release

Reference by Google.com

 

Ransomware-Locky

Ransomware-Locky

Virus Type: Ransomware

Ransomware-Locky is a ransomware that scramble the contents of a computer or server (associated network shares ,both mapped and unmapped and removable media) and demands payment to unlock it “usually by anonymous decentralized virtual currency BITCOINS”.

Locky features:

  • Domain Generation Algorithm (DGA)
  • Mapped / Unmapped Network share discovery
  • Restore point deletion

The contents of the original files are encrypted (renamed to .locky) using an RSA-2048 and AES-1024 algorithm.The compromised user has to pay the attacker to get the files decrypted.

Propagation Methods

The primary modus operandi of Locky is via spammed emails that come with an attachment in the form of a MACRO ENABLED Microsoft Office document file with catchy subjects similar to ATTN: Invoice J-98223146 / invoice_J-12345678.doc / Rechnung-54-110090.xls

Ransomeware locky

Once MACROS are trick to be enabled, the embedded downloads Locky, stores it in the Temp folder and executes it. Once installed Locky scraps the file systems (and unmapped shares also), with certain extensions (.pptx, .pptm, .dotm, .dotx, .docm, .docx, .RTF,. DOC, .pem,.crt, .key, wallet.dat,.pdf, .XLS, .PPT,,tar.bz2, .bak, .tar, .tgz, .rar, .zip, .bmp, .png, .gif, .jpeg, .jpg, .tif, .tiff, .bat, .class, .jar, .java, .asp, .vbs,.cpp, .php,.sql etc) and scrambles it and renaming it to [unique_id][identifier].locky As part of the initial infection process, Locky deletes the volume shadow copy files hence preventing restoring the system to an earlier steady state by “vssadmin.exe Delete Shadows /All /Quiet”

Major File System Changes

Files created %temp%.exe
%user Desktop%/\_Locky_recover_instructions.bmp
%user Desktop%/_Locky_recover_instructions.txt

Presence of registry keys

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Run “Locky” = “LOCKY PATH”


HKCU\Software\Locky\id – The unique ID assigned to the victim.
HKCU\Software\Locky\pubkey – The RSA public key.
HKCU\Software\Locky\paytext – The text that is stored in the ransom notes.
HKCU\Software\Locky\completed – Whether the ransomware finished encrypting the computer
HKCU\Control Panel\Desktop\Wallpaper “%UserProfile%\Desktop\_Locky_recover_instructions.bmp”

Ransomeware- locky-extortion-msg

Locky [leverages Domain Generation Algorithm (DGA] is reported as making network connection to the following :

185.14.30.97, 195.154.241.208, 195.22.28.196, 195.22.28.198, 31.41.47.37, 95.181.171.58, avp-mech.ru, bebikiask.bc00.info, cgavqeodnop.it, cms.insviluppo.net, dltvwp.it, kqlxtqptsmys.in, neways-eurasia.com.ua, premium34.tmweb.ru, pvwinlrmwvccuo.eu, sso.anbtr.com, test.rinzo.biz, tramviet.vn, uponor.otistores.com, uxvvm.us, wblejsfob.pw

A detailed list of Indicators of compromise including domains, IP’s, Malware HASH listed IOC 

Recommendations

  • Block connections to the IPS/ domains aforementioned.

Note:

  • Blocking IP addresses should always be carefully considered and only when subject to the business needs.
  • Connection to unexpected domains should be categorically monitored /blocked since Locky employs DGA
  • Create SRP rules to block execution of the executables listed in the IOC section.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Disable Macro in Microsoft Office applications. Macros can run in Office applications only if Macro Settings are set to “Enable all macros” or if the user manually enables a macro. By default, it will be in a disabled state. The recommended setting is to select the option “Disable all macros with notification” in “Macro Settings”.
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
  • Practice and Enforce Least privilege Policy. Lock down all open network shared to the lowest permissions.
  • Follow safe practices when browsing the web. Ensure the web browsers are secured enough with best practices.
  • Network segmentation and segregation into security zones – help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.
  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths
  • Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
  • Disable remote Desktop Connections, employ least-privileged accounts.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications.
  • Enable personal firewalls on workstations.
  • Strict External Device (USB drive) usage policy.
  • Employ data-at-rest and data-in-transit encryption.
  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
  • Keep your operating system, browsers, browser plugins & Antivirus Software up-to-date with the latest patches.

 

Reference by cert-in.org.in

Getting rid of spoofers: Digitally sign your Gmail messages with 2048-bit DKIM keys

Back in 2011, we launched the ability for any Google Apps administrator to set up DomainKey Identified Mail (DKIM). DKIM is a way to digitally sign messages so that recipient servers can verify that the message really comes from your domain and hasn’t been changed along the way. Additionally, when you sign your messages with DKIM, they become less likely to get caught up in recipients’ spam filters.

The fight against spoofers still continues today, and as spoofer’s tools have gotten more powerful, 1024-bit DKIM keys are no longer as secure. For that reason, we’re pleased to announce that Google Apps customers can now digitally sign their messages with 2048-bit DKIM keys, and we strongly recommend making this the standard for all email messages sent from your domain going forward.

Recommendations

  • If you are currently not using DKIM to protect your Gmail messages, set up 2048-bit DKIM in the Admin console. See the Help Center articles below for instructions.
  • If you are already using DKIM with 1024-bit keys, check with your DNS provider to see if they support 2048-bit keys. If so, update your domain keys to 2048-bit for the best protection.

Important: Some domain registrars do not yet support 2048-bit DKIM keys, even though this has been available for more than 30 years. For those domains, we still offer the ability to sign messages with 1024-bit keys from a drop-down.
Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

Reference by  Google.com

 

Dial in with ease using the latest Google Calendar app for Android

An update to the Google Calendar app for Android is coming to Google Play. When you dial in to your conference call, Google Calendar can now automatically add the passcode. Simply tap the call-in number from the calendar event and you’ll be prompted to select the relevant pass code for you ─ host or participant.
Tap to Call using google calender
Note: Google Calendar detects the passcode or meeting ID from the location or notes field in the calendar event. If this information is not found, dialing in will be the same as before, where the passcode or meeting ID is dialed manually.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Full rollout (1-3 days for feature visibility)

Impact:
All end users

Action: 
Change management suggested/FYI

Reference by Google.com

Contact importing now available in the new Google Contacts preview

We recently announced that the new Google Contacts is available for preview from the Admin console. By enabling the preview, administrators can allow their users access to the new Google Contacts, along with the many benefits that come with it, like a new fresh look and improved contact merge features.

One popular request from Google Apps users was the ability to easily import their contacts into Google Contacts. We’re happy to announce that starting today, the ability to import contacts, powered by ShuttleCloud, is now available for Google Apps users.

Getting started for administrators

  • Administrators must first enable the “Contacts Preview” for their users via Apps > Google Apps > Settings for Contacts > Advanced Settings
    Enable Google Contacts Preview
  • Administrators must also enable “User email uploads” in the Gmail User Settings by going to Apps > Google Apps > Settings for Gmail > Advanced Settings
    Enable User Email Uploads

Getting started for users

  • Users can now import contacts from a wide variety of supported mail and contact sources.
  • From the new Google Contacts preview, simply click More > Import > and choose the account that you’d like to migrate from.
  • You will be prompted for that account’s username and password, and your contacts will start transferring once you have successfully granted authorization.
     Import Contacts powered by ShuttleCloud
  • If you do need to import your contacts using a CSV file, click on CSV file in the above dialog box, and then click on Go to Old Contacts to be taken to Contacts Manager.

Launch Details

Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Full rollout (1-3 days for feature visibility)

Impact:
All end users

Action:
Admin action suggested/FYI, OR
Change management suggested/FYI

 

Reference by Google.com

Enhanced support for images in the Google Sheets mobile apps

Images—for instance, business logos—can make or break a spreadsheet. With that in mind, we’re launching improved image and drawing functionality in the Google Sheets mobile apps. Starting today, you can:

  • View images and drawings in in the Sheets app on your iPhone or iPad.

 google sheets for ios

  • View images and drawings—even in frozen sections!—in the Sheets app on your Android device (previously these images would not render in frozen cells on Android).

google sheets for android
Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by Google.com

Accept questions from your audience when presenting in Google Slides

Any skilled presenter knows that an interactive presentation is often an effective presentation. Starting today, you can better engage your audience by allowing them to submit questions and vote on them during Google Slides presentations.

To see the feature in action, check out this video in which Google Science Fair winner Shree Bose fields questions from a group of 200 middle school students.

Q&A google slides

A few things to note:

  • The Slides Q&A feature works on desktop computers, Android mobile devices, and iOS mobile devices.
  • You can only use Slides Q&A if you have the edit or comment access to that Slides presentation.
  • By default, any user in your domain can submit a question. If your organization permits external sharing, you can allow external users to submit questions as well.

For more information on how to accept, submit, and view audience questions in Google Slides, check out the Help Center.

Bonus! Allowing your audience to ask questions isn’t the only way we’re improving the presentation experience on Slides today. We’re also making the following possible:

  • Use your mouse as a laser pointer in Slides on the web. Just choose the laser pointer option from the toolbar and move your mouse, and a red laser-like dot will appear in the same place on screen, helping your audience know where to look and when.
  • In the Slides iOS app, present to a new Hangout or to a Hangout selected from a meeting on your Google Calendar. For more information, check out the Help Center.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release:

  • All mobile features
  • All audience features on mobile and desktop

Launching to Rapid release, with the Scheduled release coming in two weeks:

  • Ability for a presenter to enable Q&A on desktop

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by Google.com

 

Google Calendar for Android: Find a time for my meeting

Smartphones have made productivity portable. You no longer have to be at your desk to catch up on meeting notes, dial into a conference call, or send an email. But scheduling meetings on the go is still difficult, as you have to open your laptop to check everyone’s calendar and find a time that works.

Starting today, if you use Google Apps for Work or Edu, you can schedule meetings from anywhere with “Find a time” in Google Calendar for Android.

With a single tap, “Find a time” helps you find meeting times that work for everyone—even if they’re in different time zones—based on their availability and the times they usually have meetings. If there are no times that work, Calendar will look at which conflicting meetings can most easily be rescheduled. Designed specifically for organizations where sharing your calendar with colleagues is the norm, here’s how it works:

 

Google Calendar for Android

“Find a time” makes suggestions, but you’re still in control. You can tap to see everyone’s schedule at a glance—perfect for making sure the timing works for all. And if you manage someone else’s calendar, you can use the feature to schedule meetings on their behalf as well.

Download Google Calendar for Android to get easy, on-the-go scheduling. And yes, we’re also working on bringing “Find a time” to iPhone, as well as easier ways to schedule on the web.

Launch Details
Release track:  
Launching to both Rapid release and Scheduled release
Rollout pace: 
Full rollout (1-3 days for feature visibility)
Impact: 
All end users
Action:
Change management suggested/FYI
Reference by Google.com