Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Office 365 To Let Admins Block Active Content on Trusted Docs

Office 365 To Let Admins Block Active Content on Trusted Docs

Microsoft plans to allow Office 365 admins ensure that end-users can’t ignore organization-wide policies set up to block active content on Trusted Documents.

Redmond says trusted docs are files with active content (e.g., ActiveX controls, macros, and Dynamic Data Exchange (DDE) functions that don’t require user interaction) that open without warnings after the content has been enabled.

Trusted documents will automatically open without prompts even if altered by adding new (potentially malicious) active content, bypassing Office’s Protected View, which opens files from potentially unsafe locations as read-only.

“However, the prompt appears if the file was moved since you last trusted the file. After a document is trusted, it does not open in Protected View. Therefore, you should trust documents only if you trust the source of the file,” Microsoft explains.

Also Read: PDPA Laws And Regulations; A Systematic Guidelines In Singapore

Part of an ongoing Office security hardening effort

“We are changing the behavior of Office applications to enforce policies that block Active Content (ex. macros, ActiveX, DDE) on Trusted Documents,” Microsoft said on the Microsoft 365 Roadmap.

“Previously, Active Content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it.”

As part of an ongoing effort towards Office security hardening, the IT administrators’ choice to block Active Content even for trusted files will now always take precedence over the user’s choice to trust a document.

This would translate in all documents with embedded active content being opened in Protected View, despite a user’s willingness to ignore security warnings reminding them that all active content has been disabled.

Also Read: What Is PDPA And What Are The 5 Things You Should Know About

Microsoft plans to roll out this new feature by the end of October, making it generally available worldwide in all environments.

Office 'Enable Content' prompt
Office ‘Enable Content’ prompt (Microsoft)

In related news, Redmond is also updating Defender for Office 365 to protect users from embedded email threats when previewing quarantined emails.

In May, Microsoft updated the security baseline for Microsoft 365 Apps for enterprise (formerly Office 365 Professional Plus) to protect from unsigned macros and JScript code execution attacks.

In March, it also added XLM macro protection for Microsoft 365 customers to block malware abusing Office VBA macros and PowerShell, JScript, VBScript, MSHTA/Jscript9, WMI, or .NET code, which are regularly used to deploy malicious payloads via Office document macros.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us