updates

windows/security/intelligence/TOC.md

@@ -26,6 +26,8 @@
 
 ## [Worms](worms-malware.md)
 
+## [Transparency report](transparency-report.md)
+
 # [Industry collaboration programs](cybersecurity-industry-partners.md)
 
 ## [Virus information alliance](virus-information-alliance-criteria.md)

windows/security/intelligence/coinminer-malware.md

@@ -16,7 +16,7 @@ Cybercriminals are always looking for new ways to make money. With the rise of d
 
 ## How coin miners work
 
-Most infections start with:
+Many infections start with:
 
 - Email messages with attachments that try to install malware.
 
@@ -36,4 +36,10 @@ DDE exploits, which have been known to distribute ransomware, are now delivering
 
 For example, a sample of the malware detected as Trojan:Win32/Coinminer (SHA-256: 7213cbbb1a634d780f9bb861418eb262f58954e6e5dca09ca50c1e1324451293) is installed by Exploit:O97M/DDEDownloader.PA, a Word document that contains the DDE exploit.
 
-The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A), which then downloads the trojanized miner: a modified version of the miner XMRig, which mines Monero cryptocurrency.
+The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A), which then downloads the trojanized miner: a modified version of the miner XMRig, which mines Monero cryptocurrency.
+
+## How to protect against coin miners
+
+Since coin miners is becoming a popular payload in many different kinds of attacks, see general tips on how to [prevent malware infection](prevent-malware-infection.md).
+
+For more information on coin miners, see the blog post [Invisible resource thieves: The increasing threat of cryptocurrency miners](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/13/invisible-resource-thieves-the-increasing-threat-of-cryptocurrency-miners/).

windows/security/intelligence/exploits-malware.md

@@ -14,7 +14,7 @@ ms.date: 07/01/2018
 
 Exploits take advantage of “vulnerabilities” in software. A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware exploits these vulnerabilities to bypass your computer's security safeguards to infect your device.
 
-## How it works
+## How exploits and exploit kits work
 
 Exploits are often the first part of a larger attack. Hackers scan for outdated systems that contain critical vulnerabilities, which they then exploit by deploying targeted malware. Exploits often include what's called "shellcode". This is a small malware payload that's used to download additional malware from attacker-controlled networks. This allows hackers to infect devices and infiltrate organizations.
 
@@ -22,7 +22,7 @@ Exploit kits are more comprehensive tools that contain a collection of exploits.
 
 The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails. Some websites unknowingly and unwillingly host malicious code and exploits in their ads.
 
-The infographic below shows how an exploit kit might attempt to exploit your PC when you visit a compromised webpage.
+The infographic below shows how an exploit kit might attempt to exploit a PC when a compromised webpage is visited.
 
 ![example of how exploit kits work](./images/exploitkit.png)
 
@@ -35,12 +35,6 @@ Prevalent exploit kits include:
 - [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fNeutrino)
 - [Nuclear](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
 
-## How to protect against exploits
-
-The best prevention for exploits is to keep your software up-to-date. Software vendors provide updates for many known vulnerabilities and making sure these updates are applied to your devices is an important step to prevent malware.
-
-Enterprise admins typically manage updates for apps, devices, servers in large organizations.
-
 ## How we name exploits
 
 We categorize exploits in our Malware encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.
@@ -49,3 +43,9 @@ A project called "Common Vulnerabilities and Exposures (CVE)" is used by many se
 The portion "2016" refers to the year the vulnerability was discovered. The "0778" is a unique ID for this specific vulnerability.
 
 You can read more on the [CVE website](https://cve.mitre.org/).
+
+## How to protect against exploits
+
+The best prevention for exploits is to keep your organization's software up-to-date. Software vendors provide updates for many known vulnerabilities and making sure these updates are applied to all devices is an important step to prevent malware.
+
+For more general tips, see [prevent malware infection](prevent-malware-infection).

windows/security/intelligence/macro-malware.md

@@ -12,11 +12,11 @@ ms.date: 07/01/2018
 ---
 # Macro malware
 
-Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, Macro malware uses this functionality to infect your device.
+Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, macro malware uses this functionality to infect your device.
 
-## How Macro malware works
+## How macro malware works
 
-Macro malware hides in Microsoft Word or Microsoft Excel documents and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare you into opening them. They often look like invoices, receipts, legal documents, and more. Examples of filenames include:
+Macro malware hides in Microsoft Word or Microsoft Excel documents and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more. Examples of filenames include:
 
 - case number.doc
 - e-ticket_79010838.doc
@@ -26,11 +26,11 @@ Macro malware hides in Microsoft Word or Microsoft Excel documents and are deliv
 - logmein_coupon.doc
 - receipt_3458934.doc
 
-Macro malware was fairly common several years ago because macros ran automatically whenever you opened a document.
+Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened.
 
-However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince you to turn on macros so that their malware can run. They do this by showing you fake warnings when you open a malicious document.
+However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened.
 
-If you are fooled into enabling macros in a document that contains malware, you could be infected. We've have seen macro malware download threats from the following families:
+We've seen macro malware download threats from the following families:
 
 - Ransom:MSIL/Swappa
 - Ransom:Win32/Teerac
@@ -41,13 +41,11 @@ If you are fooled into enabling macros in a document that contains malware, you
 
 ## How to protect against macro malware
 
-These kinds of threats require users to enable macros.
-
-Protect yourself and your organization by keeping an eye out for suspicious attachments and check your macro settings.
-
-- Check if macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:
+- Make sure macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:
     - [Enable or disable macros](https://support.office.com/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12) in Office documents
 
-- Don’t open suspicious emails or suspicious attachments
+- Don’t open suspicious emails or suspicious attachments.
 
-- If you get an email from someone you don’t know, or an invoice for something you don’t remember buying, delete it. Spam emails are the main way macro malware spreads.
+- Delete any emails from unknown people or with suspicious content. Spam emails are the main way macro malware spreads.
+
+For more general tips, see [prevent malware infection](prevent-malware-infection).