Afternoon Dessert - 2022-07-11

Welcome to another Afternoon Dessert breakout:

How to auto block macros in Microsoft Office docs from the internet
With Microsoft temporarily rolling back a feature that automatically blocks macros in Microsoft Office files downloaded from the Internet, it is essential to learn how to configure this security setting manually. This article will explain why users should block macros and how you can block them in Microsoft Office. [...]
Read more....

That didn’t last! Microsoft turns off the Office security it just turned on
An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.
Read more....

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know
It's a bit like Log4J, but for configuration files, not for logging.
Read more....

Microsoft says decision to unblock Office macros is temporary
Microsoft says last week's decision to roll back VBA macro auto-blocking in downloaded Office documents is only a temporary change. [...]
Read more....

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the
Read more....

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs
GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency
Read more....

Microsoft: Windows Autopatch is now generally available
Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting today. [...]
Read more....