April 30, Help Net Security – (International) Barracuda fixes critical MITM flaws in its Web filter. Barracuda Networks issued a security update patching two critical flaws in the firmware of its Web Filter appliances in which an attacker could perform man-in-the-middle (MitM) attacks due to vulnerabilities in certificate verification when performing secure socket layer (SSL) inspection and the use of default certificates for multiple machines. Source
April 29, Securityweek – (International) Bartalex malware used to deliver Dyre banking trojan to enterprises. Security researchers at Trend Micro discovered a campaign employing thousands of spam emails purporting to be from the Automated Clearing House (ACH) that point to malicious documents on Dropbox containing the Bartalex malware, which downloads the Dyre banking trojan once macros are enabled. Thirty-five percent of the infections observed in the past 3 months were in the U.S. Source