Hello, welcome to the Friday, December 22nd, 2017 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Remember how many issues we had with S&B version 1 this year?

Well, and prior years, there is one more bug that you probably need to fix

rather quickly if you're running Dell EMC storage gear.

Turns out the data domain deduplication and data protection software suffers from a critical

memory overflow vulnerability that can lead possibly to remote code

execution, but almost certainly to a denial of service against affected devices.

Effected are pretty much all current versions of Data Domain DDOS.

This includes the 5.76061 families of this software.

Also, if you're running the Data Domain Virtual Edition, then 203031 are all affected.

So at the very least, before you head home for the holidays

double-check that you have firewall rules preventing access via SMB to these

devices from the outside. This particular flaw does not require authentication. No

exploit has been released up to this point, but who knows, people

are probably working on it already. And ever received an email from Facebook and you weren't

quite sure if this is an authentic email from Facebook or not. Well, Facebook now introduced a new feature that helps you make that decision.

If you go to settings in Facebook and then select security and login at the very bottom of the page,

you'll find a new item that lists all recent emails sent by Facebook.

So here you can review whether or not that password reset or whatever you received was an actual

Facebook message or not.

There are two categories here.

...