Got an email late last night from a vendor saying a self-hosted service we use had signs of compromise. Hmm, I thought, as the icy fingers of panic started gripping me...it's on an RFC1918 network so if that's true we have bigger problems. So after kicking off a full IR procedure with absolutely no results, we get mailed 3 hours later saying they made a mistake. Fuckers. #infosec
Follow
One thing this did encourage me to do is find out exactly what $VENDOR can fetch off the server. If it can't talk to their infrastructure it nags about it, but I now want to know what they're collecting that led them to even make a determination what's happening on the file system of an internal server.
