Got an email late last night from a vendor saying a self-hosted service we use had signs of compromise. Hmm, I thought, as the icy fingers of panic started gripping me...it's on an RFC1918 network so if that's true we have bigger problems. So after kicking off a full IR procedure with absolutely no results, we get mailed 3 hours later saying they made a mistake. Fuckers. #infosec
Follow
To be fair our CISO was skeptical from the off, but enjoyed the exercise. I did not.
