Got an email late last night from a vendor saying a self-hosted service we use had signs of compromise. Hmm, I thought, as the icy fingers of panic started gripping me...it's on an RFC1918 network so if that's true we have bigger problems. So after kicking off a full IR procedure with absolutely no results, we get mailed 3 hours later saying they made a mistake. Fuckers. #infosec
@sullybiker happened to me once where a massive industry critical vendor insisted we were compromised and sending them large amounts of traffic. After a solid day of research and finding zero evidence of a breach, the vendor discovered they were accidentally running an automated test on themselves in the wrong environment.
