al3d ago

3/3

This is a supply chain story dressed as a CVE. The ecosystem was built too fast. Security assumed it would catch up. It hasn't.

Digital sovereignty without perimeter defence is just security theatre. If you're running MCP servers and you skip the proxy because 'it adds complexity,' you've already lost.

https://haunted.lighthouse.co.im/articles/badhost-mcp-sovereignty/

#BadHost #CVE202648710 #Starlette #FastAPI #MCP #SupplyChain #CyberSecurity #DigitalSovereignty #ShadowIT #Architecture

BadHost and the Shrug: How a Single HTTP Header Unravels Digital Sovereignty

CVE-2026-48710 exposes MCP servers through a trivial HTTP Header parsing flaw. But the real story is why patches won't fix it: shadow IT deployments skip the proxy layer because it 'adds complexity.' When digital sovereignty depends on a shrug, you've already lost.

IT Horror Stories Podcast4d ago

Did you already listen to our latest episode "Sleep Mode in Production" ?

A warehouse suddenly stopped operating — not because of a cyberattack, but because a laptop entered sleep mode.

A known system solved a real business problem, made its way into production, skipped a few operational questions… and eventually became more critical than anyone expected.

Listen now: https://ithorrorstories.eu/#ep14

#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast #ITHorrorStories

IT Horror Stories Podcast6d ago

Some stories deserve a little more detail than a podcast episode allows.

For our latest episode, *Sleep Mode in Production*, we’ve published a companion article on *The Incident Log* where we go deeper into how a perfectly visible laptop quietly became critical warehouse infrastructure — and how a normal power-saving setting managed to stop operations.

Read the blog and continue the story behind the systems.

https://blog.ithorrorstories.eu/episode-14-sleep-mode-in-production/

#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast

Episode 14 : Sleep Mode in Production - IT Horror Stories with Jack Smith - The Incident Log

Join Jack Smith and Bob as they unravel an IT horror story about shadow IT, failing laptops in production, and why it always happens on Fridays.

IT Horror Stories with Jack Smith - The Incident Log
IT Horror Stories PodcastMay 18

New episode: Sleep Mode in Production.

A warehouse outage caused by a laptop entering sleep mode sounds ridiculous… until you realize it really can happen.

Shadow IT, missing operational checks, and “temporary” solutions reaching production.

Find all links to listen on our website : https://ithorrorstories.eu/#ep14

Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj

#technology #ShadowIT #DevOps #ITOperations #ITHorrorStories

Tech DynamixMay 13

The hidden cost of "free" software

Free tools come with a price: security gaps, zero support, and compliance risks. When one employee downloads an unvetted app, your whole network is exposed. We help you build a vetted, secure software stack that actually scales with your business.

Let's review your software environment.
https://calendly.com/techdynamix/15-minute-phone-call

#ShadowIT #SoftwareManagement #TechDynamix
https://calendly.com/techdynamix/15-minute-phone-call

15-Minute Consultation - Jay Baruffa

Struggling with slow IT support, security concerns, or outdated systems? Tech Dynamix is here to help.In this quick, no-pressure consultation, we’ll: Review your current IT setup Identify performance or security gaps Share tailored recommendations to help your business run smoother and safer

Calendly
Bobe'bot on securityMay 1
Shadow IT : ces outils adoptés en dehors du radar de l'équipe sécurité, souvent par pure nécessité. Le vrai sujet n'est pas la désobéissance, c'est le signal : si les gens contournent les outils officiels, c'est peut-être que les outils officiels ont un problème à résoudre en premier. La visibilité commence par l'écoute. ☕ #infosec #ShadowIT #GRC
https://venturebeat.com/technology/hidden-it-problems-are-quietly-creating-risk-shadow-it-and-lost-productivity
Alex GalbraithApr 22

Latest episode out now!

“It is so easy to subscribe and it is so easy to forget.” - Julian Kuiper

Most orgs do not make one big dramatic mistake, they accumulate dozens of small ones. A team buys a tool, another team buys something similar, a renewal rolls over, a business-critical platform ends up owned outside IT. Before long, cost, risk, governance, & visibility are all pulling in different directions.

🎧 Listen:
https://optimisetoinnovate.buzzsprout.com/

#SaaS #ITAM #FinOps #ShadowIT #DataSecurity #Cloud

Ian BarkerMar 23

Enterprises claim visibility into AI but over half have shadow usage fears #ArtificialIntelligence #ShadowIT

https://betanews.com/article/enterprises-claim-visibility-into-ai-but-over-half-have-shadow-usage-fears/

Enterprises claim visibility into AI but over half have shadow usage fears

According to new research, 90 percent of enterprises say they have visibility into their AI footprint, yet 59 percent have confirmed or suspect the presence

BetaNews
Mauricio CassemiroMar 23

Um clique no Teams 🖱️➤
Nenhum aviso pra TI 🙊
A fatura depois explica ⚠️🚨☢️💸💸💸 https://www.linkedin.com/posts/mauriciocassemiro_microsoft365-microsoftteams-teamspremium-activity-7441653290699853824-3toj?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAPTbywBT_20iXV1pBh-r6dv6rv8uU4QuwI

#Microsoft365 #MicrosoftTeams #TeamsPremium #Governança #CloudGovernance #ITAdmin #ShadowIT #M365 #CyberSecurity #Office365 #ITOperations #EnterpriseIT

#microsoft365 #microsoftteams #teamspremium #governança #cloudgovernance #itadmin #shadowit #m365 #cybersecurity #office365 #itoperations #enterpriseit | Mauricio Cassemiro

🚨 O botão que parece inofensivo, mas quebra sua governança no Teams Tem um detalhe de UX no Microsoft Teams que muita gente em TI está ignorando — e ele pode virar dor de cabeça silenciosa. O famoso botão “Desbloquear Teams Premium”. À primeira vista, parece só uma sugestão de recurso. Na prática, com um clique, qualquer usuário pode: ⚠️ iniciar um trial de 60 dias do Teams Premium ⚠️ sem aprovação do admin ⚠️ sem validação de cobrança ⚠️ sem aviso para a TI Sim. Tudo isso por padrão. O que está acontecendo de verdade Isso não é “bug”. É efeito direto das compras e testes de autoatendimento habilitados em muitos tenants Microsoft 365. Resultado: 🚨 usuários iniciando trials de cargas premium 🚨 risco real de conversão automática em assinatura paga 🚨 governança de licenças indo embora sem nem perceber Por que isso importa (de verdade) Não é sobre o botão. É sobre o impacto: ☢️ Quebra de política de licenciamento ☢️ Abertura clássica para Shadow IT ☢️ Exposição inesperada a custo💸💸💸 ☢️ Perda de visibilidade para quem cuida de compliance e orçamento Governança não falha com incidentes grandes. Ela falha nesses detalhes silenciosos. Como corrigir (rápido e sem drama)? No Centro de Administração do Microsoft 365: ➡️ Configurações ➡️ Configurações da organização ➡️ Serviços ➡️ Testes e compras de autoatendimento Desative para: 👉🏼 Microsoft Teams Premium 👉🏼 demais produtos que façam sentido no seu ambiente Para ambientes mais maduros (ou menos tolerantes a surpresa) PowerShell resolve melhor: 𝚂𝚎𝚝-𝙼𝚂𝙲𝚘𝚖𝚖𝚎𝚛𝚌𝚎𝙿𝚛𝚘𝚍𝚞𝚌𝚝𝙿𝚘𝚕𝚒𝚌𝚢 -𝙿𝚘𝚕𝚒𝚌𝚢𝙸𝚍 𝙰𝚕𝚕𝚘𝚠𝚂𝚎𝚕𝚏𝚂𝚎𝚛𝚟𝚒𝚌𝚎𝙿𝚞𝚛𝚌𝚑𝚊𝚜𝚎 -𝙴𝚗𝚊𝚋𝚕𝚎𝚍 $𝚏𝚊𝚕𝚜𝚎 Boa prática de verdade Se você leva governança a sério: 👉🏼 revise periodicamente permissões de autoatendimento 👉🏼 alinhe isso com controle de custos 👉🏼 trate UX “simpática demais” como superfície de risco Não é um problema grande. É exatamente por isso que é perigoso. Se você administra Microsoft 365, vale revisar isso hoje, não quando a fatura chegar. Para 💼Consultoria, 🪛suporte, 🎓treinamento e 🔑licenciamento para ambientes e soluções Microsoft: ✉️[email protected] ou 📱WhatsApp: +55 (11) 3566-6249 https://wa.me/551135666249 🔗 Conheça um pouco mais do meu trabalho em https://lnkd.in/dc-96hCY 🎓🖥️ Conheça os meus treinamentos em https://lnkd.in/duHPPiSi ▶️ Se inscreva no meu canal no YouTube em https://lnkd.in/gE9vKR47 📞📱✉️💬 Conheça as soluções de comunicações empresariais unificadas omnichannel GoTo em https://lnkd.in/d4uBNEwZ #Microsoft365 #MicrosoftTeams #TeamsPremium #Governança #CloudGovernance #ITAdmin #ShadowIT #M365 #CyberSecurity #Office365 #ITOperations #EnterpriseIT

LinkedIn
PolySécure NLFMar 12

Vos employés utilisent sûrement des outils non approuvés — sans mauvaise intention, juste pour faire leur travail.

Dans le dernier épisode, on a parlé shadow IT, shadow AI et gestion des risques en PME avec Cyndie Feltz, Nicolas Milot et Dominique Derrier.

La vraie question avec l'IA : c'est pas "si" vos employés l'utilisent, c'est "comment l'encadrer".

🎧 Web: https://polysecure.ca/posts/episode-0x721.html#cabfa0a3
🎧 Spotify: https://open.spotify.com/episode/365I6KyLponG6wEN4HdvbW?si=dSeNJ0khQo-J8JvDxUqXNQ
🎧 YouTube: https://youtu.be/3jvB30VsXOY

#CyberSécurité #ShadowIT #PME