The breach of the European Commission's cloud infrastructure was attributed to a supply chain attack against the Trivy vulnerability scanner, which was exploited by the ShinyHunters group to steal and leak approximately 340 GB of data containing personal information. The article does not provide specific technical details on the Trivy vulnerability's attack vector, CVSS score, affected versions, fixed version, or workarounds.
CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, last names, usernames, and email addresses, predominantly from the European Commission’s websites but potentially pertaining to users across multiple Union entities,” European Union’s CERT said. “The … More → The post Trivy supply chain attack enabled European Commission cloud breach appeared first on Help Net Security .