https://community.isc2.org/t5/Threats/Recent-HSM-breaches/m-p/47210#M370 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/704671939">@geraldjoyce312</a>&nbsp;&nbsp; The fact is HSMs are used for all sorts of Financial Institutions around the world, for regulatory requirements etc.&nbsp;&nbsp; The fact is many vendors would not like this type of information to be available in the public realm - bad for business and reputation, trust etc.</P><P>&nbsp;</P><P>Based on this link:&nbsp; <A href="https://searchsecurity.techtarget.com/tip/What-are-the-biggest-hardware-security-threats" target="_blank">https://searchsecurity.techtarget.com/tip/What-are-the-biggest-hardware-security-threats</A></P><P>&nbsp;</P><P>You can perceive some of the issues from going from manual to automation processes in terms of assurance, balanced carefully in terms of mandated regulation, especially in the payment and transaction space.</P><P>&nbsp;</P><P>Or even using Cloud based HSMs.&nbsp;&nbsp; I once saw one situation, where by the management interface was actually left exposed on the same public VLAN, which caused some internal issues for the organisation involved, especially as the client actually found it themselves and were actively using the services to use Cloud based HSMs, using a mobile device.&nbsp; It was solved very quickly indeed as you can imagine.</P><P>&nbsp;</P><P>Other links I have uncovered are:</P><P>&nbsp;</P><P><A href="https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/" target="_blank">https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/</A></P><P>&nbsp;</P><P><A href="https://www.sans.org/white-papers/757/" target="_blank">https://www.sans.org/white-papers/757/</A></P><P>&nbsp;</P><P><A href="https://www.venafi.com/blog/what-are-hardware-security-modules-and-how-important-are-they-your-organization" target="_blank">https://www.venafi.com/blog/what-are-hardware-security-modules-and-how-important-are-they-your-organization</A></P><P>&nbsp;</P><P><A href="https://blog.fuelusergroup.org/implementing-and-using-hardware-security-modules" target="_blank">https://blog.fuelusergroup.org/implementing-and-using-hardware-security-modules</A></P><P>&nbsp;</P><P><A href="https://www.globenewswire.com/news-release/2021/08/25/2286086/0/en/Global-Hardware-Security-Module-Market-Analysis-Trends-Industry-Forecast-to-2028.html" target="_blank">https://www.globenewswire.com/news-release/2021/08/25/2286086/0/en/Global-Hardware-Security-Module-Market-Analysis-Trends-Industry-Forecast-to-2028.html</A></P><P>&nbsp;</P><P><A href="https://cyware.com/news/vulnerabilities-in-hardware-security-modules-hsms-allow-attackers-to-retrieve-sensitive-data-3002e405" target="_blank">https://cyware.com/news/vulnerabilities-in-hardware-security-modules-hsms-allow-attackers-to-retrieve-sensitive-data-3002e405</A></P><P>&nbsp;</P><P><A href="https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/" target="_blank">https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/</A></P><P>&nbsp;</P><P>Other major factors are going to be misconfiguration, human beings and errors over time.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 29 Aug 2021 20:23:45 GMT Caute_cautim 2021-08-29T20:23:45Z https://community.isc2.org/t5/Threats/Recent-HSM-breaches/m-p/47169#M369 <P>I have been looking on the web for news and background on any recent HSM breaches. I haven't found anything less than about three years old. Would anyone know of a resource I could look at to gather information? I am interested in researching the cause of the breaches, whether they be hardware tampering, a code vulnerability, misconfiguration, placed in the wrong security zone with the wrong security controls, etc. Any information would be greatly appreciated.</P> Mon, 09 Oct 2023 09:58:00 GMT https://community.isc2.org/t5/Threats/Recent-HSM-breaches/m-p/47169#M369 geraldjoyce312 2023-10-09T09:58:00Z https://community.isc2.org/t5/Threats/Recent-HSM-breaches/m-p/47210#M370 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/704671939">@geraldjoyce312</a>&nbsp;&nbsp; The fact is HSMs are used for all sorts of Financial Institutions around the world, for regulatory requirements etc.&nbsp;&nbsp; The fact is many vendors would not like this type of information to be available in the public realm - bad for business and reputation, trust etc.</P><P>&nbsp;</P><P>Based on this link:&nbsp; <A href="https://searchsecurity.techtarget.com/tip/What-are-the-biggest-hardware-security-threats" target="_blank">https://searchsecurity.techtarget.com/tip/What-are-the-biggest-hardware-security-threats</A></P><P>&nbsp;</P><P>You can perceive some of the issues from going from manual to automation processes in terms of assurance, balanced carefully in terms of mandated regulation, especially in the payment and transaction space.</P><P>&nbsp;</P><P>Or even using Cloud based HSMs.&nbsp;&nbsp; I once saw one situation, where by the management interface was actually left exposed on the same public VLAN, which caused some internal issues for the organisation involved, especially as the client actually found it themselves and were actively using the services to use Cloud based HSMs, using a mobile device.&nbsp; It was solved very quickly indeed as you can imagine.</P><P>&nbsp;</P><P>Other links I have uncovered are:</P><P>&nbsp;</P><P><A href="https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/" target="_blank">https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/</A></P><P>&nbsp;</P><P><A href="https://www.sans.org/white-papers/757/" target="_blank">https://www.sans.org/white-papers/757/</A></P><P>&nbsp;</P><P><A href="https://www.venafi.com/blog/what-are-hardware-security-modules-and-how-important-are-they-your-organization" target="_blank">https://www.venafi.com/blog/what-are-hardware-security-modules-and-how-important-are-they-your-organization</A></P><P>&nbsp;</P><P><A href="https://blog.fuelusergroup.org/implementing-and-using-hardware-security-modules" target="_blank">https://blog.fuelusergroup.org/implementing-and-using-hardware-security-modules</A></P><P>&nbsp;</P><P><A href="https://www.globenewswire.com/news-release/2021/08/25/2286086/0/en/Global-Hardware-Security-Module-Market-Analysis-Trends-Industry-Forecast-to-2028.html" target="_blank">https://www.globenewswire.com/news-release/2021/08/25/2286086/0/en/Global-Hardware-Security-Module-Market-Analysis-Trends-Industry-Forecast-to-2028.html</A></P><P>&nbsp;</P><P><A href="https://cyware.com/news/vulnerabilities-in-hardware-security-modules-hsms-allow-attackers-to-retrieve-sensitive-data-3002e405" target="_blank">https://cyware.com/news/vulnerabilities-in-hardware-security-modules-hsms-allow-attackers-to-retrieve-sensitive-data-3002e405</A></P><P>&nbsp;</P><P><A href="https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/" target="_blank">https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/</A></P><P>&nbsp;</P><P>Other major factors are going to be misconfiguration, human beings and errors over time.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 29 Aug 2021 20:23:45 GMT https://community.isc2.org/t5/Threats/Recent-HSM-breaches/m-p/47210#M370 Caute_cautim 2021-08-29T20:23:45Z