Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
geraldjoyce312
Newcomer I

Recent HSM breaches

I have been looking on the web for news and background on any recent HSM breaches. I haven't found anything less than about three years old. Would anyone know of a resource I could look at to gather information? I am interested in researching the cause of the breaches, whether they be hardware tampering, a code vulnerability, misconfiguration, placed in the wrong security zone with the wrong security controls, etc. Any information would be greatly appreciated.

Tags (2)
1 Reply
Caute_cautim
Community Champion

Re: Recent HSM breaches

@geraldjoyce312   The fact is HSMs are used for all sorts of Financial Institutions around the world, for regulatory requirements etc.   The fact is many vendors would not like this type of information to be available in the public realm - bad for business and reputation, trust etc.

 

Based on this link:  https://searchsecurity.techtarget.com/tip/What-are-the-biggest-hardware-security-threats

 

You can perceive some of the issues from going from manual to automation processes in terms of assurance, balanced carefully in terms of mandated regulation, especially in the payment and transaction space.

 

Or even using Cloud based HSMs.   I once saw one situation, where by the management interface was actually left exposed on the same public VLAN, which caused some internal issues for the organisation involved, especially as the client actually found it themselves and were actively using the services to use Cloud based HSMs, using a mobile device.  It was solved very quickly indeed as you can imagine.

 

Other links I have uncovered are:

 

https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/

 

https://www.sans.org/white-papers/757/

 

https://www.venafi.com/blog/what-are-hardware-security-modules-and-how-important-are-they-your-organ...

 

https://blog.fuelusergroup.org/implementing-and-using-hardware-security-modules

 

https://www.globenewswire.com/news-release/2021/08/25/2286086/0/en/Global-Hardware-Security-Module-M...

 

https://cyware.com/news/vulnerabilities-in-hardware-security-modules-hsms-allow-attackers-to-retriev...

 

https://www.unboundsecurity.com/blog/major-vulnerabilities-in-hardware-security-modules/

 

Other major factors are going to be misconfiguration, human beings and errors over time.

 

Regards

 

Caute_Cautim