Security News

is committed to helping you keep your Certified Cloud Security Professional certification goals on track this year. is bringing back special pricing on flexible CCSP exam prep so you can keep moving forward with full freedom and confidence.

CIOs are prioritizing identity and access management over endpoint security and security awareness training in 2020, according to a Hitachi ID survey. Their goals reflect these new priorities: 86% said they're aiming to improve security standards across their environment, while 80% are making their tech stack more flexible for remote and on-premise users.

Almost 40% of senior security leaders said that when they held crisis exercises, there was inaction from the business and those most critical in crisis were missing in cybersecurity training. "In the first 30-minutes of a crisis, it is highly unlikely you're thinking of your plan. It's the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro-drills, or very focused exercises, designed to address particular risks, must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective."

The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses. On Aug. 6, security training firm SANS Institute discovered a data breach of approximately 28,000 records as the result of one successful phishing attack against a single employee.

Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people. In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."

British infosec biz NCC Group has admitted to The Register that its internal training materials were leaked on GitHub - after folders purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories. CREST offers a certification called CRT: CREST Registered Tester.

Known as SAFE Phish, it's designed to let security teams create training exercises using real-life, de-weaponized campaigns that target their organizations and employees. "With SAFE Phish technology, end-users can safely be exposed to real-life, de-weaponized phishing attacks to make training more effective and provide a data-driven picture of which employees are most at risk. Our research has shown that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. We're very excited about how SAFE Phish simulations can further help increase the impact of our security awareness solution."

The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Cybersecurity profession crisis. Cybersecurity pros need a globally accepted career development plan.

Information security training and certification provider Offensive Security this week announced the acquisition of VulnHub, an open-source catalog of security training resources. Headquartered in New York City and active since 2007, Offensive Security offers security counseling and training, including penetration testing and digital forensics.

Offensive Security has acquired open source security training resource hub VulnHub. "As part of Offensive Security's ongoing commitment to community projects, we are excited to add VulnHub to the OffSec family," said Ning Wang, CEO, Offensive Security.