Security News

Almost 40% of senior security leaders said that when they held crisis exercises, there was inaction from the business and those most critical in crisis were missing in cybersecurity training. "In the first 30-minutes of a crisis, it is highly unlikely you're thinking of your plan. It's the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro-drills, or very focused exercises, designed to address particular risks, must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective."

The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses. On Aug. 6, security training firm SANS Institute discovered a data breach of approximately 28,000 records as the result of one successful phishing attack against a single employee.

Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people. In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."

British infosec biz NCC Group has admitted to The Register that its internal training materials were leaked on GitHub - after folders purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories. CREST offers a certification called CRT: CREST Registered Tester.

Known as SAFE Phish, it's designed to let security teams create training exercises using real-life, de-weaponized campaigns that target their organizations and employees. "With SAFE Phish technology, end-users can safely be exposed to real-life, de-weaponized phishing attacks to make training more effective and provide a data-driven picture of which employees are most at risk. Our research has shown that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. We're very excited about how SAFE Phish simulations can further help increase the impact of our security awareness solution."

The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Cybersecurity profession crisis. Cybersecurity pros need a globally accepted career development plan.

Information security training and certification provider Offensive Security this week announced the acquisition of VulnHub, an open-source catalog of security training resources. Headquartered in New York City and active since 2007, Offensive Security offers security counseling and training, including penetration testing and digital forensics.

Offensive Security has acquired open source security training resource hub VulnHub. "As part of Offensive Security's ongoing commitment to community projects, we are excited to add VulnHub to the OffSec family," said Ning Wang, CEO, Offensive Security.

announced that Global Knowledge has been added as an Official Training Provider for the UK, further expanding the range of leading training organizations offering² certification preparation training in one of the world's biggest markets for IT security professionals. Global Knowledge will be providing exam preparation training for the full range of² certifications to its UK customer base, delivering pathways to new sectors and audiences, increasing the size of the UK channel presence for2 and responding to increased demand and a growing supply shortage of certified professionals in the workforce.

Virginia-based cybersecurity training company RangeForce announced on Tuesday that it has raised $16 million in a Series A funding round. RangeForce plans on using the money for global growth, to accelerate go-to-market efforts, boost product development, and expand its network of training orchestration partners.