WV Cybersecurity Office

01/12/2018

The Cyber Security Office is proud to work with our education partners on this initiative!

06/16/2015

Be suspect of links that are in your email, around the web, and anywhere on your computer. Links, especially shortened URLs, may not always take you to where they say they are going too.

06/03/2015

Today's tip!

Share with care: Sharing provocative photos or intimate details online, even in private emails, can cause problems later on. Even people you consider friends can use the information you share online against you.

06/02/2015

The State of West Virginia is proud to support Internet Safety Month. Tune in frequently for tips and reminders on how to keep safe online!

“June is a great time to appreciate the warm weather and to consider how the season impacts our online lives. The Internet greatly enhances our summer experiences as we use technology to plan, enrich and share our activities,” said Michael Kaiser, NCSA’s executive director. “To support Internet Safe…

02/25/2015

We received over 400 entries in this year’s contest. All of our entries were fabulous and we had a hard time judging! These are the West Virginia winners that moved on to the nation contest.

12/08/2014

Holiday Shopping Goes Mobile: Be Cyber Secure Infographic

04/11/2014

Alert: Heartbleed Vulnerability Information

OpenSSL Heartbleed Vulnerability
OpenSSL (Secure Sockets Layer) is open-source technology, used for many websites, to ensure secure Internet communications via encryption.

A vulnerability — Heartbleed — has been discovered in OpenSSL, that could allow the exposure of sensitive information including passwords, financial data and other records.

On April 10, 2014, the Threat Based Cyber Alert Level was evaluated and raised to Orange (High) from Blue (Guarded) due to the "Heartbleed" vulnerability identified in OpenSSL. At this level, malicious activity has been identified with potential for a major level of disruption. In addition, there are credible reports that the OpenSSL vulnerability is currently being exploited to obtain sensitive data including private keys, user credentials and authentication cookies from vulnerable servers.

The OpenSSL vulnerability could allow an attacker to read sensitive data in memory on server and client machines.

It is recommended that organizations take the following steps immediately: Patch all vulnerable OpenSSL systems.
Revoke and reissue certificates that use OpenSSL/TLS.
Organizations should force user password changes for all impacted accounts. Be alert for phishing scams. Reports of phishing campaigns related to this vulnerability have been reported attempting to lure victims to credential-stealing sites. If you need to change your password, type the URL of the organization in a browser and do not click on links in emails that ask you to reset your passwords. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from untrusted sources.

Home Users: What should you do?

Check to see if any websites you have accounts on are vulnerable:
"Heartbleed Hit List" (http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/)
a listing of some popular websites and their vulnerability status
"Heartbleed Test" (http://filippo.io/Heartbleed/)
a tool for checking status of individual websites
Change passwords for all online accounts and e-mail, giving first priority to critical accounts.
Be alert for phishing scams. CIS received reports of phishing campaigns related to this vulnerability, attempting to lure victims to credential-stealing sites. If you need to change your password, type the URL of the organization in a browser and do not click on links in emails that ask you to reset your passwords.

Heartbleed: A look at which companies have issued a security patch to fix the Heartbleed bug.

04/02/2014

Tax season is in full swing and criminals are seizing the opportunity for scams. Because of the recent major data breaches we’ve seen in the past few months, which exposed sensitive information on a large scale, we should be even more vigilant about taking steps to minimize our risk of ID theft and other online-related crime. Don't become the next victim.

Scammers leverage every means at their disposal to separate you from your money, your identity, or anything else of value they can get. They may offer seemingly legitimate "tax services" designed to steal your identity and your tax refund, sometimes with the lure of bigger write-offs or refunds. Scams may include mocked up websites and tax forms that look like they belong to the IRS to trick you into providing your personal information.

Vigilance about the security of our online activities is required every day, but is especially important during this time of year. Continue reading for some warning signs to look for and basic precautions you can take to minimize risk. Click below or copy/paste the following link into your browser:

http://www.technology.wv.gov/SiteCollectionDocuments/Security%20Monthly%20Newsletter/2014/March2014_TaxScams.pdf)

02/14/2014

Reminder! We've extended the deadline to the 3rd Annual Art Contest until February 21 because of the amount of time students have been out of school this winter! http://www.technology.wv.gov/security/Students/Pages/Contests.aspx

West Virginia is happy to announce that we will be participating in the annual MS-ISAC Art Contest. Click the link for entry forms and more information. This year's national winners from WV below.