[Wikimedia-l] Security Notification: Malware creating fake Wikipedia donation banner
Hello, In order to keep the community informed of threats against Wikimedia projects and users, the Wikimedia Security team has some information to share. Malware installed via pirated contented downloaded from sites such as the Pirate Bay can cause web browsers compromised by the malware to create a fake donation banner for Wikipedia users. While the actual malware is not installed or distributed via Wikipedia, unaware visitors may be confused or tricked by it's activities. The malware seeks to trick visitors to Wikipedia by looking like a legitimate Wikipedia banner asking for donations. Once the user clicks on the banner, they are then taken to a portal that leads them to transfer money to a fraudulent bitcoin account that is not controlled by the Foundation. The current version of this malware is only infecting Microsoft Windows users at the time of this notification. To date, the number of people affected is small. The fraudulent accounts have taken approximately $700 from infected users. However, we strongly encourage all users to use and update their antivirus software. Additional details and a screenshot of the fake donation banner on can be found at Bleepingcomputer.com. [0] [0] https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/ Thanks, John Bennett ___ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
Re: [Wikimedia-l] Updates for failed logins and OurMine
Hello, Additional details for the May dictionary attack and the 2016 OurMine attack have been provided at: https://phabricator.wikimedia.org/phame/blog/view/13/ Thanks John Bennett On Mon, 2018-08-27 at 12:13 -0500, John Bennett wrote: > Hello, > > The Security team will be putting together a brief summary of events > for both of these incidents and plan on sharing an overview by Sept > 7th. > > Thanks > John Bennett ___ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
[Wikimedia-l] Updates for failed logins and OurMine
Hello, The Security team will be putting together a brief summary of events for both of these incidents and plan on sharing an overview by Sept 7th. Thanks John Bennett ___ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
[Wikimedia-l] Information on "Multiple failed attempts to log in" emails
Hello, Many of you may have been receiving emails in the last 24 hours warning you of "Multiple failed attempts to log in" with your account. I wanted to let you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to decrease the success of attacks like these. The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized access to random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised. While we are constantly looking at improvements to our security systems and processes to offset the impact of malicious efforts such as these, the best method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the past to support things like stronger password requirements,[1] and we continue to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your passwords,[2] actively running antivirus software on your systems, and keeping your system software up to date. My team will continue to investigate this incident, and report back if we notice any concerning changes. If you have any questions, please contact the Support and Safety team (susa{{@}}wikimedia.org). John Bennett Director of Security, Wikimedia Foundation [1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword ___ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>