Security Links
A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
#PHISHING
LOTS Project - Living Off Trusted Site

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.

https://lots-project.com/
VirusTotal

Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

https://www.virustotal.com/
CaniPhish Blog

Follow the latest phishing trends by reading articles published by the CanIPhish team.

https://caniphish.com/phishing-resources/blog
phish.ly

Analyze suspicious emails with Tines & urlscan. Forward a suspicious email (or an .eml attachment) to scan@phish.ly, Tines will automatically analyze the URLs with urlscan and send you a report.

https://phish.ly/
Jigsaw

The quiz for phishing. Can you spot when you’re being phished? Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?

https://phishingquiz.withgoogle.com/
Palo Alto Networks URL Filtering

Enter a domain or URL into the search engine to view details about its current URL categories. To request recategorization of this website, click Request Change below the search results.

https://urlfiltering.paloaltonetworks.com/query/