Tag
Valtimo Sensitive Data Exposure via Excessive HTTP Request/Response Logging (CVE-2026-44516)
1 ruleThe `LoggingRestClientCustomizer` in Valtimo's `web` module automatically intercepts all outgoing HTTP calls and logs the full request/response body and headers, potentially exposing sensitive information like credentials, personal data, and session tokens via error messages logged at ERROR level (CVE-2026-44516).
ABB B&R PVI Sensitive Information Logging Vulnerability
2 rules 1 CVEAn authenticated local attacker can gather credential information from ABB B&R PVI client application logs when logging is enabled, addressed in version 6.5.0 (CVE-2026-0936).
Cisco ASA Logging Filters Configuration Tampering
2 rules 1 TTPTampering with logging filter configurations on Cisco ASA devices can allow attackers to evade detection by reducing logging levels or disabling specific log categories.
AWS CloudTrail Logging Evasion via UpdateTrail
2 rules 1 TTPAttackers modify AWS CloudTrail settings using UpdateTrail events to evade detection by disabling or limiting logging, as indicated by non-console user agents.
AWS Bedrock Model Invocation Logging Deletion Attempt
2 rules 1 TTPDetection of attempts to delete AWS Bedrock model invocation logging configurations, potentially indicating an adversary trying to remove audit trails of model interactions after credential compromise, to hide malicious AI model usage.
Detection of IIS HTTP Logging Disabled via AppCmd.exe
2 rules 2 TTPsThis analytic detects the use of AppCmd.exe to disable HTTP logging on IIS servers, allowing adversaries to evade detection by removing evidence of their actions.