Security Advisory on CSRF and XSS attacks affecting HTTP/HTTPS services
Customers using HTTP/HTTPS services should upgrade to 3.33.0
The SFTPPlus version 3.33.0 release is a major security update for the HTTP/HTTPS file transfer service and the SFTPPlus Local Manager service.
This update addresses the vulnerabilities concerning Cross-Site Request Forgery Attacks and Cross-Site Scripting Attacks …
SFTPPlus Release 3.33.0 now supports IPv6 server-side functionalities
We are pleased to announce the latest release of SFTPPlus version 3.33.0.
This is a significant release in that it supports the Internet's next generation protocol, IPv6, for all server-side functionalities.
As we begin to hit the upper limit of IPv4 addresses, the current standard, what matters to …
Data Loss Prevention - Systems, Software and Strategies
What is Data Loss Prevention (DLP)?
Data Loss Prevention (or DLP for short) is the application of technology and policies in order to detect and prevent potential data breaches and data ex-filtration. Data that is of particular interest include sensitive emails, documents and other information leaving the organizational boundary. Data …
SFTPPlus and its relevance with the OIAC Privacy Act and ASD ISM
In this post, we outline two main compliance obligations relevant to Australia - the OIAC Privacy Act and the ASD ISM. For those familiar with other international compliance obligations, such as the GPG13 (Good Practice Guide) provided by the UK or HIPAA (Health Insurance Portability and Accountability Act) provided by the …
SFTPPlus Release 3.32.0
We are pleased to announce the latest release of SFTPPlus version 3.32.0.
New Features
- SFTP and SCP file transfer services can now listen on IPv6 addresses and accept connections from IPv6 clients. [server-side][sftp][scp] [#1924]
- The HTTP and HTTPS service now accepts creating new folders with the …
Understanding the exchange between SFTP Client and SFTP Server
Why read this?
As part of meeting the Accounting component of the AAA (Authorization, Authentication and Accounting) framework, each event and action on the server and/or the client-side are recorded by SFTPPlus. These events have an associated Event ID which is also publicly searchable both on our website and …
Protecting your SFTPPlus configuration against SWEET32
Details of attacks on DES (Data Encryption Standard) and Triple DES, Birthday attacks on 64-bit block ciphers were released with the CVE ID of CVE-2016-2183. Read more about the CVE details here).
DES and Triple DES ciphers, used in TLS and SSH protocols and in subsequent relation also used in …