In the year 2018-19, there were some unconfirmed reports from few customers regarding vulnerabilities identified in one update file. The corrupt update file delivered to the eScan system was investigated by the eScan Cybersecurity Team in the same year. Remediation efforts by eScan were deployed during the same period.
There were approximately 18 support Tickets logged regarding this corrupt update file and all were logged from countries outside India. Detailed investigation revealed that some of the tickets logged were reported to have eScan product downloaded and installed from illegal torrent sites.
At the current stage, eScan confirms that there is no such vulnerability present in the product update mechanism. From 2019 onwards, there have been no Tickets raised with regards to corrupt update file.
After the remediation in the year 2018-19, the following advisory points were shared with customers globally:
Regarding the cybersecurity firm's report published on April 23rd, 2024, the information mentioned within the report pertains to the year 2018-19. As mentioned above, during that time forensic analysis was conducted on the update file, which was also shared with major cybersecurity firms as part of eScan Threat Intelligence Sharing. The server used for updating was sinkholed, and rigorous security controls were implemented in the year 2019 itself.
We would like to assure our global customers and partners that as eScan cybersecurity solutions gain global popularity, we are heavily investing in blocking cyber-attacks on our solutions and infrastructure.
For any query you may write to advisory@escanav.com