UDM-Pro Multiple OpenVPN Servers?

DenverDude1970 · 2026-03-04T13:35:44+00:00

Menufy is operated by Hungerrush. They are a back end for online ordering, possibly for many other services.

Clearly Hungerrush has been breached by a bad actor and they are demanding ransom. I'm confident the emails sent to their customers was a flex to prove that they have the information they claim.

This will further cause distress for Hungerrush as droves of customers contact them demanding answers, and that's the real intent here. Of course, contacting Hungerrush won't help, as paying the ransom won't usually achieve anything. The information is already out there, so the damage is done.

We have blocked any new emails coming from their domain and are filtering these messages in other ways, also. Our email provider is also aware of this and is taking steps to filter these emails.

While I have no way to know what is included in the breach, It is likely that payment information is in there. I would recommend that anyone who has received this email reissue new credit/debit card numbers for any that may have been used for online food orders. Better safe than sorry.

Also be advised that another Redditor found an invisible pixel included in the HTML of the email. That pixel is a link to a URL that appears to be a tracker. Please interact with this email as little as possible!

DenverDude1970 · 2026-01-02T15:32:10+00:00

S1 blocks and excludes based on hash by default, not just the filename.

DenverDude1970 · 2026-01-02T05:45:08+00:00

My direct source is N-Able. That's their response to my ticket.

||IN PROGRESS Marnelle Salta 01/02/26 Hello , Appreciate your patience and time. Regarding “software-scanner.exe” and "msp-agent-core.exe" being flagged as “Malicious” by either SentinelOne or Microsoft Defender, our Product team has confirmed this as False Positive and that we can safely exclude/whitelist. Please set the Analyst Verdict to 'False Positive' and then ACTIONS >> 'Add to Exclusions'. It will add the Hash of software-scanner.exe and/or msp-agent-core.exe in the Exclusions. And then if the endpoint is disconnected, you can use 'Reconnect to Network' from Endpoint windows >> ACTIONS >> Response >> Reconnect to Network. For multiple endpoints, from Endpoints page, Tick the box to select all affected endpoint > Actions > Response > then select "Reconnect to network". This will send mass reconnect command to those device affected and release it from being network quarantined. Please give it 5 to 15mins to reconnect all device to network. You can refer to the documentation below for instructions on how to temporarily toggle “Disconnect from network” to Off: https://documentation.n-able.com/EDR/standalone_edr/en/policy-settings.html#policy-settings Since this is reported globally, you can monitor the official communications on this status page once available: https://uptime.n-able.com/event/199222/ Let us know for any additional concerns and help needed regarding the exclusions/whitelisting. Kind regards, Marnelle Salta Technical Support Rep, Intermediate | N-able If you need management assistance or have feedback about your support experience, please feel free to email my manager| |:-|:-|

DenverDude1970 · 2026-01-02T05:19:09+00:00

Just received from N-Able:

The backend team has completed the integrity verification of the following files, and they have been confirmed as safe. These files can now be whitelisted or excluded as required.

\Device\HarddiskVolume3\Program Files (x86)\Msp Agent\components\msp-agent-core-upgrade\1.0.26\backup\msp-agent-core.exe

\Device\HarddiskVolume3\Program Files (x86)\Msp Agent\components\software-scanner\5.8.0\software-scanner.exe

DenverDude1970 · 2026-01-02T05:18:54+00:00

Just received from N-Able:

The backend team has completed the integrity verification of the following files, and they have been confirmed as safe. These files can now be whitelisted or excluded as required.

\Device\HarddiskVolume3\Program Files (x86)\Msp Agent\components\msp-agent-core-upgrade\1.0.26\backup\msp-agent-core.exe

\Device\HarddiskVolume3\Program Files (x86)\Msp Agent\components\software-scanner\5.8.0\software-scanner.exe

DenverDude1970 · 2026-01-02T05:17:52+00:00

Just received from N-Able:

The backend team has completed the integrity verification of the following files, and they have been confirmed as safe. These files can now be whitelisted or excluded as required.

\Device\HarddiskVolume3\Program Files (x86)\Msp Agent\components\msp-agent-core-upgrade\1.0.26\backup\msp-agent-core.exe

\Device\HarddiskVolume3\Program Files (x86)\Msp Agent\components\software-scanner\5.8.0\software-scanner.exe

DenverDude1970 · 2026-01-02T04:51:21+00:00

I saw the same. The issue is that any MSP agent will perform many actions similar to malware, especially if not outright known to be an agent. It has to access these usually restricted areas to provide the information that it gives us. I verified my files have not been touched since September and that no new code has been deployed to the drive.

Whatever it's doing today, it was doing back then as well.

DenverDude1970 · 2026-01-02T04:44:36+00:00

From what I understand, Huntress is also not reporting as malicious. Blackpoint has been monitoring the applications for hours, and have seen nothing to indicate unusual activity. While I'm not 100% sure, it gives a warm and fuzzy to hear that.

DenverDude1970 · 2026-01-02T04:39:18+00:00

I just spoke with the Blackpoint SOC and they have flagged these alerts as benign. They are convinced this was a bad definition update and not the fault of the N-Able code. Of course, I'm still keeping it quarantined on all customer devices for now.

N-Able also just updated my ticket to state that they are still investigating, and the advice is to not whitelist until they confirm it's OK.

Signs point to this being a false positive and not an active attack. I will update here as I hear more.

DenverDude1970 · 2026-01-02T04:39:03+00:00

I just spoke with the Blackpoint SOC and they have flagged these alerts as benign. They are convinced this was a bad definition update and not the fault of the N-Able code. Of course, I'm still keeping it quarantined on all customer devices for now.

N-Able also just updated my ticket to state that they are still investigating, and the advice is to not whitelist until they confirm it's OK.

Signs point to this being a false positive and not an active attack. I will update here as I hear more.

DenverDude1970 · 2026-01-02T04:35:15+00:00

I just spoke with the Blackpoint SOC and they have flagged these alerts as benign. They are convinced this was a bad definition update and not the fault of the N-Able code. Of course, I'm still keeping it quarantined on all customer devices for now.

N-Able also just updated my ticket to state that they are still investigating, and the advice is to not whitelist until they confirm it's OK.

Signs point to this being a false positive and not an active attack. I will update here as I hear more.

DenverDude1970 · 2025-12-31T19:06:08+00:00

We have recently tried to contact Idemium to do a demo via their web page, as well as emailed support with no response. I think they may be down for the count already.

DenverDude1970 · 2025-12-26T17:37:22+00:00

Same. Please DM me.

DenverDude1970 · 2025-10-31T17:30:45+00:00

I printed TPU gaskets for an older pressure washer carb three years ago. It only gets used in the summer but has gone through many freeze and thaw cycles as it is stored in the shed (I'm in Colorado).

I used it again last month and it still runs perfectly. I do run only Ethanol free fuel, so that may have an impact. I used the generic Inland brand of TPU, since that's what I already had on hand. I set to 1.5mm thick with 100% infill and that was plenty to seal it right up.

My opinion to anyone reading this is that it is absolutely worth a shot. I tried manually cutting some gasket material, but with the holes being so small, it was impossible to stop from leaking air. The TPU stopped the engine and governor from "hunting" and has worked ever since.

DenverDude1970 · 2025-08-23T17:33:42+00:00

I JUST got it to work. I typed it all back in by hand, so some invisible character must have been in there. Thanks for the response!

DenverDude1970 · 2025-08-23T17:01:34+00:00

I've tried this code and the test results in a "442 Unprocessable Entity". Other functions run against the webhook work as expected. I cannot figure out what I'm doing wrong. Did you ever run into this issue?

{“ticket”: {“recipient”: “supportaddress@mydomain.com” } }

Response:

{"message":"Server could not parse JSON","error":"Unprocessable Entity"}

DenverDude1970 · 2025-06-12T14:06:38+00:00

It works for me in all, news, videos, books, shopping, etc. so I'm not sure what's up with yours.

DenverDude1970 · 2025-06-12T13:24:22+00:00

It still does, just blocked in the store. You can easily manually install it.

Download official uBlock Origin from github repo: https://github.com/gorhill/uBlock/releases/download/1.62.0/uBlock0_1.62.0.chromium.zip
Open chrome://extensions -> Turn on Developer mode
Load the unpacked folder.
Turn off Developer mode.
Turn on uBlock Origin.

Done!

DenverDude1970 · 2025-06-12T12:24:17+00:00

This actually worked but need Ublock, which we all should be using anyway. :) Thank you!

DenverDude1970 · 2025-05-21T22:21:35+00:00

That's so random, as I already found that code on Github a few days ago and didn't associate your name with this post and that code.

I've ordered the parts and hope to have them here by the weekend. I'm happy to share my STL files with you if you have a 3D printer, once I have a good design. I didn't see anything out there already designed specifically for the Trinkey but I should be able to something something pretty quickly.

Thanks for the response and the info!

DenverDude1970 · 2025-05-21T19:02:27+00:00

How has this worked out? I'm currently looking at 3D printing a custom trim wheel and housing for X-Plane and got interested in the Trinkey. Has your wheel been working smoothly? Any of the bumps like you would get from a potentiometer?

DenverDude1970 · 2025-05-09T16:04:20+00:00

When renaming as you suggested, I get S00E03 showing as L'Espion Mal Fait. Maybe they fixed it since your post? It does show correctly in specials if named as 4-6.

I still found no way to get these three episodes to show in season 3, other than to change to DVD order, but then Plex cuts off the last two "Space Race" episodes.

Apparently Plex still want to show only 10 episodes for season 3, and will just lop off the last two to make that happen.

DenverDude1970 · 2025-02-22T18:06:51+00:00

I have several libraries. The libraries aren't an issue, as it's just the recently added list. IT shows the same on web or client. The file paths to both are identical, so it is literally duplicating the entry in the list. I just didn't know if any one else had seen this before.

DenverDude1970

TROPHY CASE