Z naszego bloga

  • EDID Emulation – What Is It and Why Should You Choose AV Access iDock KVM Switches?
    EDID Emulation – What Is It and Why Should You Choose AV...

    When working with multiple computers using a KVM switch, one of the most common issues is the need to re-detect the monitor after switching the signal source. This can result in changes to the resolution, icons shifting on the desktop, application windows moving to different locations, and sometimes even a temporary loss of the image. The solution to this problem is EDID Emulation technology, available in professional AV Access iDock KVM switches offered by Abart Pro.

    07/08/2026
  • Internet światłowodowy 2 Gb/s, 8 Gb/s i więcej w Polsce – czy Twój komputer potrafi wykorzystać pełną prędkość?
    Internet światłowodowy 2 Gb/s, 8 Gb/s i więcej w Polsce –...

    Just a few years ago, 1 Gb/s fiber-optic Internet seemed like a solution reserved for the most demanding business users. Today, the situation is completely different. More and more providers in Poland are offering connections exceeding 1 Gb/s, and Internet access with speeds of 2 Gb/s or even 8 Gb/s is becoming a reality for both home users and professionals.

    07/04/2026
  • Archiware P5, UNITEX, and QNAP – a complete solution for archiving data on LTO tapes
    Archiware P5, UNITEX, and QNAP – a complete solution for...

    Data Archiving Without Compromise – Archiware P5, UNITEX, and QNAP Create a Comprehensive Data Protection Environment In an era of growing data volumes and increasingly frequent ransomware threats, professional archiving is becoming an essential component of IT infrastructure. Companies involved in film production, photography, CAD design, scientific research, and public administration need a solution that is secure, easy to use, and cost-effective. The combination of Archiware P5 software, UNITEX LTO external drives, and QNAP NAS servers creates a comprehensive environment for long-term data archiving, eliminating many of the limitations of traditional solutions.

    07/01/2026
  • DisplayLink – How to Connect More Monitors to Apple Mac Computers Running macOS, PCs, ChromeOS, and Android. A Complete Guide
    DisplayLink – How to Connect More Monitors to Apple Mac...

    DisplayLink is a technology that easily expands the workspace of Apple Mac computers running macOS, PCs running Windows, and devices running ChromeOS and Android without compromising image quality or the performance of your Mac

    06/26/2026

Ransomware can now run directly on the CPU, researcher warns

The ghost in the machine is reaching the deepest foundations of the computing infrastructure

Chipmakers typically use microcode updates to fix bugs and improve CPU reliability. However, this low-level layer between hardware and machine code can also serve as a stealthy attack vector – capable of hiding malicious payloads from all software-based defenses. As threats evolve, even the deepest layers of a system can no longer be assumed safe.

A security researcher designed a way to \"weaponize\" microcode updates to install ransomware directly onto the CPU. Rapid7 analyst Christiaan Beek drew inspiration from a critical flaw in AMD's Zen processors, discovered by Google researchers earlier this year. The flaw could allow attackers to modify the RDRAND instruction and inject a custom microcode that always selects \"4\" when generating a random number.

Microcode updates should theoretically be exclusive to CPU manufacturers, ensuring the correct update installs only on compatible processors. While injecting a custom microcode is difficult, it is not impossible, as the RDRAND flaw demonstrates. Using his knowledge of firmware security, Beek set out to write a CPU-level ransomware.

The Register notes that the security expert developed a proof-of-concept (PoC) that hides a ransomware payload inside the processor. He described the breakthrough as \"fascinating,\" though he has no plans to release any documentation or code from the PoC. Cybercriminals could bypass all traditional security technologies after compromising the CPU or motherboard firmware using Beek's method.

Beek emphasized that extremely low-level ransomware threats aren't just theoretical. The infamous BlackLotus bootkit, for example, can compromise UEFI firmware and infect systems protected by Secure Boot. He also quoted snippets from the Conti ransomware group chat log 2022 breach. Conti developers were reportedly working on a PoC to install ransomware directly into UEFI firmware.

\"If we modify the UEFI firmware, we can trigger encryption before the OS loads. No AV can detect this,\" the cybercriminals stated.

With the right exploit, they could abuse vulnerable UEFI releases that allowed unsigned updates to carry out the covert ransomware installation.

If a few capable black hat hackers had been exploring this kind of threat years ago, Beek said, the most skilled among them would have eventually succeeded. He criticized the IT industry for chasing trends instead of fixing core problems. While corporations focus on agentic AI, machine learning, and chatbots, fundamental security remains neglected. Ransomware gangs rake in billions annually through weak passwords, high-risk vulnerabilities, and poor multi-factor authentication.

Leave a comment