Skip to main content

California Biotech Tycoon Found Guilty of Orchestrating Rival's Murder

2 months 3 weeks ago
California biotech entrepreneur and former magician Serhat Gumrukcu has been found guilty of orchestrating the 2018 murder of his business rival Gregory Davis, who had threatened to expose Gumrukcu's fraudulent dealings. He faces sentencing in November. SFGATE reports: Seven years ago, Turkish national Serhat Gumrukcu, 42, of Los Angeles, was negotiating a multimillion-dollar biotech merger built off his work on a supposed HIV cure. The deal was put in jeopardy by a former business partner named Gregory Davis, 49, who had threatened to bring legal action against Gumrukcu for fraudulent activities relating to a previous failed oil commodities deal, the U.S. Attorney's Office said in a news release last week. Gumrukcu, a magician-turned-scientist who admitted to buying his medical degree from a Russian university, lived in a Hollywood mansion and partied with Oscar winners and movie producers, according to VTDigger. He stood to make millions from the merger of his biotech company Enochian BioSciences. [...] In 2017, upon learning that Davis, a father of six from Danville, Vermont, could potentially spoil his fortune-making deal, Gumrukcu set in motion a hit on the former business partner. The murder-for-hire plot involved four men in total, prosecutors said. Gumrukcu had a close friend from Las Vegas, Berk Eratay, approach a third man, Aron Ethridge to find a hit man to kill Davis. The shooter, 37-year-old Montana man Jerry Banks, arrived at Davis' home on Jan. 6, 2018, in a vehicle fitted with flashing red and blue lights and posed as a deputy U.S. marshal. After abducting Davis, Banks shot him dead in the vehicle and left the body partially buried in a snowbank nearby. Investigators soon narrowed in on Gumrukcu after discovering emails between him and Davis revealing tensions over the failed oil deal. Gumrukcu was interviewed twice by the FBI and made false statements on both occasions, federal prosecutors said. Further inspection of cellphone data, bank information and messages identified the four men involved in the kidnapping and killing of Davis.

Read more of this story at Slashdot.

BeauHD

Redis Warns of Critical Flaw Impacting Thousands of Instances

2 months 3 weeks ago
An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. Redis (short for Remote Dictionary Server) is an open-source data structure store used in approximately 75% of cloud environments, functioning like a database, cache, and message broker, and storing data in RAM for ultra-fast access. The security flaw (tracked as CVE-2025-49844) is caused by a 13-year-old use-after-free weakness found in the Redis source code and can be exploited by authenticated threat actors using a specially crafted Lua script (a feature enabled by default). Successful exploitation enables them to escape the Lua sandbox, trigger a use-after-free, establish a reverse shell for persistent access, and achieve remote code execution on the targeted Redis hosts. After compromising a Redis host, attackers can steal credentials, deploy malware or cryptocurrency mining tools, extract sensitive data from Redis, move laterally to other systems within the victim's network, or use stolen information to gain access to other cloud services. "This grants an attacker full access to the host system, enabling them to exfiltrate, wipe, or encrypt sensitive data, hijack resources, and facilitate lateral movement within cloud environments," said Wiz researchers, who reported the security issue at Pwn2Own Berlin in May 2025 and dubbed it RediShell. While successful exploitation requires attackers first to gain authenticated access to a Redis instance, Wiz found around 330,000 Redis instances exposed online, with at least 60,000 of them not requiring authentication. Redis and Wiz urged admins to patch their instances immediately by applying security updates released on Friday, "prioritizing those that are exposed to the internet." To further secure their Redis instances against remote attacks, admins can also enable authentication, disable Lua scripting and other unnecessary commands, launch Redis using a non-root user account, enable Redis logging and monitoring, limit access to authorized networks only, and implement network-level access controls using firewalls and Virtual Private Clouds (VPCs).

Read more of this story at Slashdot.

BeauHD