Today’s premium story is about protecting the energy sector, and the unique public/private partnerships that are underway to promote additional infosec research. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account. 

-- David Strom

1. The sales intelligence firm Apollo suffered a breach over the summer. Their data was found on a public website, and it contains detailed information about more than 200 million people, although not financial data. The hackers seemed to have scraped information from LinkedIn and Salesforce. -- WIRED

2. Restaurant chain Burgerville has suffered another data breach. The vendor only realized malware from the hacking group FIN7 had been on their systems only when the FBI notified them in August. Lawsuits have been filed.

3. More on the Chinese spy chips. Research from earlier this summer shows how certain server chips can easily be exploited for malicious purposes without any backdoor implants. Remote execution attacks only require a network connection. Both the US and UK governments have sided with the deniers about any observed hacking activity. -- SECURITY WEEK

4. The DanaBot banking Trojan is back. It was seen last May in Australia, now it has been observed in North America and Europe. It has a very subtle phishing link. -- HACKER COMBAT

5. Funding and merger news.   

Palo Alto Networks is acquiring cloud threat defense company RedLock for $173M.

Preservica raised a $10M B funding round led by Mobeus Equity Partners. The UK-based digital content protection firm has Mike Quinn as its CEO.

Xaptum raised a $3.1M round led by VCapital. The Chicago-based firm offers IoT edge device security and has Rohit Passam as its CEO.

Tanium raised a $200M round led by Wellington Management. The Bay Area endpoint detection firm has Orion Hindawi as its CEO.

Ctera Networks raised a $30M D round led by Red Dot Capital. The NYC-based firm has Liran Eshel as its CEO..

Hysolate raised a $18M B round led by Bessemer Ventures. The Israeli and NYC-based firm offers secure cloud-based file storage and Tal Zamir is its CEO.

CloudKnox raised a $10.75M round led by ClearSky Security. The cloud privilege management firm is based in Silicon Valley and has Balaji Parimi as its CEO.

Randori raised a $9.75M round led by Accomplice. The red team attack simulation tool firm is based in Boston and is led by Brian Hazzard.

Perch Security raised a $8M A round led by ConnectWise. The automated threat intelligence service is based in Tampa and has Gary Fish as its CEO.

Puresec raised a $7M A round led by Square Peg Capital. The Israeli firm has a tool for securing serverless apps and is led by Shaked Zin.

Wiretap raised a $11M round led by Rev1. They are based in Columbus Ohio and can track risky employee behavior. Their CEO is Jeff Schumann.

6. California has passed the Information Privacy: Connected Devices bill. It requires that IoT makers use stronger passwords and other security features when it goes into effect in 2020. One post opines this isn’t far-reaching enough as it doesn’t address firmware updates. Others offered additional weaknesses.

7. Earlier this summer, an Oregon chiropractic clinic found malware had been inside their systems for more than two years. It collected patient and billing data. -- TILLAMOOK COUNTY PIONEER NEWSPAPER

8. That eight-character password isn’t really strong enough security. Modern GPU-based computers can crack them in seconds. -- SECURITY INTELLIGENCE (IBM)

9. This month the DotGov registrar is now requiring Google Authenticator 2FA logins for all of its domains. State and local domains will need to begin using this tool over the next several months. -- ZDNET

10. Two innovations from Google will help protect Android users of DNS exploits. One is support for the emerging DNS over TLS standard, the other is called Intra for users of older Android versions. -- NEWSFUSION

This website shames those who send out emails and plain text passwords in the same message, making it almost child’s play to hack your login. It also offers some solid suggestions for developers to improve their ways. -- PLAINTEXTOFFENDERS

Attacks in the oil and gas sector have increased over the past year, according to this new report. In my premium feature, I talk more about this trend.

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).