A look at security news from around the Web.
The Great Bank Heist, or Death by 1,000 Cuts? (KrebsonSecurity)
A look at the Carbanak gang, which deployed malware via phishing scams to get inside of computers at more than 100 banks and steal upwards of USD $300 million -- possibly as high as USD $1 billion.
Google Adds Grace Period for Software Developer to Fix Security Flaws (eWeek)
In what appears to be a response to recent criticism, Google has added a 14-day grace period to its 90-day deadline for software vendors to patch security vulnerabilities reported to them under the search giant's controversial Project Zero vulnerability research and disclosure program.
Raduege: Why New Cyber Agency Matters (BankInfoSecurity)
A new federal cyberthreat intelligence center could help the government build more resilient networks and better identify cyber-attackers, leading to arrests and punishments, a former top Defense Department IT executive says. "Those three areas could really go a long way in providing much-needed deterrence to bad cyber-activity on the networks today," says Harry Raduege, a retired Air Force lieutenant general who was the longest serving director of the Defense Information Systems Agency.
Cyberciminals Target Bank Employees, Steal $1 Billion From Financial Institutions Worldwide (Dark Reading)
An international cybercrime ring based out of Eastern Europe has pilfered some $1 billion in two years from 100 different banks in nearly 30 countries using spearphishing emails targeting bank employees.
Equation cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia (CSOonline)
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia. Kaspersky Lab released a report Monday that said the tools were created by the "Equation" group, which it stopped short of linking to the U.S. National Security Agency.