Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

US Cyber Command and CISA plan to publish an analysis of the malware Holiday Bear used against SolarWinds. The DPRK is again phishing for security researchers. Exchange Server exploitation continues. Stone Panda goes after industrial data in Japan. Human error remains the principal source of cyber risk. A US Executive Order on cyber hygiene and breach disclosure nears the President’s desk. David Dufour from Webroot on the 3 types of hackers and where you’ve seen them recently. Rick Howard checks in with our guest Sharon Rosenman from Cyberbit on SOC Evolution. And gamers? Don’t cheat. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/62