3174 posts on MacStories since July 2011

Articles by the MacStories team. Founded by Federico Viticci in April 2009, MacStories attracts millions of readers every month thanks to in-depth, personal, and informed coverage that offers a balanced mix of Apple news, app reviews, and opinion.
team@macstories.net

Previously, On MacStories

Stories Outdoor HomeKit Gadgets: The MacStories Team Collection Ketchup: The Only Pokémon Companion App You’ll Ever Need Supercell Announces That Squad Busters Will Be Released Worldwide on May 29th The Joy of Shortcuts Apple Announces May 7th Let Loose Event Game On: Speed Running Game Emulation on iOS Podcasts MacStories Unwind: iOS Retro Gaming 5...

In This Issue

Federico shares a shortcut for merging Things tasks into checklists, Jonathan performs iPod surgery, John explains how his note-taking system is structured, plus the usual Links, App Debuts, the latest happenings in the Club MacStories+ Discord community, a recap of MacStories articles, and a preview of next week’s episodes of AppStories and Magic Rays of...

Looking Past the Smoke and Mirrors of the MGM Hack [Sponsor]

The September 2023 MGM hack quickly became one of the most notorious ransomware attacks in recent memory. Journalists and cybersecurity experts rushed to report on the broken slot machines, angry hotel guests, and the fateful phishing call to MGM’s help desk that started it all.

And, like a slick magic trick, the public’s attention was drawn in the wrong direction. Now, months later, we’re still missing something critical about the MGM hack.

That’s because, for many of the most important questions about the breach, the popular answers are either incomplete or inaccurate. Those include: who hacked MGM, what tactics they used to breach the system, and how security teams can protect themselves against similar attacks.

Why is that a problem? Because it lets us write off the MGM hack as a one-off story, instead of an example of an emerging style of attack that we’ll certainly be seeing more of. And that leaves companies and security teams unprepared. 

Who hacked MGM?

Plenty of news stories have confidently blamed the MGM attack on either the Scattered Spider or ALPHV hacking group, but the truth is still murky, and likely involves a dangerous team up between different groups, each bringing their own expertise to the table.

Their attacks first use fluent English social engineering skills to get onto networks, where they then deploy sophisticated ransomware that quickly establishes persistence across multiple systems. 

What tactics did they use? 

The dominant narrative has been that “a single phone call hacked MGM.” A phone vishing attack to MGM’s IT help desk is what started the hack, but there’s much more to it than that. The real issue is that this help desk worker was set up to fail by MGM’s weak ID verification protocols, and probably wasn’t doing anything “wrong” when they gave the bad actors access to a super administrator account. 

How can security teams protect themselves? 

Cybersecurity experts have centered most of their advice on user ID verification. But while it’s true that MGM’s help desk needed better ways of verifying employee identity, there’s another factor that should have stopped the hackers in their tracks. 

That’s where you need to focus your attention. In fact, if you just focus your vision, you’ll find you’re already staring at the security story the pros have been missing.

It’s the device you’re reading this on. 

To read more of what we learned when we researched the MGM hack–like how hacker groups get their names, the worrying gaps in MGM’s security, and why device trust is the real core of the story–check out the Kolide Blog.

Our thanks to Kolide for sponsoring MacStories this week.

In This Issue

John explains how Delta deep links can be used with GameTrack, Shortcuts, and other apps, Federico shares a shortcut that he’s using along with Things and Actions to create Obsidian template documents, Jonathan would like Apple to do more with CarPlay, Niléane shows how to use Prism Launcher to get the best performance from Minecraft...

Two New Club Discounts

This week, we added two new deals to the Club MacStories discounts page for Plus and Premier members: Affinity is offering 20% off on its Photos, Designer, and Publisher apps when purchased through the Affinity Store. All three apps offer a deep set of photo editing, graphic design, and page layout features that are tightly...

Up Next on MacStories Podcasts

Next week on AppStories, Federico and John revisit their Obsidian setups, explaining the themes and plugins they use. Next week onMagic Rays of Light, Sigmund and Devon discuss TV technology and the pivot from OLED to mini LED, round up Apple-related announcements from this year’s National Association of Broadcasters show, and ask if season...

Previously, On MacStories

Stories Federico Updates His Setup with the Lenovo Legion Go and More How to Load Your Game Boy Games Onto the iPhone to Play in the Delta Emulator Emulators Will Change the App Store Forever The Delta Videogame Emulator Launches on the App Store AltStore Is Now Available in the EU Soulver 3 for iOS:...

Listen Later: Listen to the Articles as Podcasts [Sponsor]

Listen Later gets you through that huge pile of web articles you’ve been saving for later. Let’s face it, the web is a big place, and there’s always more to read than you have time for. Read-later apps give you a place to save articles for later, but you still need to find the time to read everything you saved.

Listen Later helps you get through that stack of articles by combining the power of podcasts and AI. Simply send Listen Later a link to an article and its AI converts the text into a narration using one of its natural-sounding AI voices. Each article becomes an episode of your very own personal Listen Later podcast. Listen Later works with text from images, PDFs, and other text documents and can translate articles to other languages, too.

It’s easy to add your Listen Later podcast to your favorite podcast player, making it available whether you’re driving to work, out for a long walk, or simply hanging out. Best of all, though, by converting your articles to audio, Listen Later greatly expands the time you can spend on your read-later queue.

What’s more, with Listen Later, you never spend more than you need. You buy credits, which are used as you add articles to your podcast feed. When you’ve used up your credits, you can reload them automatically or purchase more manually. How much you spend is completely up to you.

Visit Listen Later today to learn more, sign up for free, and receive $2 in free credits to convert articles to audio.

Our thanks to Listen Later for sponsoring MacStories this week.