Collections Database is the premier personal database app for organizing anything and everything on your iPhone, iPad, and Mac.

The app features more than 20 field types, linkable sub-databases, reusable lists, and a robust customization system. It’s a powerful and flexible solution that makes Collections easy to get started with for beginners, while meeting the needs of advanced users too.

Collections provides essential templates to get started, including Expenses, Contacts, Subscriptions, Books and more. However, you’re always free to start from scratch by building your own custom templates.

A long, complete list of field types is available for your databases too. The set includes everything you’d expect from a modern database app, including Text, Number, Date, Picture - even Barcode fields. Collections can import spreadsheets from other apps, using its powerful CSV import functionality. Collections also offers quick filters, sorting, password protection, smart text-based search, and more.

Apple Shortcuts.

A standout feature is the extensive support for Shortcuts, which expands the app capabilities even more.

Collections is free to try, but by upgrading to the Pro version via In-App Purchase, you’ll gain access to an unlimited number of database entries and files, plus advanced filters. The Pro version also includes a unique visual formula editor the makes building complex formulas intuitive and easy.

The app is a universal purchase, so your purchase will be available on the iPhone, iPad, and Mac. At the same time, though, Collections has been carefully optimized to each Apple platform for the best experience on every platform.

Collections is regularly updated to take advantage of the latest Apple technologies and is privacy-minded. Your data isn’t collected or sent anywhere else.

To learn more, and download Collections Database visit the App Store today.

Our thanks to Collections Database for sponsoring MacStories this week.

The September 2023 MGM hack quickly became one of the most notorious ransomware attacks in recent memory. Journalists and cybersecurity experts rushed to report on the broken slot machines, angry hotel guests, and the fateful phishing call to MGM’s help desk that started it all.

And, like a slick magic trick, the public’s attention was drawn in the wrong direction. Now, months later, we’re still missing something critical about the MGM hack.

That’s because, for many of the most important questions about the breach, the popular answers are either incomplete or inaccurate. Those include: who hacked MGM, what tactics they used to breach the system, and how security teams can protect themselves against similar attacks.

Why is that a problem? Because it lets us write off the MGM hack as a one-off story, instead of an example of an emerging style of attack that we’ll certainly be seeing more of. And that leaves companies and security teams unprepared. 

Who hacked MGM?

Plenty of news stories have confidently blamed the MGM attack on either the Scattered Spider or ALPHV hacking group, but the truth is still murky, and likely involves a dangerous team up between different groups, each bringing their own expertise to the table.

Their attacks first use fluent English social engineering skills to get onto networks, where they then deploy sophisticated ransomware that quickly establishes persistence across multiple systems. 

What tactics did they use? 

The dominant narrative has been that “a single phone call hacked MGM.” A phone vishing attack to MGM’s IT help desk is what started the hack, but there’s much more to it than that. The real issue is that this help desk worker was set up to fail by MGM’s weak ID verification protocols, and probably wasn’t doing anything “wrong” when they gave the bad actors access to a super administrator account. 

How can security teams protect themselves? 

Cybersecurity experts have centered most of their advice on user ID verification. But while it’s true that MGM’s help desk needed better ways of verifying employee identity, there’s another factor that should have stopped the hackers in their tracks. 

That’s where you need to focus your attention. In fact, if you just focus your vision, you’ll find you’re already staring at the security story the pros have been missing.

It’s the device you’re reading this on. 

To read more of what we learned when we researched the MGM hack–like how hacker groups get their names, the worrying gaps in MGM’s security, and why device trust is the real core of the story–check out the Kolide Blog.

Our thanks to Kolide for sponsoring MacStories this week.