Mona, the Mastodon client for iOS, iPadOS, and Mac from Junyu Kuang, is out today with a significant version 6 update. Mona is my choice for using Mastodon primarily due to what John referred to in his review as its ‘epic level of customization.’ Everything from how the taskbar at the bottom of the screen looks to how posts are displayed is fully customizable. Even the main app view on iOS can be vertically split in two.
But Mona is not just about looks; it’s also a solid tool for navigating Mastodon. Things like the ability to privately set colors or notes to other users, timeline syncing across your devices using iCloud, and full support for VoiceOver make it a strong choice for a wide variety of people.
Which brings us to this new update. In the year and change since the mass Twitter exodus, Mastodon has matured a lot as a platform, introducing new features that users can take advantage of while filling some of the gaps impeding the platform from growing. Version 6 of Mona includes those new features while advancing its power user functionality with powerful new Shortcuts actions, including one that takes advantage of the Action Button on the iPhone 15 Pro.
The September 2023 MGM hack quickly became one of the most notorious ransomware attacks in recent memory. Journalists and cybersecurity experts rushed to report on the broken slot machines, angry hotel guests, and the fateful phishing call to MGM’s help desk that started it all.
And, like a slick magic trick, the public’s attention was drawn in the wrong direction. Now, months later, we’re still missing something critical about the MGM hack.
That’s because, for many of the most important questions about the breach, the popular answers are either incomplete or inaccurate. Those include: who hacked MGM, what tactics they used to breach the system, and how security teams can protect themselves against similar attacks.
Why is that a problem? Because it lets us write off the MGM hack as a one-off story, instead of an example of an emerging style of attack that we’ll certainly be seeing more of. And that leaves companies and security teams unprepared.
Who hacked MGM?
Plenty of news stories have confidently blamed the MGM attack on either the Scattered Spider or ALPHV hacking group, but the truth is still murky, and likely involves a dangerous team up between different groups, each bringing their own expertise to the table.
Their attacks first use fluent English social engineering skills to get onto networks, where they then deploy sophisticated ransomware that quickly establishes persistence across multiple systems.
What tactics did they use?
The dominant narrative has been that “a single phone call hacked MGM.” A phone vishing attack to MGM’s IT help desk is what started the hack, but there’s much more to it than that. The real issue is that this help desk worker was set up to fail by MGM’s weak ID verification protocols, and probably wasn’t doing anything “wrong” when they gave the bad actors access to a super administrator account.
How can security teams protect themselves?
Cybersecurity experts have centered most of their advice on user ID verification. But while it’s true that MGM’s help desk needed better ways of verifying employee identity, there’s another factor that should have stopped the hackers in their tracks.
That’s where you need to focus your attention. In fact, if you just focus your vision, you’ll find you’re already staring at the security story the pros have been missing.
It’s the device you’re reading this on.
To read more of what we learned when we researched the MGM hack–like how hacker groups get their names, the worrying gaps in MGM’s security, and why device trust is the real core of the story–check out the Kolide Blog.
Our thanks to Kolide for sponsoring MacStories this week.
A few months ago, I decided to switch to Things as my default task manager. As I shared multiple times on AppStories and MacStories Weekly, I’m really happy with my decision: not only does the design of the Things app create a more relaxed environment for me to manage my responsibilities, but Cultured Code’s embrace...
This week on MacStories Unwind, I share my tech discoveries during a visit to a classical music radio station, Federico finally goes for a spider-style gaming Wi-Fi router, and I recommend Criminal Record on Apple TV+.
Earlier today, Federico released a series of seven advanced shortcuts for the task manager Things as part of his Automation Academy column, an exclusive perk of Club MacStories+ and Club Premier.
Federico explains in the introduction of the story why he returned to Things a few months ago and has been happy with the decision:
not only does the design of the Things app create a more relaxed environment for me to manage my responsibilities, but Cultured Code’s embrace of Shortcuts automation has allowed me to create dozens of custom enhancements for Things.
It’s the flexibility that Things’ Shortcuts actions offer that allows for such deep customization. The shortcuts shared today include automations to:
Automatically move tasks scheduled for a certain time to Things’ Evening section
Postponing evening tasks
Rescheduling tasks to the next evening
Tag selected tasks as active
Pin tasks
Select from a menu of Things shortcuts
Create tasks, an updated version of a previously-shared shortcut
All of the shortcuts are ready to be used immediately and are accompanied by a detailed walk-through of the techniques used to build them and an explanation of how Federico is using them.
Discounts are just one of the many Club MacStories perks.
Automation Academy is just one of many perks that Club MacStories+ and Club Premier members enjoy including:
Weekly and monthly newsletters
A sophisticated web app with search and filtering tools to navigate eight years of content
Customizable RSS feeds
Bonus columns
An early and ad-free version of our Internet culture and media podcast, MacStories Unwind
A vibrant Discord community of smart app and automation fans who trade a wealth of tips and discoveries every day
Live Discord audio events after Apple events and at other times of the year
On top of that, Club Premier members get AppStories+, an extended, ad-free version of our flagship podcast that we deliver early every week in high-bitrate audio.
Use the buttons below to learn more and sign up for Club MacStories+ or Club Premier.
Skimming through the day’s tech headlines in Reeder.
I follow about 180 RSS feeds, and I skim through all of my tech feeds every day, looking for interesting news, angles, opinions, and inspiration. A lot of what I see is repetitive, but I’ve gotten very good over the years at speed-reading snippets of stories and homing in on the interesting ones. Some stories get read right away because they’re time-sensitive in some way. However, I have other things to do besides read the web, so I rely heavily on read-later apps to save many of my finds.
That context is important because although some of what I save is what I’d classify as ‘leisure reading,’ most of it isn’t. It’s information processing, and given my other obligations, speed is important. As a result, what I value most are:
The design of my RSS reader
The speed with which I can save stories for later
Access to my saved articles for anywhere
The tools available in my read-later app for organizing everything
The music experience on the Apple Vision Pro is excellent. It starts with the device’s built-in headphones and spatial audio, which work hand-in-hand with the visual components of spatial computing. Apple has already shown off the potential for immersive experiences like Alicia Keys: Rehearsal Room, but the music experience goes deeper than that, thanks to third-party developers.
I’ve already covered Juno, Christian Selig’s YouTube player app, which is great for watching music videos and other content, and NowPlaying, which supplements Apple Music with editorial content, lyrics, and more. Today, though, I want to focus on Longplay, Adrian Schönig’s album-oriented playback app for Apple Music.
Longplay 2.0 was released last August. It was a big update that I reviewed at the time and have been enjoying ever since. The app is available on the Vision Pro now too, complete with an immersive mode that I love.
I’m always excited when a new weather app is released, especially when it’s a weather app that looks different from most of its counterparts. Looks Like Rain by Thinkbits is beautifully designed, and it certainly looks different, to say the least. The layout of the app is clean, the elements are well-spaced, and the color palette has clearly been composed with care. Most importantly, though, I’m absolutely loving its unique approach to visualizing the weather forecast on a color-coded timeline.
I’ve been using this brand-new weather app for the past few weeks on the iPhone, the iPad, and the Mac, and it has already earned a permanent place in the rotation of my favorite weather apps.
