SaaS

The recent Zendesk hack that compromised user data from Twitter, Tumblr and Pinterest reflects the risks in using third-party service providers.

Zendesk sells cloud-based customer service software for storing, organizing and answering email sent to clients’ support staff. On Thursday, the company reported that a hacker had breached its systems this week and siphoned the email addresses and subject lines of three customers, which were identified by Wired as Tumblr, Pinterest and Twitter. The tech site also reported that some phone numbers were stolen.

In 2012, we saw increased worries about nation-state-sponsored cybercrime, mobile security, and the resurrection of an old tactic: the venerable denial-of-service attack. On the heels of my “Five Myths About The Cloud That Will Be Debunked in 2013” post, here are five security predictions for the coming year.

Security vendor McAfee, which is now owned by Intel (Nasdaq: INTC), is rolling out a patch for three flaws in its Endpoint Protection Software as a Service offering.

All three flaws are in ActiveX controls. One tricks the control into executing commands supplied by an attacker, the second lets attackers write to files on disk and the third lets attackers execute code with user privileges, McAfee said.